AttackFeed by Joe Wagner

More than a year’s worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially … Read More “Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles  – The Hacker News” »

Sweden’s proposal to mandate encryption backdoors faces backlash from Signal, cybersecurity experts, and even its military over privacy and security risks.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

As autonomous agents increasingly enter organizations, nation-state actors are turning to these AI-powered technologies to undermine our national security and critical infrastructures. As a result, today’s security teams need to be able to fight AI with AI, and understand the technology’s implications from both a defensive and offensive perspective. Similarly, our national defenses have to … Read More “CISA’s AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution  – CyberScoop” »

Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been downloaded over 104,000 times to date. First published in May 2019, it remains available on PyPI as of writing. “Although automslc, … Read More “Malicious PyPI Package “automslc” Enables 104K+ Unauthorized Deezer Music Downloads  – The Hacker News” »

The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat (aka DarkCrystal RAT). The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025. The activity is … Read More “CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries  – The Hacker News” »

Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques … Read More “Three Password Cracking Techniques and How to Defend Against Them  – The Hacker News” »

Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. “Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized  … Read More “New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems  – The Hacker News” »

Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it’s clear this isn’t just a human problem—it’s a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there … Read More “SOC 3.0 – The Evolution of the SOC and How AI is Empowering Human Talent  – The Hacker News” »

A data breach at DISA Global Solutions, a firm providing background checks, and drugs and alcohol testing services,…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows – CVE-2024-49035 (CVSS score: 8.7) – An improper access control  – … Read More “CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation  – The Hacker News” »

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Last week’s $1.46 billion Ethereum theft by North Korean-linked Lazarus Group has sent shockwaves through the cybercrime ecosystem, as it has not only joined the ranks of the largest known financial thefts in history but also demonstrated that the group’s skillset is presenting new challenges for defenders.  In the wake of the theft, numerous experts … Read More “Crypto analysts stunned by Lazarus Group’s capabilities in $1.46B Bybit theft  – CyberScoop” »

Expelling all members of an independent federal cybersecurity advisory panel as it was investigating Salt Typhoon was necessary due to previous leadership and the board “going in the wrong direction,” President Donald Trump’s nominee for deputy secretary of the Department of Homeland Security said Tuesday. Troy Edgar, who is serving as a senior adviser to … Read More “Purging cyber review board was ‘a great idea,’ DHS deputy secretary nominee says  – CyberScoop” »

Democrats on the House Oversight Committee say the Department of Government Efficiency (DOGE) is jeopardizing cybersecurity by publicly exposing entry points into U.S. government systems, and told the Trump administration it needs to provide information on department officials’ access. “Decades of efforts by both Republican and Democratic administrations, along with bipartisan collaboration in Congress, have … Read More “House Dems say DOGE is leaving publicly exposed entry points into government systems  – CyberScoop” »

Kaspersky’s Securelist exposes the GitVenom campaign involving fake GitHub repositories to distribute malware. Targeting developers with seemingly legitimate…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader.  The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed … Read More “Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware  – The Hacker News” »

Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that’s capable of infecting both Windows and Apple systems with an aim to … Read More “LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile  – The Hacker News” »

In episode 39 of the AI Fix, our hosts watch a drone and a robot dog shoot fireworks at each other, xAI launches Grok 3, Mark explains that AIs can design genomes now, a robot starts a punch up, Zuck becomes a mind reader, an AI cracks a ten-year science question in two days, and … Read More “The AI Fix #39: AIs value their lives over yours, and flattery gets you nowhere  – Graham Cluley” »

Chinese Silver Fox APT exploits trojanized medical imaging software to spread ValleyRAT malware, posing a serious threat to…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

A serious security vulnerability has been found in popular stalkerware apps, exposing the sensitive personal information and communications of millions of people. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Cyberattacks against industrial organizations surged in 2024 as a glut of new threat actors increasingly targeted operational technology (OT) and industrial control systems (ICS), according to cybersecurity firm Dragos. According to a report released Tuesday, attacks on industrial organizations soared by 87% last year, while the number of ransomware groups impacting the OT/ICS space jumped … Read More “Dragos: Surge of new hacking groups enter ICS space as states collaborate with private actors  – CyberScoop” »

Cyberattacks against industrial organizations surged in 2024 as a glut of new threat actors increasingly targeted operational technology (OT) and industrial control systems (ICS), according to cybersecurity firm Dragos. According to a report released Tuesday, attacks on industrial organizations soared by 87% last year, while the number of ransomware groups impacting the OT/ICS space jumped … Read More “Dragos: Surge of new hacking groups enter ICS space as states collaborate with private actors  – CyberScoop” »

Cybercriminals intentionally disrupted operations at a growing rate last year, Palo Alto Networks’ threat intelligence firm Unit 42 said in an annual incident response report released Tuesday. Of the nearly 500 major cyberattacks Unit 42 responded to last year, 86% involved business disruption, including operational downtime, fraud-related losses, increased operating costs and negative reputational impacts.  … Read More “Threat actors are increasingly trying to grind business to a halt  – CyberScoop” »

Cary, NC, 25th February 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Cybercriminals intentionally disrupted operations at a growing rate last year, Palo Alto Networks’ threat intelligence firm Unit 42 said in an annual incident response report released Tuesday. Of the nearly 500 major cyberattacks Unit 42 responded to last year, 86% involved business disruption, including operational downtime, fraud-related losses, increased operating costs and negative reputational impacts.  … Read More “Threat actors are increasingly trying to grind business to a halt  – CyberScoop” »

Cybersecurity researchers are calling attention to an ongoing campaign that’s targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky. “The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables  – … Read More “GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets  – The Hacker News” »

A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice’s product suite to sidestep detection efforts and deliver the Gh0st RAT malware. “To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.2 driver by modifying specific PE parts while keeping the signature valid,” Check … Read More “2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT  – The Hacker News” »

The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments. NetSupport RAT Exploiting the ClickFix Technique In early 2025, threat actors began exploiting a … Read More “5 Active Malware Campaigns in Q1 2025  – The Hacker News” »

Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. “The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure,” Kaspersky ICS CERT said … Read More “FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting  – Read … Read More “Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA  – The Hacker News” »

A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Black Basta’s internal chat logs, which were leaked earlier this month, are providing defenders with actionable intelligence on the ransomware group’s operations, cybercrime experts told CyberScoop.  Researchers sifting through Black Basta’s exposed communications found details about the group’s preferred tools and techniques, including custom malware loaders, indicators of compromise, cryptocurrency wallets and email addresses associated … Read More “What defenders are learning from Black Basta’s leaked chat logs  – CyberScoop” »

Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer. The AhnLab Security Intelligence Center (ASEC) said it has observed a spike in the distribution volume of ACR Stealer since January 2025. A notable aspect of the stealer malware … Read More “New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer  – The Hacker News” »

A new information-stealing malware, ACRStealer, is leveraging legitimate platforms like Google Docs and Steam to carry out its…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

If you just want to read the contest rules, click here. Willkommen, meine Damen und Herren, zu unserem ersten Wettbewerb in Berlin! That’s correct (if Google translate didn’t steer me wrong). While the Pwn2Own competition started in Vancouver in 2007, we always want to ensure we are reaching the right people with our choice of … Read More “Announce Pwn2Own Berlin and Introducing an AI Category  – Zero Day Initiative – Blog” »