AttackFeed by Joe Wagner

Sean Plankey, most recently the nominee for director of the Cybersecurity and Infrastructure Security Agency, is joining defense technology company UFORCE as its U.S. chief executive officer. The London-based company created out of nine Ukrainian-based firms announced Plankey’s move Monday less than a month after he withdrew his nomination amid difficulties overcoming objections from senators … Read More “Former CISA nominee Sean Plankey named US CEO of defense startup  – CyberScoop” »

Digital assets are reshaping global finance as institutions adopt regulated crypto infrastructure, stablecoins, and tokenized assets.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the  … Read More “NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE  – The Hacker News” »

Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana … Read More “Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt  – The Hacker News” »

Businesses are advised against paying – but many are prepared to deal to protect users’ privacy After a week of outages, hundreds of millions of students’ data stolen, delayed assignment due dates and school login pages being defaced by hackers, the US tech firm Instructure – which operates the education platform Canvas, used by education … Read More “Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?  – Data and computer security | The Guardian” »

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. … Read More “Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming  – The Hacker News” »

Critical Claw Chain vulnerabilities in OpenClaw expose thousands of AI servers to data theft, backdoors, and admin-level attacks globally this week. .  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Explore AI voice cloning technology, leading companies, real-world uses, ethical risks, and future trends shaping synthetic voices.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Welcome to the third and final day of Pwn2Own Berlin 2026! Over the past two days, some amazing research has been put on display, and today looks just as intense. So far, we have awarded $908,750 for 39 unique zero days. With SharePoint and ESXi as targets today, the chances are excellent for crossing the … Read More “Pwn2Own Berlin 2026: Day Three Results and Master of Pwn  – Zero Day Initiative – Blog” »

Colorado Governor Jared Polis has commuted the prison sentence of Tina Peters, the former Mesa County election clerk who was sentenced last year to serve nine years in state prison for carrying out one of the most serious election-related data breaches in U.S. history. Peters was arrested in 2021, accused of abusing her position as … Read More “Colorado governor commutes prison sentence for election denier Tina Peters   – CyberScoop” »

AI agents are reshaping cybersecurity. Learn why verification, trusted identity standards, and runtime controls are now essential.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Federal Trade Commission is set to begin enforcing a key provision of the Take Down Act on May 19, requiring websites and online services to remove nonconsensual deepfake media within 48 hours after a victim’s notice—or risk fines and FTC investigation. The law, passed by Congress last year, allowed law enforcement to immediately prosecute … Read More “Here’s how the FTC plans to enforce the Take It Down Act  – CyberScoop” »

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia’s Federal Security Service (FSB)  – … Read More “Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access  – The Hacker News” »

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below –  … Read More “Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence  – The Hacker News” »

Attackers returned once again to a common target with a massive user base by exploiting a max-severity zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. The threat group behind the “limited” number of attacks Cisco is aware of thus far are also linked to a series of previously disclosed vulnerabilities in the vendor’s firewalls … Read More “Cisco zero-day under ongoing attack by persistent threat group  – CyberScoop” »

Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. “Upon identification of the malicious activity, we worked quickly to investigate, contain, … Read More “TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates  – The Hacker News” »

In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred … Read More “What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface  – The Hacker News” »

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. “Upon identification of the malicious activity, we worked quickly to investigate, contain, … Read More “TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates  – The Hacker News” »

Three-storey GreenSquare datacentre in Hazelmere was to power cloud computing and the acceleration of AI Get our breaking news email, free app or daily news podcast A 15,000 sq metre datacentre near Perth will no longer go ahead after the developer withdrew plans amid community opposition over its impact on culturally significant sites. The three-storey, … Read More “Developer withdraws plans for Perth datacentre after fierce community opposition  – Data and computer security | The Guardian” »

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting … Read More “On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email  – The Hacker News” »

Day Two of Pwn2Own Berlin 2026 is underway and the stakes continue to rise! Security researchers are back on the Pwn2Own stage, pushing enterprise systems to their limits as the competition heats up. More exploits, more surprises, and more standout moments are unfolding follow along here for live updates as the race for Master of … Read More “Pwn2Own Berlin 2026 – Day Two Results  – Zero Day Initiative – Blog” »

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It’s  – Read More  … Read More “CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits  – The Hacker News” »

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI … Read More “White House cyber official: identity security matters more than ever in the age of AI  – CyberScoop” »

Advanced artificial intelligence models will “fundamentally change warfare as we know it,” a top cyber official at the Defense Department said Thursday, saying it represents “not evolutionary warfare, but revolutionary warfare.” Paul Lyons, principal deputy assistant secretary for cyber policy, said the development of frontier AI models like Mythos amounted to a “watershed moment,” speaking … Read More “Pentagon cyber official calls advanced AI ‘revolutionary warfare’  – CyberScoop” »

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI … Read More “White House cyber official: identity security matters more than ever in the age of AI  – CyberScoop” »

Lesson one for aspiring dark web kingpins: don’t have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Cybersecurity researchers are sounding the alarm about what has been described as “malicious activity” in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious – [email protected] [email protected] [email protected] “Early analysis indicates that [email protected], [email protected], and [email protected]  – Read More  – The Hacker … Read More “Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets  – The Hacker News” »

Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. “A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly  … Read More “Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access  – The Hacker News” »