AttackFeed by Joe Wagner

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. “The campaign abuses Google Ads to serve rogue ScreenConnect (  – … Read More “Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR  – The Hacker News” »

SAN FRANCISCO — Mandiant is responding to a major, ongoing supply-chain attack involving the compromise of Trivy, a widely used open-source tool from Aqua Security that’s designed to find vulnerabilities and misconfigurations in code repositories. The fallout from the attack spree, which was first detected March 19, is extensive and poses substantial risk for follow-on … Read More “Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack  – CyberScoop” »

The FBI has issued a warning about Iran-linked Handala Hack Group, targeting Windows users through fake versions of WhatsApp and Telegram.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. “The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails,” Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared  – Read More  … Read More “Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner  – The Hacker News” »

The Federal Communications Commission’s move to ban foreign-made routers touches on a real threat, but critics say the agency rule is overly broad, practically unworkable and doesn’t meaningfully address weaknesses in router security that have led to major breaches on American governments and businesses. Under the Secure Equipment Act and Secure Networks Act, the FCC … Read More “Critics call FCC router rule a ‘big swing’ that could create more supply chain uncertainty  – CyberScoop” »

The Treasury Department is soliciting public feedback on whether it should change a terrorism risk insurance program to address cyber-related losses. In a Federal Register notice set for publication Wednesday, Treasury seeks comment from the public for a mandatory report it must deliver to Congress this summer on the effectiveness of the terrorism risk insurance … Read More “Treasury asks whether terrorism risk insurance program should bolster cyber coverage  – CyberScoop” »

A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups. Aleksei Volkov, 26, of St. Petersburg, Russia, pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other … Read More “Russian access broker sentenced to over 6 years in prison for ransomware schemes  – CyberScoop” »

DarkSword exploit leak puts up to 270 million iPhones at risk, with hackers able to access data through…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more … Read More “5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents  – The Hacker News” »

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below – react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader  – Read More  – … Read More “Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials  – The Hacker News” »

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below – checkmarx/ast-github-action checkmarx/kics-github-action Cloud security  – Read More  … Read More “TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials  – The Hacker News” »

Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not  … Read More “The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills  – The Hacker News” »

Luxembourg, Luxembourg, 24th March 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below – CVE-2026-3055 (CVSS score: 9.3) – Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) – Race condition … Read More “Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks  – The Hacker News” »

A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware … Read More “U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage  – The Hacker News” »

CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Playnance launches social gaming protocol powered by GCOIN, enabling user participation in ecosystem value, transparency, and shared digital growth.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

SAN FRANCISCO — The Trump administration’s two-week old cyber strategy that aims to promote more proactive, offensive actions while bolstering federal networks and critical infrastructure, is a significant shift that’s already materializing in meaningful ways, a group of experts said Monday at the RSAC 2026 Conference.  Despite the federal government’s absence from the industry’s largest … Read More “Experts insist Trump administration’s cyber strategy is already paying off  – CyberScoop” »

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code “tasks.json” to distribute malware is a relatively new tactic adopted by the threat actor since … Read More “North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware  – The Hacker News” »

A California county sheriff and Republican contender for the state’s gubernatorial race has seized 650,000 physical ballots from Riverside County, saying they were part of an investigation into election fraud tied to redistricting wars. State officials and election security experts say that the underlying allegations are spurious and local law enforcement do not have the … Read More “State officials, election experts question California sheriff’s seizure of ballots  – CyberScoop” »

Iranian government-connected groups are deploying malware via the Telegram messaging app, taking aim at dissidents and other opponents of Tehran around the world, the FBI said in an alert Friday. The FBI said attackers linked to the Ministry of Intelligence and Security are behind the campaign, which stretches back to 2023. The bureau is escalating … Read More “FBI: Iranian hackers targeting opponents with Telegram malware  – CyberScoop” »

New research from LevelBlue reveals how a suspected North Korean operative landed a remote IT role to fund national weapons programmes.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A phishing campaign tied to AI cloud-hosting service Railway has given hackers access to the Microsoft cloud accounts for hundreds of businesses, according to researchers at Huntress. Rich Mozeleski, product manager for Huntress’ identity team, told CyberScoop the campaign is currently tied to a smaller actor and approximately a dozen IP addresses, but has managed … Read More “An AI-powered phishing campaign has compromised hundreds of organizations  – CyberScoop” »

Voice-based phishing, a form of social engineering where attackers call employees or IT help desks under false pretenses in an attempt to gain access to victim networks, surged in 2025, Mandiant said Monday in its annual M-Trends report.  These points of intrusion, which have been a hallmark of attacks attributed to members of the cybercrime … Read More “The phone call is the new phishing email  – CyberScoop” »

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this … Read More “‘CanisterWorm’ Springs Wiper Attack Targeting Iran  – Krebs on Security” »

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real … Read More “⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More  – The Hacker News” »

AWS Bedrock is Amazon’s platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI agent can query your Salesforce instance, trigger … Read More “We Found Eight Attack Vectors Inside AWS Bedrock. Here’s What Attackers Can Do with Them  – The Hacker News” »

Police shut down 373K dark web sites in a one-man CSAM and cybercrime network run by a 35-year-old man in China, with global probe ongoing.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Weather-powered design tools need more than an API key. Learn how authentication, access control, and server-side calls keep…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Global crackdown dismantles Aisuru, KimWolf, JackSkid and Mossad botnets behind major DDoS attack campaigns targeting millions of devices worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive … Read More “Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware  – The Hacker News” »

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. “New image tags … Read More “Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper  – The Hacker News” »

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that’s consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. … Read More “Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems  – The Hacker News” »