AttackFeed by Joe Wagner

A bipartisan pair of senators is taking another shot at legislation that would require federal government contractors to follow National Institute of Standards and Technology guidelines on vulnerability disclosure policies. The Federal Contractor Cybersecurity Vulnerability Reduction Act from Sens. Mark Warner, D-Va., and James Lankford, R-Okla., advanced out of the chamber’s Homeland Security and Governmental … Read More “Senators take another swing at vulnerability disclosure policy bill for federal contractors  – CyberScoop” »

The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. “The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk,” Expel said in a report shared with The Hacker News. “This removes … Read More “Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique  – The Hacker News” »

Operation Endgame takes down DanaBot malware network; 300 servers neutralized, €21.2M in crypto seized, 16 charged, 20 international warrants.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Arrest warrants issued for ringleaders after investigation by police in Europe and North America European and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police. International arrest warrants have been issued for … Read More “Russian-led cybercrime network dismantled in global operation  – Data and computer security | The Guardian” »

Law enforcement agencies from Europe and North America have dismantled key infrastructure behind several leading malware strains used in ransomware attacks, the latest action in a yearslong effort to combat cybercriminals.  The operation, conducted as part of Operation Endgame, targeted the early stages of the cybercrime chain, focusing on initial access malware. The coordinated effort … Read More “Large-scale sting tied to Operation Endgame disrupts ransomware infrastructure  – CyberScoop” »

Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network. The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them … Read More “ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices  – The Hacker News” »

A Chrome zero-day bug, CVE-2025-4664, exposes login tokens on Windows and Linux. Google has issued a fix, users should update immediately.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

As part of the latest “season” of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets. Operation Endgame, first launched in May 2024, is an ongoing law enforcement operation targeting services and infrastructures assisting in or directly providing initial … Read More “300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide  – The Hacker News” »

Cybercriminals are getting smarter. Not by developing new types of malware or exploiting zero-day vulnerabilities, but by simply pretending to be helpful IT support desk workers. Find out how they do it in my article on the Tripwire State of Security blog.  – Read More  – Graham Cluley 

From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base. This walkthrough covers what SafeLine is, how … Read More “SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection  – The Hacker News” »

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more … Read More “U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation  – The Hacker News” »

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users … Read More “GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. “Threat actors may have accessed client secrets for Commvault’s (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure,” the agency said. “This  – Read More  – … Read More “CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs  – The Hacker News” »

Coca-Cola and its bottling partner CCEP targeted in separate cyber incidents, with the Everest ransomware gang and the Gehenna hacking group claiming data breaches involving sensitive employee and CRM data.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A global collection of private defenders and law enforcement agencies notched another win against a core facilitator for cybercrime, initiating coordinated seizures and takedowns of DanaBot’s command and control servers, disrupting the malware-as-a-service’s operations, the Justice Department said Thursday.  Federal officials also unsealed a grand jury indictment and criminal complaint charging 16 individuals for their … Read More “DanaBot malware operation seized in global takedown  – CyberScoop” »

Federal Communications Commission Chair Brendan Carr told Congress the agency is looking to expand the use of call authentication protocols that help crack down on robocalling more broadly, while floating the possibility that he may ask for enhanced authorities to take bad actors to court for AI-generated deepfakes over telephone and broadcast networks. While testifying … Read More “FCC looking to expand anti-robocalling initiative   – CyberScoop” »

Global crackdown: Operation RapTor leads to 270 arrests, millions seized as law enforcement targets dark web drug, weapon, and crypto vendors.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud server containing a massive 184 million login credentials, likely collected…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. “UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access,” Cisco Talos researchers  – Read More  – … Read More “Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks  – The Hacker News” »

Ever tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A bipartisan Senate duo is reintroducing legislation Thursday that would establish an executive branch panel to align conflicting cybersecurity regulations on the private sector. Michigan Sen. Gary Peters, the top Democrat on the Homeland Security and Governmental Affairs Committee, is bringing back the Streamlining Federal Cybersecurity Regulations Act with co-sponsor James Lankford, R-Okla. “By reducing … Read More “Senators revive bill to harmonize conflicting cybersecurity regulations  – CyberScoop” »

A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). “The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai security researcher … Read More “Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise  – The Hacker News” »

A 19-year-old college student faces charges after pleading guilty to cyber extortion targeting PowerSchool, exposing data of 60…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances. It’s worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues  – Read More  – … Read More “Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host  – The Hacker News” »

It’s not enough to be secure. In today’s legal climate, you need to prove it. Whether you’re protecting a small company or managing compliance across a global enterprise, one thing is clear: cybersecurity can no longer be left to guesswork, vague frameworks, or best-effort intentions. Regulators and courts are now holding organizations accountable for how … Read More “Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program  – The Hacker News” »

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute … Read More “Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks  – The Hacker News” »

Crypto fraud meets cuddly toys! US authorities have charged a group accused of stealing $263 million in cryptocurrency – and then laundering the cash by stuffing it into Squishmallows. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people—not systems—to function. In fact, fewer than 4% of security teams have fully automated their core … Read More “Identity Security Has an Automation Problem—And It’s Bigger Than You Think  – The Hacker News” »

A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma (aka LummaC or LummaC2), seizing 2,300 domains that acted as the command-and-control (C2) backbone to commandeer infected Windows systems. “Malware like LummaC2 is deployed to … Read More “FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections  – The Hacker News” »

Cary, North Carolina, 22nd May 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto