AttackFeed by Joe Wagner

Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT. “CountLoader is being used either as part of an Initial Access Broker’s (IAB) toolset or by a … Read More “CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader  – The Hacker News” »

Palo Alto, California, 18th September 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In the current cycle, Bitcoin has anchored most of the capital inflow. In 2025, 66% of investors selected…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Hackers are posing as Empire podcast hosts, tricking crypto influencers and developers with fake interview invites to deliver macOS AMOS Stealer malware.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

AI’s growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to any emerging technology, governance is hard – but effective governance is even harder. The first instinct for most organizations is to respond with rigid policies. Write a policy document, circulate … Read More “How CISOs Can Drive Effective AI Governance  – The Hacker News” »

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. “SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said. “SilentSync also extracts  – Read … Read More “SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers  – The Hacker News” »

Infoblox links Vane Viper to PropellerAds, exposing a global malvertising network posing as adtech while spreading malware and running online scams.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Conor Brian Fitzpatrick, the creator of the notorious BreachForums hacking forum, has been resentenced to three years in prison after a US appeals court overturned his prior sentence of time served and 20 years of supervised release. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585, which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. Type confusion vulnerabilities can have severe … Read More “Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions  – The Hacker News” »

When “bad actors” stop being hackers and start being… actual actors. This week, Graham and special guest Jenny Radcliffe play “Hacker or Ham?” (yes, Steven Seagal, we’re looking at you), before diving into a campaign which saw an Iranian gang luring Israeli performers with fake casting calls for a serious film. We unpack why positive … Read More “Smashing Security podcast #435: Lights! Camera! Hacktion!  – Graham Cluley” »

SonicWall said it confirmed an attack on its MySonicWall.com platform that exposed customers’ firewall configuration files — the latest in a steady stream of security weaknesses impacting the besieged vendor and its customers. The company’s security teams began investigating suspicious activity and validated the attack “in the past few days,” Bret Fitzgerald, senior director of … Read More “Attack on SonicWall’s cloud portal exposes customers’ firewall configurations  – CyberScoop” »

New research reveals Raven Stealer malware that targets browsers like Chrome and Edge to steal personal data. Learn how this threat uses simple tricks like process hollowing to evade antiviruses and why it’s a growing risk for everyday users.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets. Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels. “The threat actors continue … Read More “TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks  – The Hacker News” »

Waltham, United States, 17th September 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Conor Brian Fitzpatrick, the founder of the hacking forum BreachForums, has been resentenced to three years in prison…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Learn what Codeless Testing Tools are and how effective they are in detecting common security vulnerabilities, along with understanding their strengths and limitations.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

ReversingLabs discovers “Shai-hulud,” a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures. “In this activity, the group masqueraded as the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well … Read More “Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts  – The Hacker News” »

Microsoft’s Digital Crimes Unit dismantled RaccoonO365, a major phishing service that stole thousands of user credentials and targeted US healthcare organisations. Discover how the operation worked and its global impact.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum computer to crack your company’s encryption overnight, exposing your most sensitive data, rendering much of it … Read More “From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience  – The Hacker News” »

Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model (LLM) platforms, employees now rely on these tools to code, analyze, draft, and decide. But for CISOs and security architects, the very speed of adoption … Read More “Rethinking AI Data Security: A Buyer’s Guide   – The Hacker News” »

Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going “dark.” Threat intelligence firm ReliaQuest said it has observed indications that the threat actor has shifted their focus to the financial sector. This is supported by … Read More “Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims  – The Hacker News” »

The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM). Conor Brian Fitzpatrick (aka Pompompurin), 22, of Peekskill, New York, pleaded guilty to one count of access device conspiracy, … Read More “DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM  – The Hacker News” »

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024. “Using a court order granted by the Southern … Read More “RaccoonO365 Phishing Network Shut Down After Microsoft and Cloudflare Disrupt 338 Domains  – The Hacker News” »

Microsoft’s Digital Crimes Unit coordinated the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that developed and sold phishing kits that have been used to steal more than 5,000 Microsoft credentials since July 2024, the company said Tuesday.  The threat group, which Microsoft tracks as Storm-2246, enabled cybercriminals to steal credentials … Read More “Microsoft seizes hundreds of phishing sites tied to massive credential theft operation  – CyberScoop” »

Secure document editing protects sensitive data with encryption and compliance tools, while reducing costly breaches and building trust,…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A man who pleaded guilty in 2023 for charges related to his work as founder and operator of the notorious BreachForums website was resentenced Tuesday to three years in prison after having his initial sentence overturned in January. Conor Brian Fitzpatrick, 22, operated BreachForums — once regarded as the largest English-language cybercrime marketplace — under … Read More “BreachForums founder resentenced to three years in prison  – CyberScoop” »

Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform  – Read More  – The … Read More “Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover  – The Hacker News” »