Tag: attack
-
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign
Researchers said the group stole up to $12 million in cryptocurrency in the first three months of 2026 through malware attacks on personal devices. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users
-
Why AI-Driven Arms Race Needs Better Threat Intelligence
TrendAI’s Tom Kellermann on Defending Against Agentic Attacks, APT Collaboration. AI-driven threats now operate with speed, scale and persistence. Defenders need expanded telemetry, a global research team and an advanced XDR platform to predict and suppress adversaries defenders, said Tom Kellermann, vice president of AI security and threat intelligence at TrendAI. First seen on govinfosecurity.com…
-
Supply Chain Attacks Are Getting Worse”, How to Shrink Your Exposure
<div cla In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security. Attackers compromised the Aqua Security repository, force-pushed malicious binaries, and poisoned 75 of 76 version tags in the process. Any pipeline that pulled trivy:latest…
-
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Tags: access, ai, api, attack, authentication, breach, control, credentials, cve, data, framework, hacker, infrastructure, injection, LLM, remote-code-execution, risk, saas, siem, supply-chain, threat, update, vulnerabilityLast week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access…
-
Kyber ransomware gang toys with post-quantum encryption on Windows
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows/
-
Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector
Hackers deployed a previously unknown wiper malware against Venezuela’s energy and utilities sector in an attack that appears to have been designed to destroy systems. First seen on therecord.media Jump to article: therecord.media/hackers-venezuela-wiper-malware-oil
-
DDoS wave continues as Mastodon hit after Bluesky incident
Mastodon suffered a major DDoS attack shortly after a similar incident hit Bluesky. The outage was significant but resolved within a few hours. Mastodon was hit by a major DDoS attack just days after a similar disruption affected Bluesky. Mastodon is a free and open-source software platform for decentralized social networking with microblogging features similar…
-
New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert
An Apple account notification has been exploited in a new email phishing attack that comes with a fake iPhone purchase claim. The post New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-phishing-scam-fake-899-iphone-purchase-alert/
-
MacOS Native Tools Enable Stealthy Enterprise Attacks
macOS LOTL techniques bypass detection using native tools and metadata abuse First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/macos-lotl-techniques-enterprise/
-
News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category
NEW YORK, Apr. 21, 2026, CyberNewswire”, BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition marks the first time “¦ (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/news-alert-breachlocks-integrated-attack-validation-platform-debuts-in-gartner-aev-category/
-
News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category
NEW YORK, Apr. 21, 2026, CyberNewswire”, BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition marks the first time “¦ (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/news-alert-breachlocks-integrated-attack-validation-platform-debuts-in-gartner-aev-category/
-
News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category
NEW YORK, Apr. 21, 2026, CyberNewswire”, BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition marks the first time “¦ (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/news-alert-breachlocks-integrated-attack-validation-platform-debuts-in-gartner-aev-category/
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks
The UK’s cybersecurity agency said the devices will be available for purchase by organizations around the world First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-silentglass-a-plugin-stop/
-
UK government says 100 countries have spyware that can hack people’s phones
The U.K.’s cybersecurity chief warned that U.K. businesses and critical infrastructure are underestimating the threat from spyware attacks and other cyberthreats, with more governments having access to the powerful surveillance technology than ever. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/22/uk-government-says-100-countries-have-spyware-that-can-hack-peoples-phones/
-
Teams increasingly abused in helpdesk impersonation attacks
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/
-
Teams increasingly abused in helpdesk impersonation attacks
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/
-
Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor
Acronis reveals Mustang Panda is using a new LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works. First seen on hackread.com Jump to article: hackread.com/mustang-panda-india-s-korea-lotuslite-backdoor/
-
Surge in Silent Subject Phishing Attacks Targets VIP Users
Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/silent-subject-phishing-campaigns/
-
UK cyber agency handling four major incidents a week as nation-state attacks surge
Britain’s cybersecurity chief warned Tuesday that the country is handling four nationally significant cyber incidents every week, with the majority now traced back to hostile foreign governments rather than criminal hackers. First seen on therecord.media Jump to article: therecord.media/UK-cyberattacks-ncsc-china
-
Bluesky Back Online After DDoS Attack, as Iran-Linked 313 Team Takes Credit
Bluesky is back online after a roughly 24-hour DDoS attack disrupted services, with the Iran-linked 313 Team claiming responsibility and no data breach reported. First seen on hackread.com Jump to article: hackread.com/bluesky-online-ddos-attack-iran-313-team/
-
New npm supply-chain attack self-spreads to steal auth tokens
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/
-
NFC tappay gets tapped by hackers
AI was likely used: ESET researchers also spotted something unusual in the malware’s internals. Some traces suggested generative AI may have played a role in its development.Specifically, the injected malicious code contains emoji markers in debug logs, something more commonly associated with AI-generated output than human-written malware. The researchers noted that this isn’t definitive proof…
-
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky.”Two batch scripts…
-
Lotus Wiper Hits Energy Sector in Destructive Cyberattack
Hackers have deployed a new destructive malware, dubbed Lotus Wiper , in a targeted cyberattack against energy and utilities organizations in Venezuela, aiming not to extort money but to destroy data and disrupt operations permanently. Artifacts from the Lotus Wiper attack chain were uploaded to a public malware-sharing resource in mid-December 2025 from a machine in Venezuela,…
-
Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks
A critical vulnerability, tracked as CVE-2026-22752, has been disclosed in Spring Security Authorization Server, affecting organizations running Dynamic Client Registration endpoints. The flaw allows attackers to inject malicious client metadata, potentially leading to Stored Cross-Site Scripting (XSS), Privilege Escalation, and Server-Side Request Forgery (SSRF) attacks. The vulnerability was responsibly reported by security researcher Kelvin Mbogo and officially disclosed…
-
Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks
Atlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as CVE-2026-21571, was published as part of Atlassian’s April 21, 2026, Security Bulletin, the company’s monthly disclosure of patched vulnerabilities across…
-
Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks
Atlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as CVE-2026-21571, was published as part of Atlassian’s April 21, 2026, Security Bulletin, the company’s monthly disclosure of patched vulnerabilities across…