AttackFeed by Joe Wagner

Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule … Read More “[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks  – The Hacker News” »

The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. “When Coruna was first reported, the public evidence wasn’t sufficient to … Read More “Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks  – The Hacker News” »

A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin – signing his extortion emails from a company called “Loot.” Meanwhile, two people drive up to the entrance of the UK’s nuclear submarine base at Faslane and politely … Read More “Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie  – GRAHAM CLULEY” »

Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. “Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data,” Sansec said in a report … Read More “WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites  – The Hacker News” »

Google is accelerating its timeline for migrating its products to quantum resistant encryption to 2029, the latest sign that tech leaders are worried that they haven’t been aggressive enough in planning for a post-quantum future. In a blog posted Wednesday, vice president of security engineering Heather Adkins and senior staff cryptology engineer Sophie Schmieg said … Read More “Google moves post-quantum encryption timeline up to 2029  – CyberScoop” »

An operation to crack down on the widely used RedLine infostealer has netted the extradition of an Armenian man to the United States, where he made an initial appearance in a Texas court Wednesday. Authorities charged Hambardzum Minasyan with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and … Read More “Alleged RedLine infostealer conspirator extradited to US  – CyberScoop” »

Mirai malware evolves into hundreds of variants, driving botnet growth, including Aisuru and KimWolf, powering large-scale attacks, and increasing risks to vulnerable IoT devices worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The FCC has officially added foreign-made consumer routers to its restricted Covered List, citing major cybersecurity risks. Find out what it means for your current devices.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating … Read More “LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace  – The Hacker News” »

AI translation fixes multilingual content chaos by improving consistency, workflows, and speed, helping teams reduce errors and scale global content faster.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Top Klaviyo alternatives offer advanced analytics, automation, and insights to help e-commerce brands improve campaigns, boost revenue, and track performance.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs. “It logs keystrokes, dumps cookies and session tokens, captures screenshots, and  – … Read More “GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data  – The Hacker News” »

San Francisco, USA, 25th March 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers are calling attention to an active device code phishing campaign that’s targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign … Read More “Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse  – The Hacker News” »

The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases “milan” and “okart,” is said to … Read More “Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks  – The Hacker News” »

In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed. This incident is worrying, but there’s a … Read More “The Kill Chain Is Obsolete When Your AI Agent Is the Threat  – The Hacker News” »

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published … Read More “TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise  – The Hacker News” »

Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing “unacceptable” risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The … Read More “FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns  – The Hacker News” »

HackerOne, Mazda, Infinite Campus and the Dutch Ministry report data breaches, exposing employee and partner data across multiple sectors worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

As organizations race to deploy AI, securing the rapidly expanding ecosystem of models, data, and dependencies has become a critical priority, much of which can be addressed by Wiz’s CNAPP solution.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Leaked iOS spyware has some cybersecurity professionals raising urgent alarms about potential mass iPhone compromises, a development that pairs ominously with the recent discovery of two sophisticated iOS exploit kits. At the same time, some other experts say Apple’s defensive features for iPhones remain elite. But several factors have created unprecedented circumstances: the public accessibility … Read More “DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses  – CyberScoop” »

OVHcloud denies breach after hacker claims 600TB data theft affecting millions of sites, with experts doubting authenticity due to weak proof  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Transparent AI data pipelines help organizations verify sources, reduce errors, meet regulations, and build trust by making outputs auditable and reliable.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. “The campaign abuses Google Ads to serve rogue ScreenConnect (  – … Read More “Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR  – The Hacker News” »

SAN FRANCISCO — Mandiant is responding to a major, ongoing supply-chain attack involving the compromise of Trivy, a widely used open-source tool from Aqua Security that’s designed to find vulnerabilities and misconfigurations in code repositories. The fallout from the attack spree, which was first detected March 19, is extensive and poses substantial risk for follow-on … Read More “Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack  – CyberScoop” »

The FBI has issued a warning about Iran-linked Handala Hack Group, targeting Windows users through fake versions of WhatsApp and Telegram.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. “The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails,” Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared  – Read More  … Read More “Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner  – The Hacker News” »

The Federal Communications Commission’s move to ban foreign-made routers touches on a real threat, but critics say the agency rule is overly broad, practically unworkable and doesn’t meaningfully address weaknesses in router security that have led to major breaches on American governments and businesses. Under the Secure Equipment Act and Secure Networks Act, the FCC … Read More “Critics call FCC router rule a ‘big swing’ that could create more supply chain uncertainty  – CyberScoop” »

The Treasury Department is soliciting public feedback on whether it should change a terrorism risk insurance program to address cyber-related losses. In a Federal Register notice set for publication Wednesday, Treasury seeks comment from the public for a mandatory report it must deliver to Congress this summer on the effectiveness of the terrorism risk insurance … Read More “Treasury asks whether terrorism risk insurance program should bolster cyber coverage  – CyberScoop” »

A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups. Aleksei Volkov, 26, of St. Petersburg, Russia, pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other … Read More “Russian access broker sentenced to over 6 years in prison for ransomware schemes  – CyberScoop” »