Cybersecurity News from Across the Internet
Two weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But beyond the sheer scale, the attack’s speed was just as worrisome – a stark … Read More “Why the Axios attack proves AI is mandatory for supply chain security – CyberScoop” »
The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don’t fail because of bad technology. They stall because what … Read More “Why Most AI Deployments Stall After the Demo – The Hacker News” »
Attackers rarely exploit an edge-device vulnerability indiscriminately. Typically, they first test how widely the flaw can be used and how much access it can provide, then move on to steal data or disrupt operations. Pre-attack surveillance and planning leaves a lot of noise in its wake. These signals — particularly spikes in traffic that are … Read More “Network ‘background noise’ may predict the next big edge-device vulnerability – CyberScoop” »
Cybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. “This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct … Read More “Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain – The Hacker News” »
Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet. – … Read More “Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems – The Hacker News” »
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to “certain” internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. “The attacker used that access to take over the employee’s … Read More “Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials – The Hacker News” »
Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Operation PowerOFF identifies and warns 75K users of DDoS-for-hire services, nets 4 arrests, and seizes 53 domains in a Europol-led crackdown. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it’s suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led … Read More “$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims – The Hacker News” »
Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability … Read More “Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet – The Hacker News” »
Founders can access liquidity without exiting by selling shares via secondary deals, reducing financial pressure while staying focused on long-term growth. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
New research from Zimperium reveals four active Android malware campaigns, RecruitRat, SaferRat, Astrinox, and Massiv, targeting over 800 banking apps globally. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The race to quantum-proof the internet is underway as experts warn of “harvest now, decrypt later” risks and slow migration to post-quantum security. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Congress is grappling with renewal of a surveillance law set to expire at the end of this month that critics say is a mystery on how much of a difference it has made for controversial government spying authorities — for better or worse. The 2024 law reauthorized so-called Section 702 powers of the Foreign Intelligence … Read More “The surveillance law Congress can’t quit — and can’t explain – CyberScoop” »
Cybersecurity researchers at Fortinet have discovered Nexcorium, a new Mirai-based malware targeting TBK DVR systems to turn them into a botnet for DDoS attacks. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse ( … Read More “Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched – The Hacker News” »
Researchers at Darktrace have identified ZionSiphon, a new malware targeting Israeli water treatment plants. Learn how this OT-focused… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy updates relate to contact and location permissions in Android, allowing third-party apps … Read More “Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul – The Hacker News” »
Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. Read more in my article on the Fortra blog. – Read More – GRAHAM CLULEY
If you hold cryptocurrency, there’s a very simple golden rule that you should always follow. Never hand over your seed phrase. Garrett Dutton, better known as G. Love – the front man of blues-hip-hop outfit G. Love & Special Sauce – has learnt that lesson the hard way. Read more in my article on the … Read More “Singer loses life savings to fake wallet downloaded from the Apple App Store – GRAHAM CLULEY” »
Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to – Read … Read More “Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts – The Hacker News” »
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions. “CVEs that do not meet those criteria will still be … Read More “NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions – The Hacker News” »
A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CVE-2026-34197 (CVSS score: 8.8), to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian – Read More – The Hacker News
Two New Jersey men were sentenced Wednesday for facilitating North Korea’s long-running scheme to plant operatives inside U.S. businesses as employees, generating more than $5 million in illicit revenue for the regime, the Justice Department said. The U.S. nationals — Kejia Wang, also known as Tony Wang, and Zhenxing Wang, also known as Danny Wang … Read More “US nationals sentenced for aiding North Korea’s tech worker scheme – CyberScoop” »
Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. “PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections,” Cisco Talos – Read More – The … Read More “Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic – The Hacker News” »
Authorities from 21 countries took down 53 domains and arrested four people allegedly involved in distributed denial-of-service operations used by more than 75,000 cybercriminals, Europol said Thursday. The globally coordinated effort dubbed “Operation PowerOFF” disrupted booter services and seized and dismantled infrastructure, including servers and databases, that supported the DDoS-for-hire services, officials said. Law enforcement … Read More “Officials seize 53 DDoS-for-hire domains in ongoing crackdown – CyberScoop” »
OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber (TAC) program to thousands of verified experts. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a season of television … Read More “ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories – The Hacker News” »
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most – Read More – … Read More “[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment – The Hacker News” »
A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security control registering a violation. Read the full technical breakdown in the Security Intelligence Brief. Download now → The “First-Hop Bias” Blind Spot Most& – Read More – The Hacker News
Private Fiverr user documents, including tax records and IDs, were reportedly found in Google search results due to a storage configuration issue. Read more about the findings and the company’s response to the data exposure. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage – Read More … Read More “Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks – The Hacker News” »
Virtual assistants boost productivity but add cybersecurity risks. Poor access control, weak devices, and credential sharing can expose sensitive business data. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below – CVE-2026-20184 (CVSS score: 9.8) – An improper certificate validation in the integration of single sign-on … Read More “Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution – The Hacker News” »
A company wakes up to a news story claiming it has suffered a major data breach. The details are specific, technical and convincing. But the breach didn’t happen. No systems were compromised. No data was taken. A language model generated the entire story, filling in plausible details from scratch. And before the company can figure … Read More “Ghost breaches: How AI-mediated narratives have become a new threat vector – CyberScoop” »
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp. The activity, which was observed between March and April – Read More – The Hacker News
VPNs help secure remote server access by encrypting traffic, restricting entry to authorized users, and reducing exposure of critical systems to the internet. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
SOCKS5 protocol explained: anonymize traffic, boost security with encryption, bypass restrictions, and enable reliable data collection for business use. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A hacking group claims to have broken into the flood defence system protecting Venice’s Piazza San Marco – and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked the source code for Claude Code via a basic packaging mistake. Oh, and by the way, … Read More “Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying – GRAHAM CLULEY” »
Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The federal agency tasked with analyzing security vulnerabilities is overwhelmed as it and other authorities struggle to keep pace with a flood of defects that grows every year. The National Institute of Standards and Technology announced Wednesday that it has capitulated to that deluge and narrowed the priorities for its National Vulnerability Database. NIST said … Read More “NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities – CyberScoop” »
Apple approved a fake Ledger Live app on its App Store, allowing scammers to steal $9.5 million from more than 50 users. Did you install this app? – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
National Cyber Director Sean Cairncross expects more executive orders coming from the White House as part of implementing the national cybersecurity strategy, he said Wednesday. Staffers on Capitol Hill and others in the cyber world have been awaiting the implementation guidance the Trump administration had proclaimed would come to accompany the strategy published last month. … Read More “Executive orders likely ahead in next steps for national cyber strategy – CyberScoop” »
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. “By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery – Read More – The Hacker News
OpenAI said it is expanding its Trusted Access for Cyber program to “thousands of individuals and organizations,” who will use the company’s technology to root out bugs and vulnerabilities in their products. The program will also incorporate GPT 5.4 Cyber, a new variant of ChatGPT that OpenAI says is specifically optimized for cybersecurity tasks. OpenAI’s … Read More “OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model – CyberScoop” »
ShinyHunters hackers leak 7.54 GB of Rockstar Games data from Snowflake analytics systems, confirming no player records or personal information were exposed. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April’s Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database – Read More – The … Read More “April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More – The Hacker News” »
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. ” – Read More … Read More “Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover – The Hacker News” »
![[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment – The Hacker News](https://attackfeed.com/wp-content/uploads/2026/04/ghost-lkE03u.jpg "[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment")
