AttackFeed by Joe Wagner

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized … Read More “Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks  – The Hacker News” »

North Korean hackers from the Famous Chollima group used AI deepfakes and stolen identities in fake job interviews to infiltrate crypto and Web3 companies.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the  … Read More “The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations  – The Hacker News” »

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted … Read More “⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More  – The Hacker News” »

Sixty million school children’s personal information exposed. Thousands of flights canceled. A venerated retailer brought to its knees. Dire warnings from public officials about urgent threats to our national security. This isn’t speculative fiction. These are all real incidents that have happened in the last year. The stakes in cyberspace are high and growing, especially … Read More “Don’t let Congress punt on cyber insurance reform  – CyberScoop” »

Check Point Research exposed a sophisticated, role-based operation called the YouTube Ghost Network, distributing dangerous Lumma and Rhadamanthys Infostealer malware. Learn how cybercriminals use hijacked channels and bots to triple malicious video output and steal user credentials.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment  – Read … Read More “Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data  – The Hacker News” »

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained … Read More “New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea  – The Hacker News” »

The software revolution has redefined what’s possible in global business. Complex applications underpin e-commerce, healthcare, finance, transportation, and…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of … Read More “Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody  – Krebs on Security” »

When courts ban people from accessing leaked data – as happened after the airline’s data breach – only hackers and scammers win Follow our Australia news live blog for latest updates Get our breaking news email, free app or daily news podcast It’s become the playbook for big Australian companies that have customer data stolen … Read More “Knee-jerk corporate responses to data leaks protect brands like Qantas — but consumers are getting screwed  – Data and computer security | The Guardian” »

New intelligence on Hezi Rash: See how the Kurdish group launched 350+ DDoS attacks and used DaaS platforms like EliteStress to lower entry barriers.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create … Read More “ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability  – The Hacker News” »

Federal law enforcement said a leader of 764, a violent extremist group, has been in federal custody since he was arrested in December and faces 29 charges for running a loose-knit collective involved in child exploitation, cyberstalking, kidnapping, animal torture, wire fraud and murder. Baron Cain Martin, 21, of Tucson, Arizona, allegedly joined the child … Read More “Alleged 764 leader arrested in Arizona, faces life in prison  – CyberScoop” »

Russia arrests developers of the notorious Meduza Stealer MaaS operation. Learn how the group’s ‘fatal error’ led to the crackdown on domestic cybercrime.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

A 43-year-old Ukrainian national allegedly involved in the Conti ransomware group pleaded not guilty in federal court Thursday to cybercrime charges that could land him in prison for up to 25 years, according to court documents. Oleksii Oleksiyovych Lytvynenko, also known as Alexsey Alexseevich Litvinenko, was arrested in Ireland in July 2023, extradited to the … Read More “Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail  – CyberScoop” »

OpenAI has announced the launch of an “agentic security researcher” that’s powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code. Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and … Read More “OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically  – The Hacker News” »

Are you experiencing performance issues with your Outlook data (PST and OST) in the Outlook environment? Common problems…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it’s tracking the cluster under the moniker CL-STA-1009, where “CL” stands for cluster and “STA” refers to state-backed motivation. “Airstalk misuses the AirWatch API … Read More “Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack  – The Hacker News” »

Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this … Read More “China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems  – The Hacker News” »

A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025. The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf … Read More “China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats  – The Hacker News” »

Ukrainian man accused of helping run Conti ransomware extradited from Ireland to the U.S. to face charges over global cyberattacks and $150M in ransom payments.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves. This shift represents a major growth opportunity. By delivering advanced cybersecurity and compliance  – Read More  – The … Read More “The MSP Cybersecurity Readiness Guide: Turning Security into Growth  – The Hacker News” »

At this very moment, nation-state actors and opportunistic criminals are looking for any way to target Americans and undermine our national security.  Their battlefield of choice is cyberspace. Cybersecurity is the preeminent challenge of our time, and threats to our networks impact far more than just our data––they impact the resilience of our communities, the … Read More “Government and industry must work together to secure America’s cyber future  – CyberScoop” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. “By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security  – Read More  – The Hacker News 

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both … Read More “Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to … Read More “CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks  – The Hacker News” »

A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway. On another Mac in the same office, file sharing … Read More “A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do  – The Hacker News” »

A new security-focused AI model released Thursday by OpenAI aims to automate bug hunting, patching and remediation. The model, powered by ChatGPT-5 and given the name Aardvark, has been used internally at OpenAI and among external partners. Currently offered in an invite-only Beta, it’s designed to continuously scan source code repositories to find known vulnerabilities … Read More “OpenAI releases ‘Aardvark’ security and patching model   – CyberScoop” »

The Akira ransomware group claims to have stolen 23GB of data from Apache OpenOffice, including employee and financial records, though the breach remains unverified.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cybersecurity experts from multiple federal agencies released guidance to help organizations bolster their defenses against attacks on on-premises Microsoft Exchange Servers, resurfacing and building upon previously shared advice that generally applies to most technology. The Cybersecurity and Infrastructure Security Agency said the security blueprint for Microsoft Exchange Server is a follow-up effort to an emergency … Read More “CISA, NSA offer guidance to better protect Microsoft Exchange Servers  – CyberScoop” »

A severe vulnerability disclosed in Chromium’s Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. “It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations … Read More “New “Brash” Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL  – The Hacker News” »

A landmark program that offers scholarships in exchange for federal service is threatening to saddle students with hundreds of thousands of dollars worth of debt amid hiring freezes and budget cuts, raising questions about the future of an initiative proponents say has helped close the government’s cyber workforce gap. Some CyberCorps: Scholarship for Service participants … Read More “Cyber scholarship-for-service students say government has pulled rug on them, potentially burdening them with debt  – CyberScoop” »

ZÜRICH, Switzerland – Flowable, a global provider of enterprise automation and orchestration software, has been recognized in the…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Are you using a fake version of a popular app? Appknox warns US users about malicious brand clones hiding on third-party app stores. Protect yourself from hidden spyware and ‘commercial parasites.’  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

A nonprofit government watchdog group is suing the Department of Homeland Security, alleging that department officials have delayed and denied legitimate public information requests regarding  the hiring of Heather Honey. Honey was hired by DHS earlier this year and given the title “Deputy Assistant Secretary for Elections Integrity,” a change from past administrations, which have … Read More “Government watchdog sues DHS over election official’s records  – CyberScoop” »

Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in … Read More “Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks  – The Hacker News” »

Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing … Read More “Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month  – The Hacker News” »

Can data leaks do real harm? Yes, they can. And so can a failure to respond appropriately.  – Read More  – Graham Cluley 

The UK Information Commissioner’s Office (ICO) has levied a fine of £200,000 against a sole trader who sent almost one million spam text messages to people across the country – many of whom were already struggling with debt. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley