AttackFeed by Joe Wagner

Europol targets extremist online content exploiting minors, tackling rising use of AI, propaganda, and grooming across Europe’s digital platforms.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alone.  This coverage is extremely … Read More “Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization  – The Hacker News” »

The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE)program was more than just a bureaucratic hiccup — it was a wake-up call for an industry thathas relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of theblue, we discovered the foundation was suddenly at risk. Worse still, we had a … Read More “Future-ready cybersecurity: Lessons from the MITRE CVE crisis  – CyberScoop” »

Cynthia Kaiser, a former top FBI cyber official, is joining the cybersecurity firm Halycon this week as senior vice president of its newly created ransomware research center. Kaiser left the FBI last week after 20 years, serving most recently as deputy assistant director leading the bureau’s cyber policy, intelligence and engagement branch and eight years … Read More “Top FBI cyber official Cynthia Kaiser exits for Halcyon  – CyberScoop” »

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the … Read More “Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets  – The Hacker News” »

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. “By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence,” Vasu Jakkal, corporate … Read More “Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion  – The Hacker News” »

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.” The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.  The update … Read More “Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues  – The Hacker News” »

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. “Out … Read More “New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch  – The Hacker News” »

Qualys details CVE-2025-5054 and CVE-2025-4598, critical vulnerabilities affecting Linux crash reporting tools like Apport and systemd-coredump. Learn how…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Litecoin (LTC), often called the “silver to Bitcoin’s gold,” has long been popular for its speed, lower transaction…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The US Department of the Treasury has taken action against Funnull Technology Inc. for enabling massive pig butchering…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows – CVE-2024-13915 (CVSS score: 6.9) – A pre-installed “com.pri.factorytest” application on … Read More “Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN  – The Hacker News” »

Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations … Read More “Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub  – The Hacker News” »

The fiscal 2026 budget proposal President Donald Trump unveiled last week would make deep cuts to the Cybersecurity and Infrastructure Security Agency workforce, with a goal of eliminating 1,083 positions and chopping its budget by $495 million, to $2.4 billion. That’s a slightly deeper total cut than an earlier budget outline forecast. And a new … Read More “Trump budget proposal would slash more than 1,000 CISA jobs  – CyberScoop” »

Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below – CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) – Two incorrect authorization vulnerabilities … Read More “Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU  – The Hacker News” »

Among all ages, Minecraft still rules the gaming scene as a preferred choice. The game provides a broad…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Iranian Robbinhood ransomware operator pleads guilty to major US city attacks, crippling services in Baltimore, Greenville, and more since 2019.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late. This is how attacks happen now—quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore—they’re struggling to trust what … Read More “⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More  – The Hacker News” »

The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it … Read More “The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats  – The Hacker News” »

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia.  “In what appears to be a multi-stage phishing operation, the … Read More “Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions  – The Hacker News” »

As more businesses face pressure to do more with fewer resources, automation platforms like Flowable are becoming central…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Quorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. … Read More “New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora  – The Hacker News” »

A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software. To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on … Read More “U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation  – The Hacker News” »

AVCheck, a large-scale service that cybercriminals use to check if their malware can be detected by various antivirus tools, was seized and taken offline Tuesday by a globally coordinated law enforcement action. Officials on Thursday said they seized four domains and a server associated with the online software crypting syndicate. The site for the counter … Read More “Top counter antivirus service disrupted in global takedown  – CyberScoop” »

The FBI on Thursday arrested a Defense Intelligence Agency employee working in the Insider Threat Division unit with top secret security clearance for allegedly attempting to provide classified information to a foreign government, the Justice Department said. Nathan Vilas Laatsch, 28, of Alexandria, Va., was arrested after a monthslong investigation following a tip the FBI … Read More “US intelligence employee arrested for alleged double-dealing of classified info  – CyberScoop” »

Four senators asked Department of Homeland Security Secretary Kristi Noem to reestablish the Cyber Safety Review Board, citing the need to investigate a landmark breach of telecommunications networks by Chinese hackers known as Salt Typhoon. In a letter Thursday, the senators also said the board has conducted important oversight of other incidents before DHS removed … Read More “Four Senate Democrats call on DHS to reinstate Cyber Safety Review Board membership  – CyberScoop” »

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. “This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as  – Read More  … Read More “New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data  – The Hacker News” »

The UK’s Ministry of Defence has revealed that it was the target of a sophisticated cyber attack that saw Russia-linked hackers pose as journalists. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Alleged TikTok Breach: Threat actor “Often9” claims to sell 428M user records, including emails, phones, and account details on dark web forum.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto