AttackFeed by Joe Wagner

Luxembourg, Luxembourg, 24th March 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below – CVE-2026-3055 (CVSS score: 9.3) – Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) – Race condition … Read More “Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks  – The Hacker News” »

A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware … Read More “U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage  – The Hacker News” »

CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Playnance launches social gaming protocol powered by GCOIN, enabling user participation in ecosystem value, transparency, and shared digital growth.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

SAN FRANCISCO — The Trump administration’s two-week old cyber strategy that aims to promote more proactive, offensive actions while bolstering federal networks and critical infrastructure, is a significant shift that’s already materializing in meaningful ways, a group of experts said Monday at the RSAC 2026 Conference.  Despite the federal government’s absence from the industry’s largest … Read More “Experts insist Trump administration’s cyber strategy is already paying off  – CyberScoop” »

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code “tasks.json” to distribute malware is a relatively new tactic adopted by the threat actor since … Read More “North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware  – The Hacker News” »

A California county sheriff and Republican contender for the state’s gubernatorial race has seized 650,000 physical ballots from Riverside County, saying they were part of an investigation into election fraud tied to redistricting wars. State officials and election security experts say that the underlying allegations are spurious and local law enforcement do not have the … Read More “State officials, election experts question California sheriff’s seizure of ballots  – CyberScoop” »

Iranian government-connected groups are deploying malware via the Telegram messaging app, taking aim at dissidents and other opponents of Tehran around the world, the FBI said in an alert Friday. The FBI said attackers linked to the Ministry of Intelligence and Security are behind the campaign, which stretches back to 2023. The bureau is escalating … Read More “FBI: Iranian hackers targeting opponents with Telegram malware  – CyberScoop” »

New research from LevelBlue reveals how a suspected North Korean operative landed a remote IT role to fund national weapons programmes.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A phishing campaign tied to AI cloud-hosting service Railway has given hackers access to the Microsoft cloud accounts for hundreds of businesses, according to researchers at Huntress. Rich Mozeleski, product manager for Huntress’ identity team, told CyberScoop the campaign is currently tied to a smaller actor and approximately a dozen IP addresses, but has managed … Read More “An AI-powered phishing campaign has compromised hundreds of organizations  – CyberScoop” »

Voice-based phishing, a form of social engineering where attackers call employees or IT help desks under false pretenses in an attempt to gain access to victim networks, surged in 2025, Mandiant said Monday in its annual M-Trends report.  These points of intrusion, which have been a hallmark of attacks attributed to members of the cybercrime … Read More “The phone call is the new phishing email  – CyberScoop” »

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this … Read More “‘CanisterWorm’ Springs Wiper Attack Targeting Iran  – Krebs on Security” »

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real … Read More “⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More  – The Hacker News” »

AWS Bedrock is Amazon’s platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI agent can query your Salesforce instance, trigger … Read More “We Found Eight Attack Vectors Inside AWS Bedrock. Here’s What Attackers Can Do with Them  – The Hacker News” »

Police shut down 373K dark web sites in a one-man CSAM and cybercrime network run by a 35-year-old man in China, with global probe ongoing.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Weather-powered design tools need more than an API key. Learn how authentication, access control, and server-side calls keep…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Global crackdown dismantles Aisuru, KimWolf, JackSkid and Mossad botnets behind major DDoS attack campaigns targeting millions of devices worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive … Read More “Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware  – The Hacker News” »

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. “New image tags … Read More “Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper  – The Hacker News” »

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that’s consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. … Read More “Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems  – The Hacker News” »

Labor under pressure over fuel crisis as federal parliament returns. Follow updates live Get our breaking news email, free app or daily news podcast Should Australians work from home to save fuel? James Glenday then asks Tim Ayres whether he thinks Australians should consider working from home to conserve fuel. Countries like Sri Lanka have … Read More “Politics live: new standards for datacentres being built in Australia; report warns of drone threat  – Data and computer security | The Guardian” »

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. “The campaign  – Read More  – … Read More “FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks  – The Hacker News” »

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. “This vulnerability is remotely exploitable without authentication,” Oracle said in an … Read More “Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under exploitation are listed below – CVE-2025-31277 (CVSS score: 8.8) – A … Read More “CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026  – The Hacker News” »

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference to the fact that the malware uses an ICP … Read More “Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages  – The Hacker News” »

LAPSUS$ claims it breached AstraZeneca, offering alleged source code, credentials, cloud configs, and employee data for sale in leaked samples.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Russian intelligence-affiliated hackers have gained access to thousands of users’ messaging apps with a global phishing campaign, the FBI and the Cybersecurity and Infrastructure Security Agency warned in a public service announcement on Friday. The high-value targets they’re pursuing include current and former U.S. government officials, political figures, military personnel and journalists, the two agencies … Read More “FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps  – CyberScoop” »

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow  – … Read More “Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets  – The Hacker News” »

Three American men were sentenced Friday for crimes they committed in furtherance of North Korea’s vast scheme to get operatives hired at U.S. companies, the Justice Department said. The trio — Audricus Phagnasay, 25, Jason Salazar, 30, and Alexander Paul Travis, 35 — pleaded guilty in November to wire fraud conspiracy for providing U.S. identities … Read More “Trio sentenced for facilitating North Korean IT worker scheme from their homes  – CyberScoop” »

Researchers and threat hunters are scrambling to contain a maximum-severity defect in Ubiquiti’s UniFi Network Application that attackers could exploit to take over user accounts by accessing and manipulating files. The path-traversal vulnerability — CVE-2026-22557 — affects software used to manage UniFi networking devices, including access points, gateways and switches. The vendor disclosed and released … Read More “Ubiquiti defect poses account takeover risk for UniFi Networking Application users  – CyberScoop” »

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. “The … Read More “Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure  – The Hacker News” »

Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive … Read More “Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks  – The Hacker News” »

WebP boosts performance raises compatibility issues, making image format conversion to PNG essential for secure, flexible, and efficient web workflows today.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Authorities seized infrastructure powering four botnets that hijacked a combined three million devices and launched more than 300,000 DDoS attacks collectively, the Justice Department said Thursday. The botnets — Aisuru, Kimwolf, JackSkid and Mossad — enabled operators to sell access to the infected devices for various cybercrimes. The aftermath spanned thousands of attacks, including some … Read More “Justice Department disrupts botnet networks that hijacked 3 million devices  – CyberScoop” »

Cybersecurity researchers at Sublime Security have discovered a new scam that uses realistic, interactive JavaScript-based Zoom meeting invites to trick users into installing malware.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence … Read More “Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover  – The Hacker News” »