AttackFeed by Joe Wagner

Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution. “The attacker leverages  – … Read More “Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner  – The Hacker News” »

In episode 426 of the “Smashing Security” podcast, Graham reveals how you can hijack a train’s brakes from 150 miles away using kit cheaper than a second-hand PlayStation. Meanwhile, Carole investigates how Grok went berserk, which didn’t stop the Department of Defense signing a contract with Elon’s AI chatbot. So who is responsible when your … Read More “Smashing Security podcast #426: Choo Choo Choose to ignore the vulnerability  – Graham Cluley” »

Hackers abused fake GitHub accounts to spread Emmenhtal, Amadey, Lumma and Redline infoStealers in attacks linked to a phishing campaign targeting Ukraine in early 2025.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Department of Homeland Security memo confirms Chinese group Salt Typhoon, extensively compromised a US National Guard network for nearly a year, stealing sensitive military and law enforcement data.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementing more proactive, adaptive, and actionable measures that can work together to effectively address the  – Read More  … Read More “CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025  – The Hacker News” »

An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has been linked to a string of distributed denial-of-service (DDoS) attacks against Ukraine and its allies. The actions have led to the dismantling of a major part of the group’s central server infrastructure and more than … Read More “Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine  – The Hacker News” »

The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors. “Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment  – Read More  … Read More “Chinese Hackers Target Taiwan’s Semiconductor Sector with Cobalt Strike, Custom Backdoors  – The Hacker News” »

Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges. Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was … Read More “Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code  – The Hacker News” »

When it comes to sharing sensitive documents online, security sits at the top of everyone’s checklist. Online faxing is…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Congress is set to revisit Stuxnet — the malware that wreaked havoc on Iran’s nuclear program 15 years ago  — next week in the hopes that the pioneering attack can guide today’s critical infrastructure policy debate, CyberScoop has learned. The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold a hearing July 22 … Read More “House hearing will use Stuxnet to search for novel ways to confront OT cyberthreats  – CyberScoop” »

An Armenian national is in federal custody and faces charges stemming from their alleged involvement in a spree of attacks in 2019 and 2020 involving Ryuk ransomware, the Justice Department said Wednesday. Karen Serobovich Vardanyan, 33, was extradited from Ukraine to the United States on June 18 and pleaded not guilty to the charges in … Read More “Ryuk ransomware operator extradited to US, faces five years in federal prison  – CyberScoop” »

BADBOX variant BADBOX 2.0 found preinstalled on Android IoT devices in 222 countries, turning them into proxy nodes used in fraud and large-scale malicious activity.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A financially motivated threat group is attacking organizations using fully patched, end-of-life SonicWall Secure Mobile Access 100 series appliances, Google Threat Intelligence Group said in a report released Wednesday. The group, which Google identifies as UNC6148, is using previously stolen admin credentials to gain access to SonicWall SMA 100 series appliances, remote access VPN devices … Read More “SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices  – CyberScoop” »

A financially motivated threat group is attacking organizations using fully patched, end-of-life SonicWall Secure Mobile Access 100 series appliances, Google Threat Intelligence Group said in a report released Wednesday. The group, which Google identifies as UNC6148, is using previously stolen admin credentials to gain access to SonicWall SMA 100 series appliances, remote access VPN devices … Read More “SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices  – CyberScoop” »

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware. First advertised in February … Read More “Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms  – The Hacker News” »

As the Department of Homeland Security seeks to transform a federal database for immigrant benefits into a supercharged database to search for noncitizen voters, a trio of Democratic senators are pressing the department for more information. Sens. Gary Peters, D-Mich., Alex Padilla, D-Calif., and Jeff Merkley, D-Ore., wrote to Homeland Security Secretary Kristi Noem on … Read More “Senate Democrats seek answers on Trump overhaul of immigrant database to find noncitizen voters  – CyberScoop” »

An international law enforcement operation conducted this week targeted the members of and infrastructure used by NoName057(16), a pro-Russian hacktivist group that has conducted distributed denial-of-service (DDoS) attacks across Europe since early 2022. Operation Eastwood disrupted over 100 servers worldwide and resulted in two arrests, seven international arrest warrants, and 24 house searches across multiple … Read More “Pro-Russian DDoS group NoName057(16) disrupted by international law enforcement operation  – CyberScoop” »

Police have struck a blow against the DiskStation ransomware gang which targets Synology NAS devices, and arresting its suspected ringleader. Make sure that you have properly hardened the security of your Network Access Storage devices to reduce the chances of your data being locked up by a ransomware attack. Read more in my article on … Read More “Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader  – Graham Cluley” »

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a group it tracks … Read More “UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit  – The Hacker News” »

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The modern marketing stack and every effective marketing platform runs on data. From ad campaigns to user journeys,…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Episource breach exposed data of 5.4M patients across the US. Linked to UnitedHealth’s Optum, the health tech firm was hit by a ransomware attack in early 2025.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager. From Hype to High Stakes Generative AI has moved beyond the hype cycle. Enterprises are: Deploying … Read More “AI Agents Act Like Employees With Root Access—Here’s How to Regain Control  – The Hacker News” »

Former US Army soldier Cameron Wagenius pleads guilty to hacking telecom companies and extorting $1 million+ using cybercrime forums like BreachForums and XSS.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have disclosed what they say is a “critical design flaw” in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. “The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely,” Semperis said in a report shared … Read More “Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access  – The Hacker News” »

Social engineering attacks have entered a new era—and they’re coming fast, smart, and deeply personalized. It’s no longer just suspicious emails in your spam folder. Today’s attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives, hijack your social channels, and create convincing fakes of your website, emails, and even voice. … Read More “Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time  – The Hacker News” »

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign “decoy” app that’s hosted on the Google Play … Read More “New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code  – The Hacker News” »

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser’s ANGLE and GPU components. “Insufficient … Read More “Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild  – The Hacker News” »

Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by … Read More “Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act  – The Hacker News” »

Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A 21-year-old former Army soldier pleaded guilty Tuesday to charges stemming from a series of attacks and extortion attempts last year on telecommunications companies, including AT&T.  Cameron John Wagenius, who identified himself as “kiberphant0m” and “cyb3rph4nt0m” on online criminal forums, conducted extensive malicious activity for years, including while he was on active duty, the Justice … Read More “Former Army soldier pleads guilty to widespread attack spree linked to AT&T, Snowflake and others  – CyberScoop” »

Former White House national security adviser Mike Waltz brushed aside criticisms Tuesday that he put sensitive military operations at risk by holding discussions about military strikes in a Signal group chat, claiming the app’s use was authorized by the federal government’s top civilian cyber agency. In a Senate Foreign Relations Committee hearing, Waltz — who … Read More “Waltz brushes off SignalGate questions, points finger at CISA   – CyberScoop” »

Former White House national security adviser Mike Waltz brushed aside criticisms Tuesday that he put sensitive military operations at risk by holding discussions about military strikes in a Signal group chat, claiming the app’s use was authorized by the federal government’s top civilian cyber agency. In a Senate Foreign Relations Committee hearing, Waltz — who … Read More “Waltz brushes off SignalGate questions, points finger at CISA   – CyberScoop” »