Tag: attack
-
The readiness paradox: Why a false sense of cyber confidence is becoming a liability
As AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits. First seen on cyberscoop.com Jump to article: cyberscoop.com/cybersecurity-readiness-paradox-resilience-op-ed/
-
The readiness paradox: Why a false sense of cyber confidence is becoming a liability
As AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits. First seen on cyberscoop.com Jump to article: cyberscoop.com/cybersecurity-readiness-paradox-resilience-op-ed/
-
Microsoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks
Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users. First seen on hackread.com Jump to article: hackread.com/microsoft-retired-ie-tool-mshta-fileless-malware-attack/
-
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations. First seen on wired.com Jump to article: www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/
-
Fake Invitation Phishing Campaign Steals Credentials From U.S. Organizations
A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception, and remote access tool abuse into a single attack chain. The campaign stands out due to its repeatable phishing framework, which allows threat actors to rapidly generate event-themed lure pages at scale. These pages often begin with…
-
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-warns-of-new-defender-zero-days-exploited-in-attacks/
-
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/grafana-labs-code-breach-tanstack/
-
Mini Shai-Hulud Hits @antv npm Packages, Targets CI/CD Secrets
An Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonstrates how deeply embedded open-source libraries can be weaponized to infiltrate modern development pipelines at scale. The…
-
GitHub links repo breach to TanStack npm supply-chain attack
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week’s TanStack npm supply-chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-links-repo-breach-to-tanstack-npm-supply-chain-attack/
-
AI red teaming agents change how LLMs get tested
Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/21/ai-red-teaming-agents-research/
-
New GhostTree Attack Causes EDR Tools to Hang, Leaving Files Unscanned
A newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detection and response (EDR) tools and bypass file scanning mechanisms on Windows systems. The technique, discovered by Varonis Threat Labs, abuses NTFS junctions to create recursive directory structures that can cause security tools to hang indefinitely. New…
-
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure.The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database abstraction…
-
Why Smaller Healthcare Providers Remain Easy Targets
Recent Hacks Underscore Persistent and Growing Threats to Smaller Organizations. Small and mid-sized healthcare organizations – including medical specialty practices and regional clinics – continue to fall victim disproportionately to hacking incidents, including ransomware attacks and data thefts – affecting large populations of patients. Why does this keep happening? First seen on govinfosecurity.com Jump to…
-
Browser Threats Are Expanding the SMB Attack Surface
Palo Alto Networks warns that browser-based attacks, AI phishing, and malicious extensions are creating growing cybersecurity risks for SMBs. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/browser-threats-are-expanding-the-smb-attack-surface/
-
Ukraine probes teen suspect in cyber theft scheme targeting California online shoppers
The investigation began after U.S. authorities informed their Ukrainian counterparts that hackers operating from Ukraine could be involved in attacks targeting users of American e-commerce platforms, Ukraine’s Prosecutor General said. First seen on therecord.media Jump to article: therecord.media/ukraine-probes-teen-suspect-cyber-theft-scheme
-
Grafana breach caused by missed token rotation after TanStack attack
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
-
GitHub says internal repositories were impacted in poisoned VS Code extension attack
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the…
-
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS…
-
Compromised coding tool helped hackers breach thousands of GitHub repositories
The attack is the latest example of hackers’ intense focus on open-source packages. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/github-hacked-repository-data/820722/
-
Critical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious Images
A newly disclosed vulnerability in ExifTool, tracked as CVE-2026-3102, exposes macOS systems to command execution attacks through malicious image metadata, highlighting ongoing risks in widely used file processing tools. ExifTool is a popular utility used across media workflows to read and write metadata in images, PDFs, and multimedia files. Its flexibility and integration into automation…
-
AI Botnets Drive Surge in Financial Sector DDoS Attacks
Akamai Links Attack Growth to AI-Enabled Botnets and Hacktivists. Akamai says AI-enabled botnets, geopolitical hacktivism and financially motivated cybercriminals drove a massive rise in DDoS, API and web attacks against global financial services firms in 2025, with banks suffering the majority of incidents. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-botnets-drive-surge-in-financial-sector-ddos-attacks-a-31730
-
AI Botnets Drive Surge in Financial Sector DDoS Attacks
Akamai Links Attack Growth to AI-Enabled Botnets and Hacktivists. Akamai says AI-enabled botnets, geopolitical hacktivism and financially motivated cybercriminals drove a massive rise in DDoS, API and web attacks against global financial services firms in 2025, with banks suffering the majority of incidents. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-botnets-drive-surge-in-financial-sector-ddos-attacks-a-31730
-
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
Tags: attackBarracuda reveals new CypherLoc scareware has featured in nearly three million attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/researchers-cypherloc-scareware/
-
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach
Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/fbi-shinyhunters-canvas-breach
-
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash
A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The attack disrupted landline, 4G, 5G, and emergency communications for more than three hours after specially crafted…
-
DevilNFC Malware Traps Android Users in NFC Relay Attacks
A newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victims during NFC relay attacks. These malware families mark a significant evolution in NFC relay threats. Unlike earlier campaigns dominated by Chinese-speaking Malware-as-a-Service ecosystems, DevilNFC and NFCMultiPay are developed by independent regional…
-
Mini Shai-Hulud Attack Hits npm Ecosystem, Compromising Over 600 Packages
A large-scale supply chain attack targeting the npm ecosystem has resurfaced with a new variant of the Mini Shai-Hulud malware, compromising more than 600 packages and introducing advanced evasion techniques, including forged Sigstore provenance. The attack primarily targeted the widely used @antv ecosystem but quickly spread to other popular libraries and developer tools. The attack…
-
Single-Letter Go Module Typosquat Drops DNS-Based Backdoor
A newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor. A malicious Go module, github.com/shopsprint/decimal, designed to impersonate the widely trusted github.com/shopspring/decimal library used for high-precision arithmetic in financial and analytics applications. The legitimate package is heavily adopted across the Go ecosystem, with more than 38,000 known…
-
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised.It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories.”After the initial assessment, we found…
-
Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/hackers-have-compromised-dozens-of-popular-open-source-packages-in-an-ongoing-supply-chain-attack/