Tag: attack
-
Bluekit Phishing Kit Streamlines Domains, 2FA Lures, and Session Hijacking
A newly discovered phishing kit called “Bluekit” is reshaping how cybercriminals run phishing campaigns by combining multiple attack stages into a single, centralized platform. Instead, Bluekit integrates these capabilities into one operator panel, streamlining the entire attack lifecycle from setup to data exfiltration. This shift reflects a broader trend toward automation and ease of use…
-
Ubuntu and Canonical Web Services Hit by DDoS Attack
What happened Canonical, the company behind the Ubuntu Linux distribution, experienced widespread service disruptions across its core web infrastructure on May 1, 2026, following a coordinated DDoS attack. The hacktivist group identifying itself as the Islamic Cyber Resistance in Iraq, known as the 313 Team, claimed responsibility. Canonical acknowledged the outages via its status page…The…
-
Two cybersecurity pros get prison time for helping ransomware gang
Two American cybersecurity professionals were sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023. They pleaded guilty in December 2025 to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/cybersecurity-experts-alphv-blackcat-ransomware-sentenced/
-
Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers
New research has uncovered a Mirai-derived botnet called xlabs_v1 that turns Android devices with exposed Android Debug Bridge (ADB) into a distributed attack platform for knocking Minecraft servers and other game hosts offline. By abusing TCP port 5555 on poorly secured Android-based hardware, the operators are quietly building a rentable DDoS-for-hire service aimed at the gaming ecosystem.…
-
CISA Flags Linux Kernel Vulnerability as Threat Actors Launch Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, linux, threat, update, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-31431, this flaw is currently being exploited in the wild by threat actors. This active exploitation has prompted urgent patching mandates for federal agencies and strong recommendations for private organizations worldwide.…
-
DOJ Sentences Two Americans for ALPHV BlackCat Ransomware Attacks
The U.S. Department of Justice (DOJ) has sentenced two American cybersecurity professionals to prison for their involvement in ALPHV BlackCat ransomware attacks that targeted multiple U.S. organizations in 2023. The case highlights the growing threat of insider expertise being misused in ransomware-as-a-service (RaaS) operations. Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas,…
-
Attackers Hijack SAP npm Packages to Steal Dev Secrets
A sophisticated supply chain attack hit the SAP developer ecosystem on April 29, 2026, compromising four widely-used npm packages with credential-stealing malware. The attackers modified package installation scripts to download the Bun JavaScript runtime a legitimate alternative to Node.js during the npm install process. This technique bypasses Node.js-based security monitoring by executing an 11.6 MB…
-
Bluekit phishing kit enables automated phishing with 40+ templates and AI tools
Bluekit is a new phishing kit with AI features, automated domain setup, and tools like spoofing, voice cloning, and 40+ attack templates. Bluekit is a newly discovered phishing kit still in development that includes advanced features such as an AI assistant and automated domain registration. According to Varonis, it offers over 40 website templates along…
-
Email Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing Surge
Email bombing campaigns combined with fake IT support outreach are driving a surge in sophisticated Microsoft Teams phishing attacks. The attacks typically begin with email bombing, where victims are flooded with spam messages to create confusion and urgency. Shortly after, threat actors initiate contact via Microsoft Teams, impersonating internal IT support or helpdesk personnel. Posing…
-
Fake Party Invites and the Rise of Social Phishing Attacks
Attackers are now impersonating invitation services to trick people into clicking malicious links and sharing sensitive information. These phishing attempts look like legitimate event invites, making them especially effective. In this episode, we discuss how these scams work and what steps you can take to stay protected. Special thanks to Guardsquare for sponsoring this episode!……
-
Instructure confirms data breach, ShinyHunters claims attack
Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/instructure-confirms-data-breach-shinyhunters-claims-attack/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter fast16 – Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet 73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations An alarm clock you can’t ignore: How CapFix attacks…
-
FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks
What happened The FBI issued a public service announcement on April 30, 2026, warning the US transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. That represents a 60% increase over the prior year. Confirmed cargo theft…The…
-
1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP
What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM, and PHP ecosystems over a two-day period, affecting over 1,800 developer repositories containing stolen credentials. The campaign was first identified on April 29 when malicious versions of four SAP NPM packages were caught delivering information-stealing…The…
-
ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts
What happened A third iteration of the ConsentFix attack technique has been circulating on hacker forums, introducing automation and scalability to a method that abuses Microsoft Azure’s OAuth2 authorization code flow to hijack accounts without passwords and despite multi-factor authentication being enabled. The original ConsentFix was documented by Push Security in December 2025 as an…The…
-
Global Cyber Threat Brief: Identity Breaches, Supply Chain Attacks, and the Rise of Organized Cybercrime
Tags: attack, breach, cyber, cybercrime, data, exploit, identity, organized, ransomware, service, supply-chain, threatIn the past week, the global cyber threat landscape has once again demonstrated how rapidly attackers are evolving shifting from isolated intrusions to coordinated, multi-stage campaigns targeting identities, supply chains, and service providers. From large-scale identity data exposure to sophisticated token abuse and ransomware-driven disruptions, these incidents highlight a critical reality: attackers are increasingly exploiting…
-
Invisible Threats Within: Detecting Botnet Activity and Data Exfiltration Before It’s Too Late
In today’s cyber threat landscape, attacks are no longer always loud or immediate. Many of the most damaging incidents begin quietly hidden within normal network activity, disguised as legitimate traffic, and evolving over time into full-scale compromises. Modern security requires more than just detection; it requires context, behavioral intelligence, and early intervention. This article highlights…
-
AI agents can bypass guardrails and put credentials at risk, Okta study finds
Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
-
AI agents can bypass guardrails and put credentials at risk, Okta study finds
Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
-
AI agents can bypass guardrails and put credentials at risk, Okta study finds
Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
-
Windows shell spoofing vulnerability puts sensitive data at risk
A difficult balance: Erik Avakian, technical counselor at Info-Tech Research Group, noted that when it set the patching deadline, CISA had been operating within the guidelines laid down in Binding Operational Directive (BOD) 22-01, which requires US federal agencies to patch vulnerabilities within the timelines outlined under the policy, which range from 14 to 21…
-
Blue Teaming Active Directory: EVENmonitor
This article demonstrates how EVENmonitor exposes the most common Active Directory attacks the moment they occur. Each attack is paired with the specific Windows Event First seen on hackingarticles.in Jump to article: www.hackingarticles.in/blue-teaming-active-directory-evenmonitor/
-
GPO Abuse: Exploiting Vulnerable Group Policy Objects
This article walks through a complete GPO-abuse attack chain in a lab domain named ignite.local. We first simulate the misconfiguration by granting a low-privilege user First seen on hackingarticles.in Jump to article: www.hackingarticles.in/gpo-abuse-exploiting-vulnerable-group-policy-objects/
-
45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation
SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks. First seen on hackread.com Jump to article: hackread.com/45k-attacks-53k-backdoor-china-cybercrime-operation/
-
Critrical cPanel flaw mass-exploited in “Sorry” ransomware attacks
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in “Sorry” ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
-
ConsentFix v3 attacks target Azure with automated OAuth abuse
A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/consentfix-v3-attacks-target-azure-with-automated-oauth-abuse/