Tag: attack
-
Zero-Click Agentic AI Attack Bypasses Human Oversight
Taxonomy of Failure Modes in Agentic AI Systems v2.0 published in April 2026, the field received more than a classification update: it got operational guidance grounded in a year of real-world red teaming that exposed how quickly agentic AI systems transform classical threat surfaces into new, high-impact attack vectors. The headline finding from those engagements…
-
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-cisco-sd-wan-flaw-exploited-in-zero-day-attacks-to-gain-root/
-
Malicious Python Package Mimics Parsimonious Parser
A sophisticated typosquatting attack targeting Python developers through a malicious package named >>parsimonius<< on the Python Package Index (PyPI). The rogue package was engineered to impersonate the legitimate parsimonious parsing library, a well-known tool for building recursive descent parsers in Python, by altering just a single character in the package name. The attack exemplifies a…
-
Dashlane Reveals How Hackers Downloaded Encrypted Password Vaults
Dashlane has disclosed the findings of a recent security investigation, confirming that a limited number of users were impacted by a targeted brute-force attack against its device registration system. The company emphasized that its internal infrastructure was not breached and that no evidence suggests a broader compromise beyond a small subset of accounts. Device Registration…
-
New GitHub Zero-Day Exposed Developer Tokens to Attackers
A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases. The post New GitHub Zero-Day Exposed Developer Tokens to Attackers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-github-dev-vscode-webview-oauth-token-vulnerability/
-
Breach Roundup: Microsoft Tries to Mend Researcher Bridges
Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested. This week, more happened than fits here: Microsoft tried to make nice with researchers, gas tank gauges under attack in the United States, fake FIFA websites are everywhere. Russia cried cyberespionage, Spanish police arrested a teenaged doxer, a Oracle Weblogic flaw was actively exploited.…
-
Hola Browser for Windows compromised to deliver cryptominer
The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hola-browser-for-windows-compromised-to-deliver-cryptominer/
-
China’s TA4922 Expands Cybercrime Attacks Globally
One of the world’s most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-ta4922-cybercrime-attacks-globally
-
Breach Roundup: Microsoft Tried to Mend Researcher Bridges
Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested. This week, more happened than fits here: Microsoft tried to make nice with researchers, gas tank gauges under attack in the United States, fake FIFA websites are everywhere. Russia cried cyberespionage, Spanish police arrested a teenaged doxer, a Oracle Weblogic flaw was actively exploited.…
-
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens…
-
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa.These efforts have been complemented by a “rapid operational tempo” and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as…
-
New IronWorm malware hits 36 packages in npm supply-chain attack
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/
-
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto…
-
Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges
Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentication to perform server-side…
-
Supply Chain Attack Hits Dozens of npm Packages via binding.gyp
A large-scale npm supply chain attack has compromised at least 57 packages across more than 286 malicious versions in a rapid, coordinated campaign that unfolded in under two hours on June 3, 2026. The attack began at approximately 23:30 UTC with the compromise of @vapi-ai/server-sdk, the official Vapi.ai voice AI SDK with over 408,000 monthly…
-
China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa.These efforts have been complemented by a “rapid operational tempo” and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as…
-
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Tags: attack, backdoor, cybercrime, cybersecurity, google, group, macOS, malicious, malware, networkCybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two…
-
IronWorm npm Attack Steals Developer Secrets
Tags: attack, credentials, crypto, cyber, data-breach, finance, malicious, software, supply-chain, wormA newly uncovered supply chain attack dubbed “IronWorm” is leveraging malicious npm packages to compromise developer environments, steal sensitive credentials, and propagate itself across repositories in a worm-like fashion. The campaign, identified in the wild, targets software developers with a particular focus on crypto and Web3 ecosystems, where exposed secrets can yield immediate financial value.…
-
Stock Exchange Executive’s Outlook Targeted in Credential Theft Attack
A prolonged and highly targeted espionage campaign has been uncovered involving the compromise of a senior executive’s Microsoft Outlook account at a major global stock exchange, highlighting the strategic value of executive-level email access in modern cyber operations. The activity, which persisted for approximately five months between October 2025 and March 2026, demonstrates a disciplined…
-
Infosecurity Europe: How Businesses Can Prepare for a Cybersecurity Crisis with Effective Plans
Cybersecurity and business leaders with experience of dealing with major incidents from within the NCSC and at JLR detail what you need to prioritize if your organization is hit by a cyber-attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosecurity-europe-cybersecurity/
-
Phishing Attacks Pivot to Infostealer Malware Over Fake Login Pages
Cybercriminal tactics are evolving as phishing campaigns increasingly shift away from fake login pages toward infostealer malware designed to quietly harvest sensitive data from infected systems. While traditional credential-harvesting pages remain in use, threat actors are now prioritizing methods that reduce user interaction and increase data collection efficiency. Infostealers are purpose-built malware families that extract…
-
Kali365 PhaaS Expands to Okta, MAX Messenger Attacks
Tags: attack, cyber, infrastructure, intelligence, microsoft, monitoring, okta, phishing, russia, service, theft, threatThe Kali365 phishing-as-a-service (PhaaS) platform has significantly expanded its operational scope, moving beyond Microsoft 365 token theft to target Okta single sign-on (SSO) environments and Russia’s rapidly growing MAX Messenger platform. New threat intelligence reveals a more mature, multi-brand phishing ecosystem with centralized infrastructure, real-time token monitoring, and geographically targeted campaigns. Previously documented for abusing…
-
New HTTP/2 Bomb attack can take down web servers in seconds
Tags: attackFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-http-2-bomb-attack-can-take-down-web-servers-in-seconds
-
MazeBolt launches AI module to simulate novel DDoS attack vectors
First seen on scworld.com Jump to article: www.scworld.com/brief/mazebolt-launches-ai-module-to-simulate-novel-ddos-attack-vectors
-
New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute
A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-http-2-bomb-dos-attack-crashes-web-servers-in-under-a-minute/
-
Instagram is alerting users who were targeted by hackers during AI chatbot attacks
Hackers appeared to take over victims’ accounts even after Meta said it fixed its AI-powered support chatbot, which granted hackers access to victims’ accounts. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/03/instagram-is-alerting-users-who-were-targeted-by-hackers-during-ai-chatbot-attacks/
-
CISA warns of active attacks exploiting Android, Linux bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-active-attacks-exploiting-android-linux-bugs/
-
Subpostmaster federation hit by ransomware attack
National Federation of Subpostmasters suffered a ransomware attack in April after hackers exploited a bug in the web hosting software it uses First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643958/Subpostmaster-federation-hit-by-ransomware-attack
-
What 345 Days of Untested Exposure Looks Like at a Bank
A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/what-345-days-of-untested-exposure-looks-like-at-a-bank/