AttackFeed by Joe Wagner

Cybersecurity firm Tenable found three critical flaws allowing prompt injection and data exfiltration from Google’s Gemini AI. Learn why AI assistants are the new weak link.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. “This … Read More “Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware  – The Hacker News” »

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI … Read More “ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More  – The Hacker News” »

Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed … Read More “Automating Pentest Delivery: 7 Key Workflows for Maximum Impact  – The Hacker News” »

Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging ‘living off the land’ tactics, and a unique Anti-Virus check to deliver a custom payload  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, aren’t the alerts that … Read More “How to Close Threat Detection Gaps: Your SOC’s Action Plan  – The Hacker News” »

Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the … Read More “Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro  – The Hacker News” »

Ransomware has evolved from a niche hacker tactic into a mainstream threat, and small businesses are increasingly in…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant’s E-Business Suite, according to researchers who spoke with CyberScoop.  Researchers haven’t confirmed the veracity of Clop’s claimed data theft, but multiple investigations into Oracle environments belonging to organizations … Read More “Oracle customers being bombarded with emails claiming widespread data theft  – CyberScoop” »

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in via humble Web-to-Lead form… and ended up spilling data for the low, low price of five dollars. And we discuss why data breach communicationss still default to “we take security seriously” while quietly implying “assume … Read More “Smashing Security podcast #437: Salesforce’s trusted domain of doom  – Graham Cluley” »

WestJet confirms a data breach starting June 13, 2025, stole passport/ID and personal data. Credit cards and passwords are safe. The airline offers 24 months of free identity monitoring, including $1M insurance.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel’s Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is designed as a hardware feature in Intel server processors that allows applications to be … Read More “New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer  – The Hacker News” »

Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT. Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Sen. Marsha Blackburn, R-Tenn., endorsed an aggressive effort by U.S. policymakers to help governments and businesses adapt to a future where quantum computers can break most standard forms of encryption. She also confirmed key details of a White House initiative on quantum technology previously reported by CyberScoop, while also promoting her own legislation on quantum … Read More “GOP senator confirms pending White House quantum push, touts legislative alternatives  – CyberScoop” »

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as … Read More “OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps  – The Hacker News” »

Zhimin Qian, the ‘Bitcoin Queen,’ pleads guilty in the UK after police seized over £5 billion in stolen crypto, the world’s largest crypto seizure. Details on the Ponzi scam and fight for the funds.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. … Read More “Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover  – The Hacker News” »

AI is changing automation—but not always for the better. That’s why we’re hosting a new webinar, “Workflow Clarity: Where AI Fits in Modern Automation,” with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver.The rise of AI has changed … Read More “How Leading Security Teams Blend AI + Human Workflows (Free Webinar)  – The Hacker News” »

Bitcoin was created with strong cryptography, based on mathematical problems so complex that even the most powerful computers…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router’s API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting … Read More “Hackers Exploit Milesight Routers to Send Phishing SMS to European Users  – The Hacker News” »

Bitdefender’s 2025 Cybersecurity Assessment Report paints a sobering picture of today’s cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The annual research combines insights from over 1,200 IT and security professionals across six countries, along with … Read More “2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising  – The Hacker News” »

A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of … Read More “New Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected Smartphones  – The Hacker News” »

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack following the discovery of software tools taking the … Read More “Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs  – The Hacker News” »

An elusive, persistent, newly confirmed China espionage group has hit almost 10 victims of geopolitical importance in the Middle East, Africa and Asia using specific tactics and extreme stealth to avoid detection, according to Palo Alto Networks’ Unit 42.  Phantom Taurus uses tools and a distinct homegrown set of malware and backdoors that sets them … Read More “Palo Alto Networks spots new China espionage group showcasing advanced skills  – CyberScoop” »

INTERPOL has announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters as part of a multi-national operation across Africa. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Cybersecurity researchers at Palo Alto Networks’ Unit 42 say Chinese APT Phantom Taurus breached Microsoft Exchange servers for years using a backdoor to spy on diplomats and defense data.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. “We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks,” researchers Jesse … Read More “$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections  – The Hacker News” »

A company affiliated with the Georgia Institute of Technology agreed to pay $875,000 to the U.S. government to settle a case involving allegations that it knowingly failed to meet cybersecurity requirements for obtaining Pentagon contracts, the Justice Department announced Tuesday. Two Georgia Tech whistleblowers who worked on the university’s cybersecurity team first filed suit in … Read More “DOJ, Georgia Tech affiliate company settle over alleged failure to meet DOD contract cyber requirements  – CyberScoop” »

The Cybersecurity and Infrastructure Security Agency doesn’t have any plans in place for continuing a threat information-sharing program should a 2015 law that laid the groundwork for its creation expire Wednesday, according to a new watchdog report. The inspector general report points to yet more potential complications for threat data exchanges between industry and the … Read More “Watchdog: Cyber threat information-sharing program’s future uncertain with expected expiration of 2015 law  – CyberScoop” »

Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. “Phantom Taurus’ main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations,” Palo Alto Networks Unit 42  – Read More  … Read More “Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware  – The Hacker News” »

Cybersecurity researcher Jeremiah Fowler discovered a massive 10.7TB ClaimPix leak exposing 5.1M customer files, vehicle data, and Power of Attorney documents. Read the full details.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A massive data breach at RemoteCOM exposed 14,000 personal files and police contacts from the SCOUT software. Learn what this aggressive spyware records, and the high risks for all involved parties.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto