AttackFeed by Joe Wagner

Microsoft Threat Intelligence detected a new AI-powered phishing campaign using LLMs to hide malicious code inside SVG files disguised as business dashboards.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privilege escalation bug affecting the following versions – VMware … Read More “Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024  – The Hacker News” »

The Problem: Legacy SOCs and Endless Alert Noise Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies. The problem is not just volume; it is … Read More “Stop Alert Chaos: Context Is the Key to Effective Incident Response  – The Hacker News” »

Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake. In addition, the tech giant said it’s also releasing a public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server. “With graph-based context, … Read More “Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake  – The Hacker News” »

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google’s Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. “They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud  – Read More  – The Hacker News 

Two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers. The teenagers, who are said to have been recruited as “disposable agents” via Telegram, were reportedly arrested last week “on suspicion that are linked to government-sponsored interference.” Read more in my article on the Hot for Security blog.  – Read … Read More “Dutch teens recruited on Telegram, accused of Russia-backed hacking plot  – Graham Cluley” »

Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly. Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting “active senior  – Read … Read More “New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events  – The Hacker News” »

As more businesses rely on digital documents today, effective large file management has also become necessary. PDFs are…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated £5.5 billion (about $7.39 billion) during a raid of her home in London. The cryptocurrency seizure, amounting to 61,000 Bitcoin, is believed to be the single largest such effort in the world, the … Read More “U.K. Police Just Seized £5.5 Billion in Bitcoin — The World’s Largest Crypto Bust  – The Hacker News” »

The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and development to finance and HR. This transformation unlocks innovation and efficiency, but it also  – … Read More “Evolving Enterprise Defense to Secure the Modern AI Supply Chain  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior … Read More “CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems  – The Hacker News” »

The Department of Homeland Security estimated over the weekend that it would send home about two-thirds of employees at the Cybersecurity and Infrastructure Security Agency in the event of a government shutdown. It’s the first time that the second Trump administration has released its contingency plan in response to what would happen if Congress doesn’t … Read More “Two-thirds of CISA personnel could be sent home under shutdown  – CyberScoop” »

Dutch authorities arrest two teens recruited by pro-Russian hackers for spying missions. Learn how Russia is using disposable agents for sabotage across Europe.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Authorities arrested 260 cybercrime suspects during a two-week operation spanning 14 African countries, Interpol announced Friday. The globally coordinated summertime crackdown dubbed “Operation Contender 3.0” targeted criminal networks that facilitated romance scams and sextortion, officials said.  Interpol said total losses attributed to the scam syndicates amounted to about $2.8 million, involving almost 1,500 victims. Authorities … Read More “Interpol operation disrupts romance scam and sextortion networks in Africa  – CyberScoop” »

Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.  … Read More “EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations  – The Hacker News” »

Luxury retailer Harrods confirms 430,000 customer records (names, contacts) were stolen from a third-party provider in the latest UK retail cyberattack wave.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you … Read More “⚡ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More  – The Hacker News” »

As the digital asset market matures and regulators worldwide work to set clear standards, one fact has become…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

eSentire TRU analyses the new DarkCloud V4.2 infostealer, rewritten in VB6. Find out how the malware steals browser data, crypto, and contacts via targeted phishing.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can  … Read More “The State of AI in the SOC 2025 – Insights from Recent Study   – The Hacker News” »

A critical, longstanding piece of America’s cybersecurity infrastructure is perilously close to vanishing overnight.  On Tuesday, the Cybersecurity Information Sharing Act (CISA) expires — and with it, the legal protections that enable countless organizations to share threat intelligence with the federal government. Without swift congressional action, we risk dismantling years of progress in collaborative cyber … Read More “Expired protections, exposed networks: The stakes of CISA’s sunset  – CyberScoop” »

Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks. According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called “postmark-mcp” that copied an official Postmark Labs library of … Read More “First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package  – The Hacker News” »

Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses. “Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and … Read More “Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security  – The Hacker News” »

Singapore, Singapore, 29th September 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

WhatsApp has become one of the most popular applications, with over 2 billion individuals using it for communication with friends and family. Unfortunately, this makes WhatsApp an easy way for cyber criminals to target unsuspecting individuals. Since the app is used for friendly methods, many assume that contact via WhatsApp can be trusted. It can’t … Read More “WhatsApp Scams: The Latest Way Criminals Attack  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »

Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugX (aka Korplug or SOGU). “The new variant’s features overlap with both the RainyDay and Turian backdoors, including abuse of the same legitimate applications for DLL side-loading, … Read More “China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks  – The Hacker News” »

Hackers are sending fake invoice emails with malicious Office files that install the XWorm RAT on Windows systems, allowing full remote access and data theft. Learn how the shellcode and process injection are used to steal data, and how to stay safe from this persistent threat.  – Read More  – Hackread – Latest Cybersecurity, Hacking … Read More “Hackers Use Fake Invoices to Spread XWorm RAT via Office Files  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto” »

The United Nations is making a push to more directly influence global policy on artificial intelligence, including the promotion of policymaking and technical standards around “safe, secure and trustworthy” AI.  Last month, the world body finalized plans to create a new expert panel focused on developing scientific, technical and policy standards for the emerging technology. … Read More “UN seeks to build consensus on ‘safe, secure and trustworthy’ AI  – CyberScoop” »

Bitdefender warns that the TradingView Premium ad scam now targets Google ads and YouTube, hijacking verified channels to spread spyware.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner. “The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments,” Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared … Read More “Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam  – The Hacker News” »

FortiGuard Labs exposes a high-severity phishing campaign impersonating the National Police of Ukraine to deliver Amatera Stealer (data theft) and PureMiner (cryptojacking) to Windows PCs.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Threat intelligence professionals have a sense of foreboding about a maximum-severity vulnerability Forta disclosed last week in its file-transfer service GoAnywhere MFT, as they steel themselves for active exploitation and signs of compromise. Forta has not declared the defect actively exploited and did not answer questions to that effect from CyberScoop. Yet, researchers at watchTowr … Read More “Worries mount over max-severity GoAnywhere defect  – CyberScoop” »

The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new “lightweight” malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a  … Read More “New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks  – The Hacker News” »