AttackFeed by Joe Wagner

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed  … Read More “Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure  – The Hacker News” »

AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting … Read More “How AI Assistants are Moving the Security Goalposts  – Krebs on Security” »

A new phishing campaign is targeting thousands in the US by posing as the Social Security Administration. Learn how scammers use fake 2025/2026 tax statements and Datto RMM software to hijack computers and steal data, as shared with Hackread.com  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that’s designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. “It builds deep context … Read More “OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues  – The Hacker News” »

Researchers at Acronis have discovered a malicious trojanized version of the Red Alert rocket warning app targeting Israeli Android users. Distributed via fake Home Front Command SMS messages, this spyware steals GPS data, SMS messages, and contact lists while maintaining full alert functionality.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and … Read More “Hackers Spread Fake Red Alert Rocket Alert App to Spy on Israeli Users  – Hackread – Cybersecurity News, Data Breaches, AI and More” »

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last … Read More “Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model  – The Hacker News” »

President Donald Trump released his administration’s cyber strategy Friday, promoting offense operations in cyberspace, securing federal networks and critical infrastructure, streamlining regulations, leveraging emerging technologies and strengthening the cybersecurity workforce. Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud. A little more than half of the five … Read More “The long-awaited Trump cyber strategy has arrived  – CyberScoop” »

President Donald Trump released his administration’s cyber strategy Friday, promoting offense operations in cyberspace, securing federal networks and critical infrastructure, streamlining regulations, leveraging emerging technologies and strengthening the cybersecurity workforce. Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud. A little more than half of the five … Read More “The long-awaited Trump cyber strategy has arrived  – CyberScoop” »

North Korean threat groups are using artificial intelligence tools to accelerate and expand the country’s long-running scheme to get remote technical workers hired at global companies for longer durations, Microsoft Threat Intelligence said in a report Friday.  AI services are empowering North Korean operatives across the attack lifecycle. Attackers have turned AI into a “force … Read More “Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI  – CyberScoop” »

A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA – one of the world’s most prolific phishing-as-a-service platforms – has been dismantled. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

The post DHS CISO, deputy CISO exit amid reported IT leadership overhaul appeared first on CyberScoop.   – Read More  – CyberScoop 

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is … Read More “Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT  – The Hacker News” »

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a “high-volume, mediocre mass of implants” that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted … Read More “Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India  – The Hacker News” »

The House Energy and Commerce committee unanimously passed a package of bipartisan cybersecurity bills Thursday targeting the energy sector, including legislation that would reauthorize and fund a critical federal cybersecurity assistance program for rural electric utilities across the country. The Rural and Municipal Utility Cybersecurity Act, introduced by Reps. Mariannette Miller-Meeks, R-Iowa, and Jennifer McClellan, … Read More “Congress looks to revive critical cyber program for rural electric utilities  – CyberScoop” »

Cisco patches 48 vulnerabilities in Secure Firewall products, including two critical CVSS 10 flaws that could allow authentication bypass and remote code execution.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies’ networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It’s affiliated with … Read More “Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor  – The Hacker News” »

Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology … Read More “The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity  – The Hacker News” »

A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow. It’s worth  … Read More “China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed below – CVE-2017-7921 (CVSS score: 9.8) – An improper authentication vulnerability affecting  – Read More  – The Hacker … Read More “Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog  – The Hacker News” »

Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the … Read More “Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer  – The Hacker News” »

Hidden cyber risks in remote work include insecure home Wi-Fi, phishing attacks, and data exposure, leaving businesses and employees vulnerable to breaches.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Bitdefender research reveals Pakistani group APT36 is using AI-generated vibeware and trusted cloud services like Google Sheets to target Indian officials.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The FBI found evidence that its networks had been targeted in a suspected cybersecurity incident, the bureau confirmed on Thursday, without sharing any further details. “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the agency said in a statement. “We have nothing additional to … Read More “FBI targeted with ‘suspicious’ activity on its networks  – CyberScoop” »

Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Discover the best next-gen endpoint protection platforms in 2026, built to detect modern threats, stop credential abuse, and secure enterprise devices.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Department of Health and Human Services unveiled a tool Thursday to help health care facilities assess their cybersecurity risks, elevating the emphasis on those threats to the kind produced by weather conditions and other dangers. The assistance from HHS’s Administration for Strategic Preparedness and Response (ASPR) comes in the form of an update to … Read More “HHS updates a free risk tool to help hospitals size up their cybersecurity exposure  – CyberScoop” »

Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Hydrolix expert Tom Howe explains how AI bots impact ecommerce, how to spot good vs malicious bots, and why blocking them can hurt sales.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Russian national Evgenii Ptitsyn pleaded guilty to running the Phobos ransomware outfit that extorted more than $39 million from more than 1,000 victims globally, the Justice Department said Wednesday. Ptitsyn assumed a leadership role in the Phobos ransomware group in January 2022, yet his criminal activities began by April 2019, according to court records. He … Read More “Phobos ransomware leader pleads guilty, faces up to 20 years in prison  – CyberScoop” »

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2026-20122 (CVSS score: 7.1) – An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file … Read More “Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities  – The Hacker News” »

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2026-20122 (CVSS score: 7.1) – An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file … Read More “Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities  – The Hacker News” »

Europol and partners dismantle Tycoon 2FA phishing service used to bypass MFA, disrupting a global phishing-as-a-service operation targeting organisations.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Europol seizes LeakBase cybercrime and hacker forum used to trade stolen data, disrupting a global platform with over 140,000 members.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cisco released information on a pair of max-severity vulnerabilities in its firewall management software Wednesday that unauthenticated, remote attackers could exploit to obtain the highest level of access to the underlying operating system or on affected devices. The vulnerabilities — CVE-2026-20079 and CVE-2026-20131 — affect the web-based interface of Cisco Secure Firewall Management Center (FMC) … Read More “Cisco reveals 2 max-severity defects in firewall management software  – CyberScoop” »

Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting encrypted data and storing it so it can be decrypted later using quantum computers. This tactic—known as “harvest now, decrypt later”—means sensitive data … Read More “Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders  – The Hacker News” »

Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of … Read More “ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More  – The Hacker News” »

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country’s Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the … Read More “Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. “The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning … Read More “APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine  – The Hacker News” »

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage.  Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta, … Read More “Where Multi-Factor Authentication Stops and Credential Abuse Starts  – The Hacker News” »