Tag: attack
-
The Growing Abuse of GitHub and GitLab in Phishing Campaigns
Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown significantly since 2021, with 2025 accounting for nearly half of all activity,…
-
Definition: EASM | External Attack Surface Management – Was ist External Attack Surface Management (EASM)?
Tags: attackFirst seen on security-insider.de Jump to article: www.security-insider.de/was-ist-external-attack-surface-management-easm-a-de951497ed1c6e43c160c0d0c0ec8d92/
-
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
Tags: adobe, attack, cyber, exploit, hacker, intelligence, remote-code-execution, threat, vulnerability, zero-daySecurity researchers at EXPMON have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in the wild late last month, allows threat actors to silently steal local files, gather sensitive system information, and potentially deploy remote code execution (RCE) attacks against compromised machines. According to the threat intelligence…
-
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
Tags: adobe, attack, cyber, exploit, hacker, intelligence, remote-code-execution, threat, vulnerability, zero-daySecurity researchers at EXPMON have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in the wild late last month, allows threat actors to silently steal local files, gather sensitive system information, and potentially deploy remote code execution (RCE) attacks against compromised machines. According to the threat intelligence…
-
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise IdentityEnterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and First seen on thehackernews.com Jump to article:…
-
Iran”‘linked PLC attacks cause real”‘world disruption at critical US infra sites
Tags: access, advisory, apt, attack, automation, ciso, control, cyber, group, healthcare, infrastructure, iran, switch, threatA recurring Iranian playbook: The advisory linked the current campaign to a pattern of Iranian state-affiliated targeting of US industrial control systems. The authoring agencies have previously reported similar activity by CyberAv3ngers, affiliated with Iran’s Islamic Revolutionary Guard Corps Cyber Electronic Command, which compromised at least 75 Unitronics PLC devices across water, wastewater, and other…
-
LLM-generated passwords are indefensible. Your codebase may already prove it
Temperature is not a remedy: A reflexive objection from practitioners familiar with LLM configuration holds that increasing sampling temperature would attenuate these distributional biases by flattening the probability landscape from which characters are drawn. Irregular’s empirical results are unambiguous in refuting this intuition. Testing conducted at temperature 1.0, the maximum setting on Claude, produces no…
-
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
Invisible path to enterprise systems: This attack poses a serious risk to enterprises because, instead of beginning at the corporate perimeter, it starts from employee environments that are often less secure. Threat actors target vulnerable home or small office routers, which often have weak default passwords or unpatched software.The shift to remote work has dramatically…
-
Dutch healthcare software vendor goes dark after ransomware attack
ChipSoft’s website remains down but emails are functioning First seen on theregister.com Jump to article: www.theregister.com/2026/04/08/chipsoft_ransomware/
-
The zero-day timeline just collapsed. Here’s what security leaders do next
Tags: access, ai, api, attack, authentication, breach, cio, ciso, control, cyber, cybersecurity, data, data-breach, defense, endpoint, exploit, google, Internet, Intruder, leak, least-privilege, open-source, penetration-testing, resilience, service, strategy, tactics, update, vulnerability, zero-dayScaling vulnerability discovery to machine speed: Agentic AI is AI that can act, not just advise. Give it an objective, and it will plan steps, run them, learn from what happens and adjust until it succeeds or hits a hard stop. In cybersecurity, that looks like an automated operator. It can probe an application, test…
-
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
Cisco Talos uncovered a cluster of activity we track as UAT-10362 conducting spear-phishing campaigns against Taiwanese non-governmental organizations (NGOs) and suspected universities to deliver a newly identified malware family, “LucidRook.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/new-lua-based-malware-lucidrook/
-
Masjesu Botnet Targets Routers in Commercial DDoS Attacks
Hackers are abusing the Masjesu botnet to run high-volume DDoS-for-hire attacks against routers, gateways, and other exposed IoT infrastructure, turning everyday network hardware into commercial attack firepower. Operating quietly since early 2023 and still active in 2026, Masjesu (also known as XorBot) shows how mature, stealth-focused botnets are reshaping the DDoS marketplace. Masjesu is a commercially run…
-
New ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto
Netskope Threat Labs report a new ClickFix attack using fake CAPTCHAs to deploy Tor-backed NodeJS malware and drain crypto wallets on Windows. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-node-js-malware-tor-steal-crypto/
-
Iran”‘Backed Threat Actors Hit US CNI Providers via Internet”‘Facing OT Assets
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranbacked-hackers-cni-ot-assets/
-
FBI Takes Down APT28 Network Behind Global DNS Hijacking Attacks
The Russian-linked threat group APT28 has continued to leverage vulnerable network devices to carry out large-scale DNS hijacking campaigns, enabling adversary-in-the-middle attacks. Recent developments show that these operations have drawn direct intervention from U.S. authorities. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apt28-dns-hijacking-fbi/
-
FBI Takes Down Russian Campaign That Compromised Thousands of Routers
Tags: attack, cyber, cyberespionage, infrastructure, intelligence, network, office, router, russia, threatIn a major counter-cyberespionage action dubbed >>Operation Masquerade,<< the U.S. Justice Department and the FBI successfully neutralized a global network of compromised small office/home office (SOHO) routers. The infrastructure was controlled by Russia's Main Intelligence Directorate (GRU) to execute sophisticated Domain Name System (DNS) hijacking attacks against high-value intelligence targets. The Threat Actor and Attack…
-
Cybercriminals move deeper into networks, hiding in edge infrastructure
Attack activity is moving toward infrastructure outside endpoint visibility. Proxy networks support a wide range of operations, edge devices serve as initial access points, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/08/large-botnets-campaigns-attack-activity/
-
ComfyUI Servers Hijacked for Cryptomining, Proxy Botnet Ops
Hackers are aggressively hijacking Internet-exposed ComfyUI servers and converting them into high”‘value cryptomining rigs and proxy botnet nodes, abusing weakly secured AI image-generation setups for long”‘term monetization. More than 1,000 ComfyUI servers are currently reachable on the public Internet, even after filtering out honeypots, giving attackers a small but lucrative attack surface concentrated on GPU”‘rich…
-
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
Tags: attack, cyber, cybersecurity, data, data-breach, finance, hacker, infrastructure, intelligence, Internet, iran, technologyIran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday.”These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial First seen on thehackernews.com Jump to article: thehackernews.com/2026/04/iran-linked-hackers-disrupt-us-critical.html
-
US warns of Iran-affiliated cyber-attacks on critical infrastructure across country
Tags: attack, breach, compliance, country, cyber, cyberattack, government, infrastructure, iran, middle-east, resilience, threat, updateSecurity agencies say municipalities should watch out for unusual activity, especially in water and energy sectors<ul><li><a href=”https://www.theguardian.com/world/live/2026/apr/07/iran-war-live-updates-trump-hormuz-threats-deadline-strikes-middle-east-conflict”>Middle East crisis live updates</li></ul>Top government security agencies issued a warning of Iran-affiliated cyber-attacks on critical infrastructure across the US on Tuesday. In a <a href=”https://www.ic3.gov/CSA/2026/260407.pdf”>joint statement, the agencies said municipalities, especially in the water and energy sectors, should…
-
Mass. Hospital Diverting Ambulances as It Deals With Attack
Signature Healthcare EHRs, Patient Portal Offline; Some Cancer Care Cancelled. A Massachusetts healthcare system is diverting ambulance patients and is operating under downtime procedures as it deals with a cyberattack. The organization has also canceled certain cancer treatments, taken its patient portal offline and is unable to fill prescriptions at its retail pharmacies. First seen…
-
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
Who needs MFA when you’ve got EvilTokens? First seen on theregister.com Jump to article: www.theregister.com/2026/04/07/microsoft_device_code_phishing/
-
Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure
As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructure. First seen on wired.com Jump to article: www.wired.com/story/iran-linked-hackers-are-sabotaging-us-energy-and-water-infrastructure/
-
Snowflake customers hit in data theft attacks after SaaS integrator breach
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/
-
5 steps to strengthen supply chain security and improve cyber resilience
Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, control, credentials, cyber, data, defense, detection, dns, edr, email, endpoint, exploit, framework, governance, identity, infrastructure, mfa, monitoring, msp, network, radius, resilience, risk, saas, service, siem, soc, software, strategy, supply-chain, threat, tool, update, vulnerability, zero-trustAll software vendors and SaaS platformsOpen”‘source components embedded in your applicationsMSP or IT service providersCloud infrastructure and authentication servicesAPI integrations and automation workflowsOnce documented, classify each supplier by the impact they would have if compromised. A remote monitoring tool or authentication platform represents far greater risk than a basic productivity app. This prioritization helps you…