AttackFeed Cybersecurity News

0

CISA Adds Five Known Exploited Vulnerabilities to Catalog  – All CISA Advisories

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30400 Microsoft Windows DWM Core Library Use-After-Free Vulnerability CVE-2025-32701 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability CVE-2025-32706 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability CVE-2025-32709 Microsoft...

0

Federal prosecutors extradite alleged leader of BlackBD.cc cybercrime marketplace  – CyberScoop

Liridon Masurica, the alleged lead administrator of cybercrime marketplace BlackDB.cc, was extradited to the United States on Friday and faces charges that carry a maximum penalty of 55 years in federal prison, the Justice Department said Tuesday.  Masurica, 33, who is also known as “@blackdb,” was arrested by authorities in Kosovo on Dec. 12. He made his initial appearance in...

0

The May 2025 Security Update Review  – Zero Day Initiative – Blog

It’s the second Tuesday of the month, and the final patch Tuesday before Pwn2Own Berlin. I know several contestants are sweating it out and hoping their entries are patched out. While they quiver with anticipation, take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the...

0

Hitachi Energy Relion 670/650/SAM600-IO Series  – All CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Series Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2. RISK EVALUATION Successful exploitation of this vulnerability can allow an attacker to reboot the device and cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports...

0

ABB Automation Builder  – All CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ABB Equipment: Automation Builder Vulnerabilities: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to overrule the Automation Builder’s user management. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Automation Builder are affected: Automation Builder: All...

0

Hitachi Energy MACH GWS Products  – All CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MACH GWS products Vulnerabilities: Improper Neutralization of Special Elements in Data Query Logic, Improper Limitation of a Pathname to a Restricted Directory, Authentication Bypass by Capture-replay, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...

0

Hitachi Energy Service Suite  – All CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Service Suite Vulnerabilities: Use of Less Trusted Source, Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’), Integer Overflow or Wraparound, Out-of-bounds Write, Allocation of Resources Without Limits or Throttling, Exposure of Sensitive Information to an Unauthorized Actor, Memory Allocation with Excessive Size Value,...

0

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads  – The Hacker News

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first  –...

0

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide  – The Hacker News

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. “Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign  – Read More  – The Hacker News 

0

Wide-ranging Apple security update addresses over 30 vulnerabilities  – CyberScoop

Apple rolled out a series of substantial security updates Monday for its major software platforms, with advisories covering iOS, iPadOS, and two versions of macOS lines, addressing more than 30 vulnerabilities in total.  Among the numerous fixes, iOS 18.5 and iPadOS 18.5 introduce the first security update for Apple’s in-house C1 modem, featured in the newly released iPhone 16e. The...

0

State and local election officials plead with Congress for election security funding  – CyberScoop

As the Trump administration takes a hatchet to the federal government’s election security work and attempts to place conditions on funding to states, state and local election officials are pleading with lawmakers to provide robust support  they say  is crucial to keeping American elections secure. In a letter sent to leaders on the House and Senate Appropriations committees this week,...

0

North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress  – The Hacker News

The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.” “The group’s interest in Ukraine follows historical targeting  – Read...

0

Deepfake Defense in the Age of AI  – The Hacker News

The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale.  Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them.  The Most Powerful Person on the  – Read More ...

0

Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency  – The Hacker News

Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. “He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands,” officials said in a statement Monday. In conjunction with the  – Read More  – The Hacker...

0

Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers  – The Hacker News

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. “These exploits have resulted in a collection of related user data from targets in Iraq,” the Microsoft Threat Intelligence team said. “The targets of the attack are associated with the Kurdish ...

0

US seizes Anyproxy, 5socks botnets and indicts alleged administrators  – CyberScoop

Federal authorities seized two domains and indicted four foreign individuals for alleged involvement in a long-running botnet service that infected older wireless internet routers, the Justice Department said Friday.  The malware created for the botnet allowed infected routers to be reconfigured, which granted unauthorized access to third parties and made the routers available for sale as proxy servers on Anyproxy.net...

0

US seizes Anyproxy, 5socks botnets and indicts alleged administrators  – CyberScoop

Federal authorities seized two domains and indicted four foreign individuals for alleged involvement in a long-running botnet service that infected older wireless internet routers, the Justice Department said Friday.  The malware created for the botnet allowed infected routers to be reconfigured, which granted unauthorized access to third parties and made the routers available for sale as proxy servers on Anyproxy.net...

0

ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files  – The Hacker News

ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that’s designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a  – Read...

0

Update to How CISA Shares Cyber-Related Alerts and Notifications  – All CISA Advisories

Starting May 12, CISA is changing how we announce cybersecurity updates and the release of new guidance. These announcements will only be shared through CISA social media platforms, email, and RSS feeds and will no longer be listed on our Cybersecurity Alerts & Advisories webpage.   The focus of our Cybersecurity Alerts & Advisories webpage will now be on urgent information...

0

⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams  – The Hacker News

What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It’s not just clever—it’s  – Read More  –...

0

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That  – The Hacker News

Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian’s State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack  – Read More ...

0

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures  – The Hacker News

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. “Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns,”  – Read More  – The Hacker News 

0

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution with no additional execution privileges needed. Android is an operating system developed by Google for mobile devices, such as smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the...

0

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data  – The Hacker News

Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform. The operation was carried out on April 30, 2025, authorities said, adding they also confiscated 8 terabytes worth of data and cryptocurrency assets  – Read More  –...

0

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection  – The Hacker News

Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users’ personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs the fines the tech giant has paid to settle similar lawsuits brought by other U.S. states. In November 2022, it paid...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.