AttackFeed by Joe Wagner

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this  … Read More “How to Improve Okta Security in Four Steps  – The Hacker News” »

An ingenious phishing scam is targeting cryptocurrency investors, by posing as a mandatory wallet migration. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to “steal information from the target system, such as credentials stored in the browser, digital wallet … Read More “Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets  – The Hacker News” »

Do you need to permanently and securely delete photos from an iPhone to prevent unauthorized access? Simply deleting…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

ChatGPT Down: Users report “Gateway time-out” errors. OpenAI’s popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

StilachiRAT: Sophisticated malware targets crypto wallets & credentials. Undetected, it maps systems & steals data. Microsoft advises strong security measures.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

It’s not just you.  Seemingly everyone is getting those text messages that serve as a notification of an unpaid toll road violation. The past due is usually less than $25, but is often paired with threats of excessive penalties, suspended vehicle registrations and threats to report the fare to state motor vehicle agencies. None of … Read More “Who is sending those scammy text messages about unpaid tolls?  – CyberScoop” »

Educational institutions and businesses looking to implement technology-driven learning solutions often face a key decision: should they invest…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions – Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to … Read More “Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure  – The Hacker News” »

A staffer for the Department of Government Efficiency (DOGE) violated security policies at the Treasury Department by improperly sharing sensitive personal information outside the agency, according to a court filing. The filing last week came in a case state attorneys general brought against President Donald Trump and Treasury Secretary Scott Bessent challenging DOGE access to … Read More “DOGE staffer violated security policies at Treasury Department, court filing shows  – CyberScoop” »

GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Following the success of the Neuro Nostalgia Hackathon that closed out in 2024, Hackathon Raptors has completed its…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Scammers are sending fake extortion and ransom demands while posing as ransomware gangs, including the notorious Cl0p ransomware.…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Amsterdam, Netherlands, 17th March 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users’ actions. That’s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim’s security and privacy. “The features available in CSS allow attackers … Read More “Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions  – The Hacker News” »

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on … Read More “Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year  – The Hacker News” »

Internet security company Cloudflare, the world’s largest DDoS-mitigation service, plans to shift a sizable chunk of its traffic through post-quantum encrypted services over the next year. Approximately 35% of human-directed web traffic to Cloudflare’s network is currently protected through advanced encryption algorithms. These algorithms are theoretically designed to withstand attacks from significantly  more powerful quantum … Read More “Cloudflare rolls out post-quantum encryption for enterprise users  – CyberScoop” »

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider’s storage security controls and default settings. “In just the past … Read More “SANS Institute Warns of Novel Cloud-Native Ransomware Attacks  – The Hacker News” »

From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source  – … Read More “⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More  – The Hacker News” »

Frankfurt am Main, Germany, 17th March 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It’s used to track and retrieve all  – Read More  … Read More “GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories  – The Hacker News” »

Whether you’re downloading a video from YouTube or converting a Word document into a PDF file, there’s a chance that you might be unwittingly handing control of your PC straight into the hands of cybercriminals. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

The news can’t have come too soon for the many Chromecast users who have found themselves unable to stream their favourite TV shows, movies, and other media. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Did you know that 43% of cyberattacks target small businesses, yet only 14% are prepared to defend themselves?…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

The US extradites LockBit ransomware developer, Rostislav Panev, from Israel. Learn how his arrest impacts the fight against…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Understanding Common Misconceptions Digital security is a growing concern, and many Apple users suspect their iPhones or MacBooks have been hacked. However, in most cases, these fears stem from new features, security alerts, or misinterpretations of system behaviour rather than actual cyberattacks. This article explores common reasons why people believe their Apple devices are compromised … Read More “Are your iPhone or MacBook hacked?  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »

Cybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. … Read More “Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal  – The Hacker News” »

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. ClickFix attacks mimic the … Read More “ClickFix: How to Infect Your PC in Three Easy Steps  – Krebs on Security” »

Symantec demonstrates OpenAI’s Operator Agent in PoC phishing attack, highlighting AI security risks and the need for proper cybersecurity.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

The attorney general for California announced this week a wide-ranging investigation into the way companies collect, process and use consumer location data. The investigation will include scrutiny of advertising networks, mobile app providers and data brokers whose practices may violate the California Consumer Privacy Act (CCPA), one of the strictest state privacy laws in the … Read More “California’s legal push on geolocation data collection must take aim at the right targets, privacy experts say  – CyberScoop” »

A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been … Read More “Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges  – The Hacker News” »

Small water and wastewater utilities would get a boost to their cybersecurity defenses under a bipartisan Senate bill that a pair of lawmakers re-introduced Thursday. Sens. Catherine Cortez Masto, D-Nev., and Mike Rounds, R-S.D., are taking another swing at the Cybersecurity for Rural Water Systems Act after the legislation stalled out in the 118th Congress. … Read More “Water utilities would get cybersecurity boost under bipartisan Senate bill  – CyberScoop” »

The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol  … Read More “GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging  – The Hacker News” »

New Microsoft 365 phishing scam exploits fake support numbers to steal credentials. Learn how attackers bypass security and how to stay protected.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn’t have to be that way.  Microsegmentation: The Missing Piece in Zero Trust Security  Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no  – … Read More “Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right  – The Hacker News” »

Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware … Read More “Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom  – The Hacker News” »