AttackFeed by Joe Wagner

The danger isn’t that AI agents have bad days — it’s that they never do. They execute faithfully, even when what they’re executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn’t some dystopian fantasy—it’s Tuesday at the office now. We’ve entered a new … Read More “Identity Security: Your First and Last Line of Defense  – The Hacker News” »

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week, … Read More “Email Bombs Exploit Lax Authentication in Zendesk  – Krebs on Security” »

Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including  – Read … Read More “Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices  – The Hacker News” »

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in … Read More “Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign  – The Hacker News” »

North Korean operatives that dupe job seekers into installing malicious code on their devices have been spotted using new malware strains and techniques, resulting in the theft of credentials or cryptocurrency and ransomware deployment, according to researchers from Cisco Talos and Google Threat Intelligence Group. Cisco Talos said it observed an attack linked to Famous … Read More “North Korean operatives spotted using evasive techniques to steal data and cryptocurrency  – CyberScoop” »

A misconfigured server belonging to Indian company NetcoreCloud exposed 40 billion records and 13.4TB of data, revealing sensitive…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv. “This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the … Read More “LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets  – The Hacker News” »

A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS systems. “UNC5142 is characterized by its use of compromised WordPress websites and ‘EtherHiding,’ a technique … Read More “Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites  – The Hacker News” »

A threat actor with ties to the Democratic People’s Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hacking group has embraced the method. The activity has been attributed by Google Threat Intelligence Group (GTIG) to a threat … Read More “North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts  – The Hacker News” »

If you just want to read the rules, click here.  Now entering its third year, Pwn2Own Automotive returns to Automotive World in Tokyo on January 21 – 23, 2026. Over the last two years, we’ve awarded more than $2,000,000 for the latest in automotive exploitations, and this year looks to be even better. As always, … Read More “Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More!  – Zero Day Initiative – Blog” »

Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the … Read More “Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in “Zero Disco’ Attacks  – The Hacker News” »

Scaling the SOC with AI – Why now?  Security Operations Centers (SOCs) are under unprecedented pressure. According to SACR’s AI-SOC Market Landscape 2025, the average organization now faces around 960 alerts per day, while large enterprises manage more than 3,000 alerts daily from an average of 28 different tools. Nearly 40% of those alerts go … Read More “Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform  – The Hacker News” »

The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake ‘payment lures’ and urgent security alerts to trick victims into calling a fraudulent support number.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & … Read More “New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto” »

Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior results.  The benefits of pen testing are clear. By empowering “white hat” hackers to attempt to breach your system using … Read More “Beware the Hidden Costs of Pen Testing  – The Hacker News” »

Every day, billions of people place their trust in websites they know little about. Behind each one is a hosting provider, but not all of them play by the same rules.  Traditionally, privacy policies let web visitors understand how their data would be handled, and SSL (Secure Sockets Layer) certificates ensured their connection was encrypted. … Read More “Why the web-hosting industry needs a trust seal  – CyberScoop” »

The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive. Hackers don’t always break systems anymore — they use them. They … Read More “ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution.  – Read More  … Read More “CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack  – The Hacker News” »

In my 15 years as a software engineer, I’ve seen one truth hold constant: traditional databases are brilliant…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Massachusetts man who previously pleaded guilty to a cyberattack on PowerSchool, exposing data on tens of millions of students and teachers, was sentenced to four years in prison Tuesday — half the amount federal prosecutors sought in sentencing recommendations submitted to the court. Matthew Lane, 20, stole data from PowerSchool belonging to nearly 70 … Read More “PowerSchool hacker sentenced to 4 years in prison  – CyberScoop” »

Federal cyber authorities issued an emergency directive Wednesday requiring federal agencies to identify and apply security updates to F5 devices after the cybersecurity vendor said a nation-state attacker had long-term, persistent access to its systems. The order, which mandates federal civilian executive branch agencies take action by Oct. 22, marked the second emergency directive issued … Read More “CISA warns of imminent risk posed by thousands of F5 products in federal agencies  – CyberScoop” »

October’s Microsoft Patch Tuesday fixes 170+ flaws, including 3 actively exploited zero-days and critical WSUS RCE (CVSS 9.8). Immediate patching is mandatory. Final free updates for Windows 10.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

F5 has confirmed it was the victim of a state-sponsored cyberattack that allowed hackers to access its internal…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast Asia and South America. The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it … Read More “Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months  – The Hacker News” »

New York, United States, 15th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a “highly sophisticated nation-state threat actor,” adding the adversary maintained long-term, persistent access to its network. The  … Read More “F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion  – The Hacker News” »

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. “A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious … Read More “Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks  – The Hacker News” »

F5, a company that specializes in application security and delivery technology, disclosed Wednesday that it had been the target of what it’s calling a “highly sophisticated” cyberattack, which it attributes to a nation-state actor. The announcement follows authorization from the U.S. Department of Justice, which allowed F5 to delay public disclosure of the breach under … Read More “F5 disclosures breach tied to nation-state threat actor  – CyberScoop” »

Cybersecurity firm Sublime Security details a new credential phishing scam impersonating Google Careers to steal login details from Google Workspace and Microsoft 365 users.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

New York, USA, New York, 15th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

An Elasticsearch leak exposed 6 billion records from global data breaches and scraping sources, including banking and personal details tied to multiple regions.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

New York, USA, New York, 15th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong  … Read More “How Attackers Bypass Synced Passkeys  – The Hacker News” »