Tag: attack
-
Huawei zero-day attack behind last year’s crash of Luxembourg’s entire telecoms network
There is no evidence that the incident has recurred, but the flaw remains unexplained and has not been publicly acknowledged by the company. First seen on therecord.media Jump to article: therecord.media/huawei-zero-day-behind-last-year-luxembourg-telecom-outage
-
Microsoft Self-Service Password Reset abused in Azure data theft attacks
A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-self-service-password-reset-abused-in-azure-data-theft-attacks/
-
Only a Handful of CVEs Mattered for Supply Chain in 2025
Is the Vulnerability Exposed and Easily Exploitable?. Not all supply chain vulnerabilities are alike. Between the exploding volume of new CVEs and the number of actual mass attacks, there lies a sweet spot of just dozens of vulnerabilities to quickly patch to head off risk. No company is able to address every new vulnerability. First…
-
Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN
Researchers said a wave of attacks began in February targeting firewalls that appeared to be protected.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/patch-bypass-hackers-exploit-flaw-sonicwall/820600/
-
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/hackers-have-compromised-dozens-of-popular-open-source-packages-in-an-ongoing-supply-chain-attack/
-
Legacy Microsoft Utility Fuels New Wave of Malware
Researchers Link MSHTA Windows Utility to Lumma Stealer, ClickFix Campaigns. Cybercriminals continue abusing Microsoft’s legacy MSHTA utility to deliver malware, with researchers saying that the default-enabled Windows component remains a favored living-off-the-land tool for PowerShell attacks, info stealers and multi-stage malware loaders. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/legacy-microsoft-utility-fuels-new-wave-malware-a-31716
-
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
Dark Reading editors reflect on two decades of dramatic change, from perimeter defense to assume-breach strategies, and warn that while AI, cloud, and COVID-19 have transformed the threat landscape, organizations are still failing at fundamental security hygiene that could stop sophisticated attacks in their tracks. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/looking-back-looking-forward-bouillabaisse-cyber-evolution
-
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/19/shub-reaper-macos-infostealer-apple-google-microsoft/
-
ShinyHunters Takes Responsibility for Attack on Learning Management Platform
A cyberattack linked to the notorious threat group ShinyHunters has disrupted a widely used Learning Management System (LMS), impacting educational institutions and students across the United States. According to a Public Service Announcement (PSA) issued by the FBI on May 15, 2026 (Alert I-051526-PSA), the platform has since been restored. However, concerns remain over potential…
-
7 tips for accelerating cyber incident recovery
Tags: attack, awareness, backup, breach, business, ceo, cio, ciso, cloud, communications, control, cyber, cybersecurity, data, defense, finance, framework, governance, incident, incident response, infection, insurance, international, lessons-learned, malicious, malware, monitoring, nist, risk, service, technology, threat, updateEmphasize scoping and containment from the outset: Because you can’t recover from what you can’t stop, scoping and containment should be the absolute first priority during incident recovery, says Amit Basu, CIO and CISO at freight shipping firm International Seaway.”Before anything else, you must stop the bleeding,” he says. This means understanding the true scope…
-
Kimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense Officials
Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials. North Korea-linked threat group Kimsuky has launched at least four distinct spear-phishing campaigns in early 2026, targeting recruiters, cryptocurrency users, developers, defense personnel, and academic administrators. Despite using different themes and delivery methods, all campaigns follow a consistent attack chain:…
-
PostgreSQL Flaws Expose Databases to Remote Code Execution and SQL Injection
Tags: attack, cyber, flaw, group, injection, remote-code-execution, service, sql, update, vulnerabilityPostgreSQL has released critical security updates addressing multiple high-impact vulnerabilities that could allow remote code execution (RCE), SQL injection, and denial-of-service (DoS) attacks across widely deployed database environments. The PostgreSQL Global Development Group announced the release of versions 18.4, 17.10, 16.14, 15.18, and 14.23, fixing 11 security flaws and more than 60 bugs. These vulnerabilities…
-
Critical NGINX Vulnerability CVE-2026-42945 Now Under Active Attack
Cybersecurity researchers are warning that attackers have already started exploiting a newly disclosed NGINX vulnerability, tracked as CVE-2026-42945, just days after technical details and proof-of-concept code became public. The flaw, also referred to as NGINX Rift, affects millions of potentially exposed servers and has raised concerns across the security community due to its potential impact on core internet…
-
Hackers Bypass Security Tools to Target Users Directly
Bridewell report calls out emergence of “fix-style” attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-bypass-security-tools/
-
Microsoft Details Storm-2949 Cloud Attack on Azure and Microsoft 365
Tags: attack, breach, cloud, cyberattack, data, identity, infrastructure, intelligence, microsoft, service, theft, threatMicrosoft Threat Intelligence has disclosed details of a cyberattack carried out by a threat actor tracked as Storm-2949, which escalated from a targeted identity compromise into a large-scale breach of cloud infrastructure and sensitive enterprise systems. The campaign focused heavily on data theft from Microsoft 365 services, Azure-hosted production environments, and cloud storage resources, demonstrating how compromised identities can…
-
JavaScript Malware Campaign Drops Crypto Clipper via PowerShell
A large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy cryptocurrency clipper malware. The campaign stands out for its complex infection chain, combining JavaScript, PowerShell, and in-memory shellcode execution to evade detection and maintain persistence across infected systems. The attack begins with a malicious executable that launches…
-
Compromised GitHub Action Steals Workflow Credentials
A widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-controlled domain. The attack hinges on a subtle but powerful manipulation of Git tags. Instead of altering the visible commit history, the attacker moved all release tags to an “imposter commit” identified as 1c9e803, which does…
-
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server.”Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit…
-
Mini Shai-Hulud Attack Hits @antv npm Packages
A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the compromise of the npm maintainer account “atool,” which is associated with several popular JavaScript libraries.…
-
Mini Shai-Hulud Attack Hits @antv npm Packages
A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the compromise of the npm maintainer account “atool,” which is associated with several popular JavaScript libraries.…
-
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server.”Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit…
-
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave.”The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million…
-
Microsoft Exchange Zero-Day Under Attack, No Patch Available
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch
-
Grafana confirms GitHub token breach cybercrime group claims the attack
Tags: attack, breach, cybercrime, data, data-breach, extortion, github, group, leak, security-incident, theftGrafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…
-
Device Code Phishing Targets Microsoft 365 Users
Proofpoint warns that device code phishing attacks are rapidly growing across Microsoft 365 environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/device-code-phishing-targets-microsoft-365-users/
-
Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/leaked-shai-hulud-malware-fuels-new-npm-infostealer-campaign/
-
Cyber attackers bypass traditional defences as ‘user-driven’ attacks surge, Bridewell warns
Cyber attackers are increasingly sidestepping traditional security tools by exploiting users themselves, according to Bridewell’s newly released Cyber Threat Intelligence Report 2026. The report highlights a significant shift in attacker behaviour, with threat actors moving away from malware-heavy campaigns towards identity-driven and socially engineered attacks that operate within trusted systems, often leaving little trace for…
-
New image-based prompt injection attack targets multimodal AI models
Researchers claim strong black-box transferability: The researchers evaluated the technique against multiple open-source LVLMs, including MiniGPT4, BLIP-2, InstructBLIP, BLIVA, and Qwen2.5-VL, the paper added.According to the paper, the attack achieved an average success rate of 66.36% across tested models, outperforming prior baseline attacks by roughly 41 percentage points.The researchers also said the technique demonstrated “strong…
-
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread.Early phishing detection closes…