AttackFeed by Joe Wagner

SonicWall said it confirmed an attack on its MySonicWall.com platform that exposed customers’ firewall configuration files — the latest in a steady stream of security weaknesses impacting the besieged vendor and its customers. The company’s security teams began investigating suspicious activity and validated the attack “in the past few days,” Bret Fitzgerald, senior director of … Read More “Attack on SonicWall’s cloud portal exposes customers’ firewall configurations  – CyberScoop” »

New research reveals Raven Stealer malware that targets browsers like Chrome and Edge to steal personal data. Learn how this threat uses simple tricks like process hollowing to evade antiviruses and why it’s a growing risk for everyday users.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets. Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels. “The threat actors continue … Read More “TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks  – The Hacker News” »

Waltham, United States, 17th September 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Conor Brian Fitzpatrick, the founder of the hacking forum BreachForums, has been resentenced to three years in prison…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Learn what Codeless Testing Tools are and how effective they are in detecting common security vulnerabilities, along with understanding their strengths and limitations.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

ReversingLabs discovers “Shai-hulud,” a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures. “In this activity, the group masqueraded as the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well … Read More “Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts  – The Hacker News” »

Microsoft’s Digital Crimes Unit dismantled RaccoonO365, a major phishing service that stole thousands of user credentials and targeted US healthcare organisations. Discover how the operation worked and its global impact.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum computer to crack your company’s encryption overnight, exposing your most sensitive data, rendering much of it … Read More “From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience  – The Hacker News” »

Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model (LLM) platforms, employees now rely on these tools to code, analyze, draft, and decide. But for CISOs and security architects, the very speed of adoption … Read More “Rethinking AI Data Security: A Buyer’s Guide   – The Hacker News” »

Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going “dark.” Threat intelligence firm ReliaQuest said it has observed indications that the threat actor has shifted their focus to the financial sector. This is supported by … Read More “Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims  – The Hacker News” »

The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM). Conor Brian Fitzpatrick (aka Pompompurin), 22, of Peekskill, New York, pleaded guilty to one count of access device conspiracy, … Read More “DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM  – The Hacker News” »

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024. “Using a court order granted by the Southern … Read More “RaccoonO365 Phishing Network Shut Down After Microsoft and Cloudflare Disrupt 338 Domains  – The Hacker News” »

Microsoft’s Digital Crimes Unit coordinated the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that developed and sold phishing kits that have been used to steal more than 5,000 Microsoft credentials since July 2024, the company said Tuesday.  The threat group, which Microsoft tracks as Storm-2246, enabled cybercriminals to steal credentials … Read More “Microsoft seizes hundreds of phishing sites tied to massive credential theft operation  – CyberScoop” »

Secure document editing protects sensitive data with encryption and compliance tools, while reducing costly breaches and building trust,…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A man who pleaded guilty in 2023 for charges related to his work as founder and operator of the notorious BreachForums website was resentenced Tuesday to three years in prison after having his initial sentence overturned in January. Conor Brian Fitzpatrick, 22, operated BreachForums — once regarded as the largest English-language cybercrime marketplace — under … Read More “BreachForums founder resentenced to three years in prison  – CyberScoop” »

Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform  – Read More  – The … Read More “Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover  – The Hacker News” »

A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. “These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence … Read More “SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids  – The Hacker News” »

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package … Read More “Self-Replicating Worm Hits 180+ Software Packages  – Krebs on Security” »

Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. “The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection,” Acronis security researcher Eliad  – Read … Read More “New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site  – The Hacker News” »

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats.  Recent studies show 80% of companies have already experienced … Read More “Securing the Agentic Era: Introducing Astrix’s AI Agent Control Plane  – The Hacker News” »

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. “Apple is aware of a report that … Read More “Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack  – The Hacker News” »