AttackFeed by Joe Wagner

The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automate end-to-end business workflows across the enterprise. This … Read More “AI Agents: The Next Wave Identity Dark Matter – Powerful, Invisible, and Unmanaged  – The Hacker News” »

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described  – Read More  … Read More “Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets  – The Hacker News” »

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as … Read More “SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains  – The Hacker News” »

Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component. “Memory corruption when adding user-supplied data without checking available buffer space,” Qualcomm said in an … Read More “Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited  – The Hacker News” »

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as … Read More “SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains  – The Hacker News” »

Hackers took over Iran’s BadeSaba Calendar prayer app, sending “Help Is on the Way” alerts and messages urging soldiers to lay down weapons.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Google disclosed one actively exploited zero-day vulnerability Monday, warning that the high-severity defect affecting an open-source Qualcomm display component for Android devices “may be under limited, targeted exploitation.” The memory-corruption vulnerability — CVE-2026-21385 — which Google’s Android security team reported to Qualcomm Dec. 18, affects 234 chipsets, Qualcomm said in a security bulletin. Qualcomm said … Read More “Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities  – CyberScoop” »

The FBI’s cyber chief is prioritizing preparation for stepped-up Chinese threats, enhanced confrontation of adversaries in cyberspace and quicker intelligence sharing with industry as the bureau enters the second and final month of a unique cybersecurity awareness campaign. Brett Leatherman, who took over as assistant director of the FBI’s cyber division last summer, listed those … Read More “The FBI’s cyber chief is using Winter SHIELD to accelerate China prep, threat intelligence sharing  – CyberScoop” »

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. “To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure … Read More “Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome  – The Hacker News” »

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched … Read More “New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel  – The Hacker News” »

Torrance, United States / California, 2nd March 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Fake Zoom and Google Meet pages trick users into installing Teramind monitoring software on Windows systems through phishing links and fake updates.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points. The pattern becomes clear only when you see everything … Read More “⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More  – The Hacker News” »

Major Pakistani TV channels, including Geo News and ARY News, were hit by a coordinated cyberattack on 1 March 2026. Hackers took control of live satellite feeds to display unauthorised messages. Read more about the breach, the regional impact, and the reported counter-cyber response.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI … Read More “Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages  – Hackread – Cybersecurity News, Data Breaches, AI and More” »

Learn how agentic AI changes system behavior in production environments through supervised fine-tuning, structured oversight, and lifecycle governance to improve reliability, manage risk, and support accountable deployment.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated … Read More “How to Protect Your SaaS from Bot Attacks with SafeLine WAF  – The Hacker News” »

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. “Protection mechanism failure in MSHTML Framework allows an unauthorized  – … Read More “APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday  – The Hacker News” »

While competing for medals and glory in Milan, Italy, U.S. Olympic athletes experienced something that is fast becoming a regular feature of modern public life: the widespread use of AI tools by politicians, trolls and sexual harassers to manipulate their images and voices Users on 4chan and other sites quickly generated and shared “nudified” or … Read More “From fake nudes to fake quotes: AI deepfakes plagued Olympic athletes  – CyberScoop” »

For years, cyberattacks followed a familiar pattern: reconnaissance, exploitation, persistence, impact. Defenders built their strategies around that cycle, patching vulnerabilities, monitoring indicators, and working to reduce dwell time. But a quieter shift is underway. Today’s most sophisticated adversaries are using AI to study how organizations defend themselves. They run what we call “silent probing campaigns:” … Read More “How ‘silent probing’ can make your security playbook a liability  – CyberScoop” »

The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added. … Read More “DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams  – The Hacker News” »

Frankfurt am Main, Germany, 2nd March 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead … Read More “North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT  – The Hacker News” »

Fake Xeno and Roblox gaming tools are spreading a Windows RAT (remote access trojan) using PowerShell and LOLBins, Microsoft Threat Intelligence warns.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. “Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly … Read More “ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket  – The Hacker News” »

Stop the 75% failure rate. Learn which device vulnerabilities stall deployments and the exact fixes that get IoT projects to production.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks … Read More “Who is the Kimwolf Botmaster “Dort”?  – Krebs on Security” »

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix “AIza”) embedded in client-side code to provide Google-related … Read More “Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement  – The Hacker News” »

Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a “supply chain risk.” “This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance … Read More “Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute  – The Hacker News” »

ShinyHunters hackers leak 2 million records from Dutch telecom Odido after ransom refusal, claiming up to 21 million customer records were stolen in the breach.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Is your AI assistant safe? Oasis Security researchers have found a critical ClawJacked vulnerability in OpenClaw that allows hackers to hijack AI agents through a simple browser tab.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France. … Read More “900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks  – The Hacker News” »

Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate “golang.org/x/crypto” codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password  – Read More  – The Hacker … Read More “Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor  – The Hacker News” »

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves … Read More “ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks  – The Hacker News” »

Guide to the SpaceX IPO date, company profile, pricing method, risks, and how investors can prepare to buy shares when the company goes public soon.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Varonis Threat Labs reveals 1Campaign, a platform used to trick Google Ads and hide phishing pages. Learn how this cloaking tool targets real users while evading security.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). “A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar,” the Microsoft Threat Intelligence team said in a post on X. … Read More “Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms  – The Hacker News” »