AttackFeed by Joe Wagner

Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Federal Chief Information Officer Greg Barbaccia said Tuesday the government is approaching Anthropic’s Mythos model with measured expectations, acknowledging both its potential to strengthen federal cyber defenses and the significant uncertainties that remain about how it would perform in real-world conditions. Barbaccia said his direct exposure to Mythos has been limited to evaluations and benchmarking … Read More “Federal CIO cautious on Anthropic’s Mythos despite planned rollout  – CyberScoop” »

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access … Read More “Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push  – The Hacker News” »

Security experts have found a high-severity flaw named Pack2TheRoot in PackageKit that allows hackers to gain full root access on multiple Linux distributions.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). “The malware disguises itself as a Minecraft hack called ‘Slinky,’” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to … Read More “Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign  – The Hacker News” »

Illinois Rep. Delia Ramirez is taking over as the top Democrat on the House Homeland Security panel’s cybersecurity subcommittee, replacing former Rep. Eric Swalwell after his resignation. Committee Democrats approved the change Tuesday at a meeting prior to a “shadow hearing” without the GOP majority, focused on protecting elections from Trump administration interference. Ramirez first … Read More “Rep. Delia Ramirez takes over as top House cybersecurity Dem  – CyberScoop” »

Stablecoins are becoming the money layer for the always-on economy.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that VECT’s locker permanently destroys large files rather than … Read More “VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi  – The Hacker News” »

Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts numbers on it. The … Read More “Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About  – The Hacker News” »

Aggregated liquidity improves crypto trading by combining multiple sources, offering better rates, deeper markets, and more reliable execution across assets.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Security Risk in 2026: why unofficial download sources still put users at risk, and how to verify safe, official install paths before installing software.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use … Read More “Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE  – The Hacker News” »

CISA and NCSC warn that FIRESTARTER, a Linux-based backdoor, targets Cisco Firepower devices, evades patches, and enables persistent access even after firmware updates.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding … Read More “After Mythos: New Playbooks For a Zero-Window Era  – The Hacker News” »

A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.  Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between … Read More “Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks  – The Hacker News” »

A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 – including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees – has been arrested at his home in western France. Read more in my article on the Hot for Security … Read More “French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches  – GRAHAM CLULEY” »

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch … Read More “Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202  – The Hacker News” »

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent’s identity lifecycle … Read More “Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover  – The Hacker News” »

U.S. states issued $3.45 billion in privacy-related fines to companies in 2025, a total larger  than the last five years combined, according to research and advisory firm Gartner. The increase is partly driven in part by stronger, more established privacy laws in states like California, new interstate partnerships built around enforcing laws across state lines, … Read More “U.S. companies hit with record fines for privacy in 2025  – CyberScoop” »

A Chinese national allegedly involved in a massive, pandemic-era attack spree that compromised nearly 13,000 U.S. organizations was extradited from Italy to the United States and formally charged in federal court, the Justice Department said Monday. Xu Zewei and his co-conspirators are accused of exploiting a string of zero-day vulnerabilities in Microsoft Exchange Server to … Read More “Chinese national extradited to US for pandemic-era Silk Typhoon attacks  – CyberScoop” »

Supreme Court justices lobbed sharp questions at both sides about the constitutionality of geofence warrants during oral arguments Monday in a case that could have broader implications for law enforcement collection of Americans’ data. Chatrie v. The United States stems from the 2019 conviction of Okello Chatrie in a bank robbery, where authorities obtained location … Read More “Supreme Court justices skeptically question both sides in geofence surveillance case  – CyberScoop” »

LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A bipartisan pair of senators want a company that operates a tip line for anonymously reporting school safety concerns to answer questions about hackers compromising sensitive student information. Sens. Maggie Hassan, D-N.H., and Jim Banks, R-Ind., announced on Monday they’d sent a letter to the firm, Navigate360, about last month’s incident. “We write to express … Read More “Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line  – CyberScoop” »

Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen … Read More “⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More  – The Hacker News” »

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. “Based on current evidence, we believe this data originated from Checkmarx’s GitHub repository, and that access to that repository was facilitated through the initial supply … Read More “Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack  – The Hacker News” »

UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Researchers warn that BlackFile, an extortion group likely associated with The Com, continues to impersonate IT support in voice-phishing and social engineering attacks that have impacted organizations in multiple industries, including healthcare, technology, transportation, logistics, wholesale and retail. Attackers have been actively targeting organizations in the retail and hospitality industry since February, according to Unit … Read More “BlackFile actively extorting data-theft victims in retail and hospitality sector  – CyberScoop” »

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Of these, six have been confirmed to be malicious, with the remaining … Read More “Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware  – The Hacker News” »

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That’s according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible  – Read … Read More “PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks  – The Hacker News” »

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right  – Read … Read More “Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side  – The Hacker News” »

New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is … Read More “Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud  – The Hacker News” »

Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More