AttackFeed by Joe Wagner

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There’s a bit of everything this week. Persistence plays, legal wins, influence … Read More “⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More  – The Hacker News” »

Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 & 4.87.2) of its Python SDK to steal cloud and crypto credentials.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year’s findings … Read More “The State of Secrets Sprawl 2026: 9 Takeaways for CISOs  – The Hacker News” »

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling  – Read More  … Read More “Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels  – The Hacker News” »

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.” The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL  … Read More “Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign  – The Hacker News” »

ShinyHunters claims it breached European Commission systems, leaking 350GB of data. Officials are investigating, with no independent verification yet.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel “will now find … Read More “Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack  – The Hacker News” »

Lloyds Banking Group to compensate 450,000 customers after app glitch exposed data. Find out how the glitch affected…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per  – Read … Read More “Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug  – The Hacker News” »

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community … Read More “TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution. … Read More “CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation  – The Hacker News” »

Iran-linked Handala hackers breached FBI Chief Kash Patel’s Gmail, leaking photos and documents. Officials say no classified data was exposed.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

ShinyHunters leaves BreachForums, leaks data of 300,000 users, warns all active domains are fake, and threatens more leaks from forum backups.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. “Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this … Read More “Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits  – The Hacker News” »

Google fast-tracks post-quantum cryptography with a 2029 deadline as researchers warn quantum computers could break current encryption sooner than expected.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Iranian hackers claimed Friday to have compromised the personal data of FBI Director Kash Patel, and the bureau confirmed that it knew of the targeting of Patel’s personal email. The government-connected hacking group, Handala, previously claimed credit for hacking medical device maker Stryker, a boast that threat researchers considered credible. “All personal and confidential email … Read More “Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data  – CyberScoop” »

Researchers at WatchGuard have identified a new phishing campaign targeting companies in Venezuela. Using malicious SVG image files…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a … Read More “TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files  – The Hacker News” »

SAN FRANCISCO — Every RSA Conference has its buzzwords. Cloud. Ransomware. Zero trust. Plastered across the 87-acre Moscone Center complex on every booth, banner and bar. This year was AI, with vendors pitching AI-powered solutions to every security problem imaginable. But 2026 stood out for a different reason: Industry leaders spent the conference warning about … Read More “Security leaders say the next two years are going to be ‘insane’  – CyberScoop” »

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. “The pipeline had a single boolean return value that meant both ‘no scanners are … Read More “Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks  – The Hacker News” »

Letter from group published by MPs blames 12 March glitch on software update to its mobile banking apps Lloyds Banking Group exposed the personal data of nearly 500,000 customers in an IT glitch that left people’s payments, account details and national insurance numbers visible to other users, a committee of MPs has revealed. A letter … Read More “Almost half a million Lloyds customers had personal data exposed in IT glitch  – Data and computer security | The Guardian” »

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. “TikTok has been historically … Read More “AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion  – The Hacker News” »

Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it.  Introduction: One tech power to rule them all is a thing of the past  The relative safety, peace and prosperity that much of the world has … Read More “We Are At War  – The Hacker News” »

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. “Bearlyfy (also known as Labubu) operates as a dual-purpose group aimed at inflicting maximum damage upon … Read More “Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware  – The Hacker News” »

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large Language Models (LLMs). LangGraph is built on the foundations of  – Read More  – The … Read More “LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks  – The Hacker News” »

ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A year-long effort to strengthen cybersecurity and modernize tech at U.S. intelligence agencies has led to policy standards for using AI to bolster cyber defenses, a shared repository of all apps that have undergone a cybersecurity review and more, the Office of the Director of National Intelligence announced Thursday. An unclassified summary of cyber and … Read More “ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review  – CyberScoop” »

The Federal Communications Commission is moving to crack down on illegal robocalls and the use of foreign call centers. At a meeting Thursday, the three-member commission unanimously approved a new proposed regulation to increase certification and disclosure requirements for obtaining phone numbers, while also expanding those same requirements to all providers seeking phone numbers from … Read More “FCC pushes new rules to crack down on robocallers, foreign call centers  – CyberScoop” »

Enterprise AI security solutions in 2026, compare Check Point, Palo Alto, CrowdStrike, Fortinet, and Zscaler across cloud, endpoint, and network.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More