Tag: attack
-
IronWorm npm Attack Steals Developer Secrets
Tags: attack, credentials, crypto, cyber, data-breach, finance, malicious, software, supply-chain, wormA newly uncovered supply chain attack dubbed “IronWorm” is leveraging malicious npm packages to compromise developer environments, steal sensitive credentials, and propagate itself across repositories in a worm-like fashion. The campaign, identified in the wild, targets software developers with a particular focus on crypto and Web3 ecosystems, where exposed secrets can yield immediate financial value.…
-
Stock Exchange Executive’s Outlook Targeted in Credential Theft Attack
A prolonged and highly targeted espionage campaign has been uncovered involving the compromise of a senior executive’s Microsoft Outlook account at a major global stock exchange, highlighting the strategic value of executive-level email access in modern cyber operations. The activity, which persisted for approximately five months between October 2025 and March 2026, demonstrates a disciplined…
-
Infosecurity Europe: How Businesses Can Prepare for a Cybersecurity Crisis with Effective Plans
Cybersecurity and business leaders with experience of dealing with major incidents from within the NCSC and at JLR detail what you need to prioritize if your organization is hit by a cyber-attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosecurity-europe-cybersecurity/
-
Phishing Attacks Pivot to Infostealer Malware Over Fake Login Pages
Cybercriminal tactics are evolving as phishing campaigns increasingly shift away from fake login pages toward infostealer malware designed to quietly harvest sensitive data from infected systems. While traditional credential-harvesting pages remain in use, threat actors are now prioritizing methods that reduce user interaction and increase data collection efficiency. Infostealers are purpose-built malware families that extract…
-
Kali365 PhaaS Expands to Okta, MAX Messenger Attacks
Tags: attack, cyber, infrastructure, intelligence, microsoft, monitoring, okta, phishing, russia, service, theft, threatThe Kali365 phishing-as-a-service (PhaaS) platform has significantly expanded its operational scope, moving beyond Microsoft 365 token theft to target Okta single sign-on (SSO) environments and Russia’s rapidly growing MAX Messenger platform. New threat intelligence reveals a more mature, multi-brand phishing ecosystem with centralized infrastructure, real-time token monitoring, and geographically targeted campaigns. Previously documented for abusing…
-
New HTTP/2 Bomb attack can take down web servers in seconds
Tags: attackFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-http-2-bomb-attack-can-take-down-web-servers-in-seconds
-
MazeBolt launches AI module to simulate novel DDoS attack vectors
First seen on scworld.com Jump to article: www.scworld.com/brief/mazebolt-launches-ai-module-to-simulate-novel-ddos-attack-vectors
-
New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute
A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-http-2-bomb-dos-attack-crashes-web-servers-in-under-a-minute/
-
Instagram is alerting users who were targeted by hackers during AI chatbot attacks
Hackers appeared to take over victims’ accounts even after Meta said it fixed its AI-powered support chatbot, which granted hackers access to victims’ accounts. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/03/instagram-is-alerting-users-who-were-targeted-by-hackers-during-ai-chatbot-attacks/
-
CISA warns of active attacks exploiting Android, Linux bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-active-attacks-exploiting-android-linux-bugs/
-
Subpostmaster federation hit by ransomware attack
National Federation of Subpostmasters suffered a ransomware attack in April after hackers exploited a bug in the web hosting software it uses First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643958/Subpostmaster-federation-hit-by-ransomware-attack
-
What 345 Days of Untested Exposure Looks Like at a Bank
A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/what-345-days-of-untested-exposure-looks-like-at-a-bank/
-
WordPress Plugin Flaw Opens Door to Privilege Escalation Attacks Across 500,000+ Sites
A critical security flaw in the Kirki Freeform Page Builder, Website Builder & Customizer WordPress plugin is exposing sites to account takeover and privilege escalation attacks, with roughly 150,000 estimated to be running vulnerable versions introduced in the 6.0 release. Tracked as CVE-2026-8206 and rated 9.8 (Critical), the bug affects Kirki versions 6.0.0 through […]…
-
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token.”Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said.GitHub supports…
-
Critical Apache ActiveMQ Vulnerability Exposes Systems to Security Header Injection Attacks
Apache ActiveMQ users are being urged to apply immediate patches following the disclosure of a critical vulnerability, CVE-2026-42253, that enables HTTP response header injection via improperly handled JMS message properties. The flaw affects both Apache ActiveMQ and ActiveMQ Web components. It has been rated with “important” severity by the Apache Software Foundation. CVE-2026-42253: HTTP Response…
-
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications
Tags: attack, cloud, communications, control, cyber, espionage, government, network, service, threatA newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels that are difficult for defenders to detect. The campaign primarily targets government networks in Southeast Asia and represents a growing shift toward cloud-native attack infrastructure. This misconfiguration enables threat actors to…
-
HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy, and Cloudflare Pingora
A newly disclosed “HTTP/2 Bomb” attack is raising serious concerns across the web infrastructure ecosystem, enabling remote denial-of-service (DoS) conditions against widely deployed servers including nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. Overview of the HTTP/2 Bomb Attack Security researcher Quang Luong, working with the Codex team, uncovered a novel exploitation technique that…
-
Fake Purchase Orders Spread JS.MonoGlyphRAT in U.S. Enterprise Attacks
Hackers are using highly convincing fake purchase orders and sales documents to sneak a new JavaScript backdoor, JS.MonoGlyphRAT, into US enterprises, where it quietly establishes persistence and enables full remote control of infected systems. The malware arrives as a .js attachment masquerading as a purchase order, quotation, or business proposal, and it encourages staff in…
-
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems.The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820 First…
-
Why supply chain attacks work and what detection can actually do about it
First seen on scworld.com Jump to article: www.scworld.com/perspective/why-supply-chain-attacks-work-and-what-detection-can-actually-do-about-it
-
Dashlane accounts suspended amid brute-force attack
Tags: attackFirst seen on scworld.com Jump to article: www.scworld.com/brief/dashlane-accounts-suspended-amid-brute-force-attack
-
Dashlane accounts suspended amid brute-force attack
Tags: attackFirst seen on scworld.com Jump to article: www.scworld.com/brief/dashlane-accounts-suspended-amid-brute-force-attack
-
Crypto whales and executives face rising physical attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/crypto-whales-and-executives-face-rising-physical-attacks
-
Claude Code GitHub Actions Flaw Created Supply Chain Attack Risk
Claude Code GitHub Actions flaws could enable repository compromise, credential theft, and supply chain attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/claude-code-github-actions-flaw-created-supply-chain-attack-risk/
-
DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/drivesurge-hijacks-thousands-sites-clickfix-fakeupdate-attacks
-
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
-
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
-
Dozens of Red Hat npm packages targeted in supply chain attack
Researchers said a variant of the Mini Shai-Hulud is involved in the compromise. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/dozens-red-hat-npm-packages-supply-chain-attack/821723/
-
OT attacks shift from recon to physical control, raising stakes
Malicious hackers are no longer just snooping around OT systems, researchers warn. They’re preparing to cause real-world damage. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366643451/OT-attacks-shift-from-recon-to-physical-control-raising-stakes