AttackFeed by Joe Wagner

A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. “Typically delivered through phishing emails … Read More “New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection  – The Hacker News” »

Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo … Read More “Edge device vulnerabilities fueled attack sprees in 2024  – CyberScoop” »

The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges  – Read More  … Read More “The Ultimate MSP Guide to Structuring and Selling vCISO Services  – The Hacker News” »

Xerox Versalink printers are vulnerable to pass-back attacks. Rapid7 discovers LDAP & SMB flaws (CVE-2024-12510 & CVE-2024-12511). Update…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Most industries have rules of engagement. In sports, there are referees. In business, there are regulations. In government, there are Robert’s Rules of Order. Cybersecurity is different. There are regulations, but they don’t limit how much we can defend ourselves. They focus on compliance, breach reporting, and risk management, not on dictating the strategies we … Read More “Java security: If you ain’t cheatin,’ you ain’t tryin’  – CyberScoop” »

Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of … Read More “Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below – CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto … Read More “CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List  – The Hacker News” »

A new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Two critical OpenSSH vulnerabilities discovered! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new … Read More “How Phished Data Turns into Apple & Google Wallets  – Krebs on Security” »

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below – CVE-2025-26465 – The OpenSSH client  – Read More  … Read More “New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now  – The Hacker News” »

The New Snake Keylogger variant targets Windows users via phishing emails, using AutoIt for stealth. Learn how it…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Microsoft warns Apple developers about a new XCSSET malware variant targeting macOS, posing security risks through stealthy infections…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor’s malicious payload into an external process, waitfor.exe,  – Read … Read More “Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks  – The Hacker News” »

London, United Kingdom, 18th February 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is … Read More “New FrigidStealer Malware Targets macOS Users via Fake Browser Updates  – The Hacker News” »

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. “An Authentication … Read More “Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication  – The Hacker News” »

The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to … Read More “Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign  – The Hacker News” »

Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there’s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while … Read More “Debunking the AI Hype: Inside Real Hacker Tactics  – The Hacker News” »

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. “This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP  – Read … Read More “New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials  – The Hacker News” »

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that’s capable of stealing sensitive payment information from online shopping … Read More “Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers  – The Hacker News” »

Researchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

People around the world learned about the latest advancements in the American space industry! This was made possible…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. “Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” the Microsoft Threat Intelligence team said in a post shared … Read More “Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics  – The Hacker News” »

The new Golang backdoor uses Telegram for command and control. Netskope discovers malware that exploits Telegram’s API for…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Two Estonian nationals plead guilty to a $577M cryptocurrency Ponzi scheme through HashFlare, defrauding hundreds of thousands globally.…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

SOC challenges like alert fatigue, skill shortages and slow response impact cybersecurity. AI-driven solutions enhance SOC efficiency, automation…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. … Read More “South Korea Suspends DeepSeek AI Downloads Over Privacy Violations  – The Hacker News” »

Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM’s comprehensive approach is the best overall strategy for shoring up a business’s cyber defenses in the … Read More “CISO’s Expert Guide To CTEM And Why It Matters  – The Hacker News” »