Tag: attack
-
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks.The disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the investigation since…
-
5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours
SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft. First seen on hackread.com Jump to article: hackread.com/github-repositories-megalodon-supply-chain-attack/
-
Trend Micro warns of Apex One zero-day exploited in the wild
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks/
-
Drupal: Critical SQL injection flaw now targeted in attacks
Drupal is warning that hackers are attempting to exploit a “highly critical” SQL injection vulnerability announced earlier this week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/drupal-critical-sql-injection-flaw-now-targeted-in-attacks/
-
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window.”Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI First seen on thehackernews.com Jump to…
-
The Cyber Express Weekly Roundup: Supply Chain Breaches, AI Content Enforcement, And Event Disruption Attacks
The global cybersecurity landscape continues to evolve rapidly as attackers expand their focus on developer ecosystems, public-facing institutions, and anonymization infrastructure. At the same time, regulators and law enforcement agencies are stepping up enforcement efforts around AI misuse and cybercrime-enabling services. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-cybersecurity-supply-chain/
-
The Cyber Express Weekly Roundup: Supply Chain Breaches, AI Content Enforcement, And Event Disruption Attacks
The global cybersecurity landscape continues to evolve rapidly as attackers expand their focus on developer ecosystems, public-facing institutions, and anonymization infrastructure. At the same time, regulators and law enforcement agencies are stepping up enforcement efforts around AI misuse and cybercrime-enabling services. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-cybersecurity-supply-chain/
-
The Cyber Express Weekly Roundup: Supply Chain Breaches, AI Content Enforcement, And Event Disruption Attacks
The global cybersecurity landscape continues to evolve rapidly as attackers expand their focus on developer ecosystems, public-facing institutions, and anonymization infrastructure. At the same time, regulators and law enforcement agencies are stepping up enforcement efforts around AI misuse and cybercrime-enabling services. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-cybersecurity-supply-chain/
-
Suspected KimWolf botnet admin arrested over DDoShire operation
U.S. and Canadian authorities arrested and charged a Canadian man accused of operating the KimWolf DDoS botnet, a service linked to attacks that infected more than one million … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/22/kimwolf-ddos-botnet-administrator-arrested/
-
Popular npm Package “art-template” Backdoored in Watering-Hole Attack
Hackers compromised the popular art-template npm package to inject a stealthy backdoor that redirected users’ browsers to a malicious watering”‘hole site delivering a Coruna”‘class iOS exploit framework. The campaign turned a widely used JavaScript templating library into a delivery vehicle for advanced Safari exploits targeting iPhones running iOS 11 through 17.2. The art-template package is…
-
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoSHire Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be…
-
Splunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data Exposure
Splunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt Splunk Enterprise deployments through denial-of-service (DoS) conditions. The patches address issues in both Splunk Enterprise and the Splunk Cloud Platform, as well as the Splunk AI Toolkit app. The flaws include improper access…
-
CISA Warns Trend Micro Apex One Vulnerability Is Being Exploited in Attacks
CISA has added a newly disclosed vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively being exploited in real-world attacks. The issue, tracked as CVE-2026-34926, affects on-premise deployments of Trend Micro Apex One and poses a significant risk to enterprise environments. Micro Apex One Vulnerability…
-
Hackers Abuse Hugging Face to Deliver npm Malware
A newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging, data exfiltration, and remote system control. The package was distributed through three dependent libraries pretty-logger-utils, ts-logger-pack, and pinno-loggers which automatically…
-
Mini Shai-Hulud Attack Prompts npm to Revoke 2FA-Bypass Tokens
npm has forced a platform-wide reset of granular access tokens that bypass two-factor authentication (2FA) after a wave of supply chain attacks linked to the “Mini Shai-Hulud” campaign compromised hundreds of JavaScript packages. The emergency action, rolled out on May 19, invalidated all npm tokens with write permissions that allowed publishing without 2FA. The move…
-
Authorities Take Down “First VPN” Service Used in Ransomware Attacks
Authorities in Europe have dismantled a major criminal VPN service known as “First VPN,” which was widely used by ransomware operators and cybercriminal groups to conceal their activities. The coordinated operation, led by French and Dutch authorities with support from Eurojust and Europol, marks a significant disruption to cybercrime infrastructure across multiple countries. Criminal VPN…
-
New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most
Verizon’s 2026 DBIR shows vulnerability exploitation, AI-enabled attacks, third-party risk, and ransomware are reshaping cyber threats. The post New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-verizon-dbir-vulnerability-exploitation-2026/
-
CISA chief frets about open-source vulnerabilities, delayed security improvements
Acting director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements/
-
7 Best Attack Surface Management Software in 2026
Efficiently manage your attack surface in 2026 with industry-leading tools. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/attack-surface-management-tools/
-
7 Best Attack Surface Management Software in 2026
Efficiently manage your attack surface in 2026 with industry-leading tools. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/attack-surface-management-tools/
-
7 Best Attack Surface Management Software in 2026
Efficiently manage your attack surface in 2026 with industry-leading tools. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/attack-surface-management-tools/
-
Grafana Labs links GitHub environment breach to TanStack npm supply chain attack
The company behind the widely used observability platform refused an extortion demand and has since taken steps to harden its security. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/grafana-labs-github-environment-breach-tanstack-npm-supply-chain/820866/
-
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Showboat doesn’t show off, but clearly it doesn’t need to, as it’s long helped China spy on small market communications providers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apts-linux-backdoor-telco-attacks
-
Europe dismantles VPN service used by cybercriminals to hide ransomware attacks
The international operation targeted a service known as First VPN, which had been marketed for years on Russian-speaking cybercrime forums as a secure way for criminals to evade law enforcement. First seen on therecord.media Jump to article: therecord.media/europe-dismantles-first-vpn
-
Police seize “First VPN” service used in ransomware, data theft attacks
A virtual private network service called ‘First VPN,’ used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-seize-first-vpn-service-used-in-ransomware-data-theft-attacks/
-
Content Delivery Exploit Opens Websites to Brand Hijacking
The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/content-delivery-exploit-websites-brand-hijacking
-
Industry Reacts to Verizon DBIR 2026 as Vulnerability Exploitation Takes Top Spot
Tags: access, ai, attack, breach, credentials, data, data-breach, exploit, risk, threat, vulnerabilityThe 2026 Verizon Data Breach Investigations Report (DBIR) has sparked widespread industry reaction, with security leaders warning that AI-enabled attacks, vulnerability exploitation, and third-party risk are reshaping the threat landscape faster than many organisations can respond. For the first time in the report’s history, vulnerability exploitation overtook stolen credentials as the leading initial access vector,…
-
When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have…