Collecting Cyber-News from over 60 sources

Tag: hacker

Hackers Compromise 34 npm, PyPI, and Crates Packages in Major Supply Chain Attack

May 25, 2026 9:00 AM

Tags: attack, credentials, crypto, cyber, hacker, open-source, pypi, software, supply-chain

Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source packages and hundreds of associated versions. Security researchers at Socket are tracking the campaign as “TrapDoor,” a crypto-focused credential stealer designed to infiltrate developer environments and exfiltrate sensitive data. Cross-Ecosystem Supply Chain Attack The…
Hackers Use CypherLoc Kit to Push Fake Microsoft Support Scams

May 25, 2026 8:01 AM

Tags: cyber, endpoint, hacker, microsoft, phishing, scam

CypherLoc is a sophisticated browser-lock scareware designed to drive victims to fraudulent tech support calls. It evades scanners and sandboxes by executing in an encrypted, condition-based manner inside the browser. Security teams should have robust anti-phishing, browser, and endpoint protections and prioritize user education. Since the start of 2026, Barracuda researchers have observed around 2.8 million…
CVSS-Scores 9.6 und 9.1 – Hacker können Remote Code in GlassFish-Projekte einschleusen

May 25, 2026 8:01 AM

Tags: cvss, hacker

First seen on security-insider.de Jump to article: www.security-insider.de/glassfish-kritische-rce-schwachstellen-bis-8-0-0-a-b5019d144abcba46bb9f2dccb16ec446/
Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches

May 25, 2026 5:00 AM

Tags: breach, data, hacker

A hacker is selling a 340M OnlyFans user database allegedly built by matching old breach data and public profiles to real OnlyFans accounts. First seen on hackread.com Jump to article: hackread.com/hacker-selling-onlyfans-user-records-old-breaches/
Angriff auf GitHub über kompromittiertes Gerät: Hacker stehlen 3.800 interne Repositories

May 23, 2026 6:00 PM

Tags: cyberattack, github, hacker

First seen on t3n.de Jump to article: t3n.de/news/github-hacker-stehlen-repositories-1743454/
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers

May 23, 2026 2:00 PM

Tags: authentication, botnet, cybersecurity, exploit, hacker, router, vulnerability

Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers

May 23, 2026 2:00 PM

Tags: authentication, botnet, cybersecurity, exploit, hacker, router, vulnerability

Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/
Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks

May 23, 2026 1:00 PM

Tags: access, attack, cyber, exploit, hacker, intelligence, linux, microsoft, network, threat, unauthorized

Threat actors are actively exploiting end-of-life F5 BIG-IP appliances to gain unauthorized SSH access into enterprise networks, using the compromised devices as launchpads for sophisticated multi-stage intrusion campaigns that ultimately target Active Directory infrastructure. Microsoft Threat Intelligence disclosed the full attack chain on May 22, 2026, documenting how a single compromised edge appliance cascaded into…
Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks

May 23, 2026 1:00 PM

Tags: access, attack, cyber, exploit, hacker, intelligence, linux, microsoft, network, threat, unauthorized

Threat actors are actively exploiting end-of-life F5 BIG-IP appliances to gain unauthorized SSH access into enterprise networks, using the compromised devices as launchpads for sophisticated multi-stage intrusion campaigns that ultimately target Active Directory infrastructure. Microsoft Threat Intelligence disclosed the full attack chain on May 22, 2026, documenting how a single compromised edge appliance cascaded into…
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers

May 23, 2026 11:00 AM

Tags: ai, cyber, google, hacker, infection, powershell, supply-chain, threat

Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers

May 23, 2026 11:00 AM

Tags: ai, cyber, google, hacker, infection, powershell, supply-chain, threat

Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…
Hackers Compromise Laravel-Lang Packages via 700 GitHub Repos

May 23, 2026 10:00 AM

Tags: attack, backdoor, cyber, github, hacker, open-source, remote-code-execution, supply-chain

A sophisticated and active supply chain attack has struck the Laravel-Lang open-source organization, compromising over 700 historical package versions across four widely used PHP localization repositories. The attack, detected on May 22, 2026, and reported by both Aikido Security and the Socket Research Team, introduces a fully functional remote code execution (RCE) backdoor that executes automatically via Composer’s…
FBI Director’s Former Apparel Brand Hit by Malware

May 23, 2026 5:00 AM

Tags: cyber, email, government, hacker, incident, iran, macOS, malicious, malware

Malware Targeted macOS Users Visiting Patel Foundation Merchandise Page. Two months after Iran-linked hackers exfiltrated FBI Director Kash Patel’s personal email, the government official’s name is tangled up in another cyber incident, this time through a MAGA swag shop he co-founded. ClickFix malware on the site tried to trick shoppers into running a malicious command.…
Iranian Hackers Using Fake Job Sites to Breach Defense Firms

May 23, 2026 1:00 AM

Tags: breach, communications, defense, government, hacker, iran, jobs, malware, network

Unit 42 Says Iranian Operators Target Aerospace and Government Staff. Palo Alto Networks’ Unit 42 said Iran-linked operators tied to Screening Serpens are using fake recruiting campaigns, cloned aerospace hiring portals and malware-laced job materials to infiltrate defense, satellite communications and government networks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-using-fake-job-sites-to-breach-defense-firms-a-31762
Kash Patel’s clothing brand website shut down after reports it was hacked

May 22, 2026 7:02 PM

Tags: hacker

According to users on X, the website was hijacked by hackers in an attempt to trick visitors into installing malware. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/22/kash-patels-clothing-brand-website-shut-down-after-reports-it-was-hacked/
Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages

May 22, 2026 6:00 PM

Tags: defense, hacker, iran, network, phishing, spear-phishing

Companies, particularly those in the affected industries, should harden their defenses against impersonation schemes, Palo Alto Networks said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-cyberattacks-espionage-us-israel-uae/820990/
Drupal: Critical SQL injection flaw now targeted in attacks

May 22, 2026 4:00 PM

Tags: attack, exploit, flaw, hacker, injection, sql, vulnerability

Drupal is warning that hackers are attempting to exploit a “highly critical” SQL injection vulnerability announced earlier this week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/drupal-critical-sql-injection-flaw-now-targeted-in-attacks/
Hackers Exploit Middle East Telecoms for Massive C2 Operations

May 22, 2026 4:00 PM

Tags: control, cyber, exploit, hacker, infrastructure, middle-east, network

Hackers are increasingly abusing Middle East telecommunications networks and hosting providers to operate large-scale command-and-control (C2) infrastructure. The findings highlight a strategic shift away from disposable indicators toward infrastructure-level tracking, allowing defenders to identify persistent patterns behind cyber operations rather than reacting to constantly changing indicators of compromise. The dataset reveals that C2 infrastructure dominates…
Belarus-linked hackers use fake training certificates to target Ukrainian officials

May 22, 2026 3:00 PM

Tags: email, espionage, government, group, hacker, hacking, training, ukraine

A Belarus-linked hacking group known as GhostWriter has launched a new espionage campaign against Ukrainian government officials using fake emails disguised as messages from a popular online learning platform to deliver malware. First seen on therecord.media Jump to article: therecord.media/oysterfresh-belarus-linked-campaign-targets-ukraine
Russian Hackers Exploit RDP, VPNs, Supply Chains for Initial Access

May 22, 2026 3:00 PM

Tags: access, cyber, defense, exploit, government, group, hacker, infrastructure, network, russia, social-engineering, supply-chain, threat, vpn

Russian state-sponsored and aligned threat groups are increasingly combining Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), supply chain compromise, and sophisticated social engineering to gain initial access to targeted networks across government, critical infrastructure, and commercial sectors. This multi-vector approach allows them to bypass perimeter defenses, blend in with legitimate traffic, and maintain long-term…
Angriff auf das Gesundheitswesen – Hacker erbeuten Zehntausende Daten deutscher Patienten

May 22, 2026 3:00 PM

Tags: cyberattack, hacker

First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriff-unimed-patientendaten-unikliniken-a-994478f4f1fb9660429dd4d07a421140/
Hackers steal patient and billing data from German hospitals via third-party provider

May 22, 2026 2:00 PM

Tags: breach, data, data-breach, hacker, healthcare, service

The large-scale data breach reportedly hit Unimed, a company that handles billing services for privately insured and self-paying patients on behalf of numerous German hospitals. First seen on therecord.media Jump to article: therecord.media/hackers-steal-patient-billing-data-german-hospitals
Popular npm Package “art-template” Backdoored in Watering-Hole Attack

May 22, 2026 2:00 PM

Tags: attack, backdoor, cyber, exploit, hacker, iphone, malicious

Hackers compromised the popular art-template npm package to inject a stealthy backdoor that redirected users’ browsers to a malicious watering”‘hole site delivering a Coruna”‘class iOS exploit framework. The campaign turned a widely used JavaScript templating library into a delivery vehicle for advanced Safari exploits targeting iPhones running iOS 11 through 17.2. The art-template package is…
Hackers Use Six-Layer Persistence on FreePBX Systems

May 22, 2026 1:00 PM

Tags: cyber, exploit, finance, hacker, infrastructure, threat, voip

Hackers are actively exploiting FreePBX systems using a highly resilient six-layer persistence mechanism. The campaign has been attributed with high confidence to the threat actor INJ3CTOR3, known for targeting VoIP infrastructure for financial gain since 2019. The operation deploys a multi-stage Bash dropper that installs a previously undocumented PHP webshell family named JOMANGY, alongside the…
Hackers Weaponize NF-e Invoice Lures to Deploy Banana RAT

May 22, 2026 1:00 PM

Tags: banking, cyber, finance, hacker, rat, threat

Hackers are actively using Brazil’s electronic invoice system (NF-e) as a lure to distribute a sophisticated banking trojan known as Banana RAT. The campaign has been attributed to a financially motivated threat cluster tracked as SHADOW-WATER-063 and appears exclusively focused on Brazilian financial institutions. The investigation is notable because analysts obtained visibility into both attacker…
Versteck für Hacker: Behörden zerschlagen VPN-Dienst und identifizieren Nutzer

May 22, 2026 1:00 PM

Tags: hacker, vpn

First VPN ist bei Cyberkriminellen wohl ziemlich beliebt gewesen. Doch das ist jetzt vorbei: Strafverfolger gelangten an Server und Nutzerdaten. First seen on golem.de Jump to article: www.golem.de/news/nutzer-identifiziert-behoerden-zerschlagen-fuer-cybercrime-genutzten-vpn-dienst-2605-208960.html
A hacker group is poisoning open source code at an unprecedented scale

May 22, 2026 1:00 PM

Tags: github, group, hacker, open-source, software, supply-chain

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/05/a-hacker-group-is-poisoning-open-source-code-at-an-unprecedented-scale/
Datenleck bei Hackerbande The Gentlemen

May 22, 2026 11:00 AM

Tags: ai, data-breach, hacker, ransomware

Ein Datenleck bei der Ransomware-Gruppe The Gentlemen offenbart deren Strukturen. Die Hacker nutzten KI-Modelle wie DeepSeek für ihre Infrastruktur. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hackerbande-the-gentlemen-datenleck
Hackers Hide Malware in Nested macOS-Style Folders to Evade Scans

May 22, 2026 10:00 AM

Tags: cyber, detection, email, hacker, macOS, malware, phishing, social-engineering, spear-phishing

Hackers are increasingly adopting stealthy delivery techniques, and a newly uncovered spear-phishing campaign shows how nested macOS-like folder structures can be abused to evade detection while deploying advanced malware. The phishing email carries a ZIP attachment named “å¸¸å·žå¤§å¦2026å¹´ã€Šå›½å®¶å¦ç, Ÿä½“è´¨å¥åº·æ ‡å‡†ã€‹æµ‹è¯•é€šçŸ¥æœ€ç»ˆç‰ˆ.zip,” posing as an official university notice. The social engineering is unusually precise: failure in this fitness…
Cyberangriff: Hacker erbeuten Daten von Patienten mehrerer Unikliniken

May 22, 2026 10:00 AM

Tags: cyberattack, germany, hacker

Ein Dienstleister von Unikliniken aus ganz Deutschland ist Ziel eines Cyberangriffs geworden. Daten Zehntausender Patienten sind abgeflossen. First seen on golem.de Jump to article: www.golem.de/news/cyberangriff-hacker-erbeuten-daten-von-patienten-mehrerer-unikliniken-2605-208955.html