AttackFeed by Joe Wagner

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The … Read More “OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks  – The Hacker News” »

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord … Read More “ShinyHunters Wage Broad Corporate Extortion Spree  – Krebs on Security” »

Microsoft Threat Intelligence said a cybercriminal group it tracks as Storm-1175 has exploited a maximum-severity vulnerability in GoAnywhere MFT to initiate multi-stage attacks including ransomware. Researchers observed the malicious activity Sept. 11, Microsoft said in a blog post Monday. Microsoft’s research adds another substantive chunk of evidence to a growing collection of intelligence confirming the … Read More “Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175  – CyberScoop” »

A long-running theme in the use of adversarial AI since the advent of large language models has been the automation and enhancement of well-established hacking methods, rather than the creation of new ones.   That remains the case for much of OpenAI’s October threat report, which highlights how government agencies and the cybercriminal underground are opting … Read More “OpenAI: Threat actors use us to be efficient, not make new tools  – CyberScoop” »

Critical Redis flaw RediShell (CVE-2025-49844) exposes 60,000 servers to remote code execution. Patch immediately to prevent full system compromise.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. “The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents,” Aryaka Threat Research Labs  – … Read More “BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers  – The Hacker News” »

Latest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company’s ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive … Read More “Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them  – The Hacker News” »

Raleigh, United States, 7th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments. GPT-5 crushes the humans at the ICPC World Finals, Claude Sonnet 4.5 codes for 30 … Read More “The AI Fix #71: Hacked robots and power-hungry AI  – Graham Cluley” »

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. “XWorm’s modular design is built around a core client and an array of specialized components known as plugins,” Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis … Read More “XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities  – The Hacker News” »

For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the … Read More “New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise  – The Hacker News” »

Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, … Read More “Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware  – The Hacker News” »

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger … Read More “13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely  – The Hacker News” »

CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical … Read More “Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks  – The Hacker News” »

Federal cyber authorities and threat hunters are on edge following Oracle’s Saturday disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week.  Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory … Read More “Oracle zero-day defect amplifies panic over Clop’s data theft attack spree  – CyberScoop” »

ESET warns of fake Signal and ToTok apps spreading Android spyware in the UAE, stealing contacts, messages, and chat backups from users.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Tech experts and companies offering encrypted messaging services are warning that  pending European regulation, which would grant governments broad authority to scan messages and content on personal devices for criminal activity, could spell “the end” of privacy in Europe. The European Union will vote Oct. 14 on a legislative proposal from the Danish Presidency known … Read More “Potential EU law sparks global concerns over end-to-end encryption for messaging apps   – CyberScoop” »

Three House Democrats questioned the Department of Homeland Security on Monday over a reported Immigration and Customs Enforcement contract with a spyware provider that they warn potentially “threatens Americans’ freedom of movement and freedom of speech.” Their letter follows publication of a notice that ICE had lifted a stop-work order on a $2 million deal … Read More “House Dems seek info about ICE spyware contract, wary of potential abuses  – CyberScoop” »

A misconfigured database belonging to a pet insurance company, “Rainwalk Pet Insurance,” exposed sensitive PII and veterinary claim data. The data exposure reveals new fraud tactics, including microchip and reimbursement scams.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Paris, France, 6th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, … Read More “New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations  – The Hacker News” »

Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data.  The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand  – Read … Read More “Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers  – The Hacker News” »

In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure AI pipelines, sensitive data assets, and the overall AI ecosystem. These solutions help  – Read … Read More “5 Critical Questions For Adopting an AI Security Solution  – The Hacker News” »

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these … Read More “⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More  – The Hacker News” »

WatchTowr finds a serious flaw in Dell UnityVSA (CVE-2025-36604) letting attackers run commands without login. Dell issues patch 5.5.1 – update now.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

When security researchers issued warnings about the Salesloft Drift issues last month, two prominent cybersecurity companies found themselves facing the same threat — but their stories ended up unfolding in different ways.  Okta and Zscaler, among the larger players in the identity management space, were among the more than 700 Drift customers targeted in what … Read More “Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks  – CyberScoop” »

A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in … Read More “Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files  – The Hacker News” »

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to … Read More “Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks  – The Hacker News” »

You tap Update, wait for the progress indicator, and then error. Your iPhone freezes and displays “Update Failed,”…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto