Attack & News

Latest cybersecurity news, threat reports, and attack campaigns

All Feeds Attack & News Gov Alerts / ISAC Vulnerability Alerts Privacy & Governance Fraud & Scams

519 articles

NEWSThe Register12 days ago

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

And then Microsoft busted them all

NEWSWired Security12 days ago

The White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US Citizens

The website, which compares human beings to extraterrestrials, touts arrest numbers from the Trump administration’s sweeping immig…

NEWSThe Register12 days ago

ICE to keep an eye on your eyes under $25M biometric scanner deal

And you thought a face recognition app was intrusive?

NEWScriticalThe Register12 days ago

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

Researcher reported the vuln in March. Maintainers haven't responded to his messages since

NEWScriticalThe Register12 days ago

23andMe inherits lawsuit over 'disturbing' DNA data breach

California AG claims genetics biz downplayed 2023 mega-leak while paying ransom to attacker

NEWSSecurity Magazine13 days ago

Risks of Robinhood Using AI Agents to Trade, Make Purchases

Robinhood is enabling AI agents to trade and make credit card purchases on behalf of users.

NEWSInfosecurity Magazine13 days ago

Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems

Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and eve…

NEWSThe Register13 days ago

Dutch cops wrest 17M devices from mystery botnet's clutches

Hosting provider pulled the plug after police traced 200 servers to the Netherlands

NEWSThe Register13 days ago

ChatGPT blindly trusts browser content, turning the page into a payload

You and me go ChatGPhish-ing in the dark

NEWSThe Register13 days ago

Russia-linked threat group put ChatGPT to work from lure to payload

Researchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government

NEWSThe Register13 days ago

ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak

Telco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there

NEWSInfosecurity Magazine13 days ago

Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over

From a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISec

NEWShighInfosecurity Magazine13 days ago

Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies

ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as conti…

NEWShighInfosecurity Magazine13 days ago

AI-Generated npm Malware Leaks Its Own GitHub Token

Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

NEWSThe Register13 days ago

Troops’ phones gave away location data to foreign adversaries

Lawmakers push DoD to tighten smartphone controls after adversaries exploited commercial tracking data

NEWScriticalThe Register13 days ago

Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops

Six 0-days, three under active exploitation, more to come on July 14?

NEWSThe Register13 days ago

Snowflake buys Natoma to help freeze out rogue agents

It is the database titan’s sixth acquisition announcement since June 2025

NEWSSecurity Magazine13 days ago

As Summer Closes In, the Travel Sector Is Unprepared

In the last 12 months, 92% of agencies experienced some form of cyber threat. Yet, only 20% plan to establish an incident response…

NEWSWired Security13 days ago

The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are

The US military has long known that cheap fixes could stop location data from exposing its troops. It adopted almost none—and now…

NEWSThe Register13 days ago

Microsoft tests the 15-character limit of Windows Server admins' patience

May security update trips over hostnames of a very specific length

NEWSInfosecurity Magazine14 days ago

Attackers Move Past Typosquatting to Realistic Package Impersonation

Most malicious open source packages now mimic real code rather than rely on typosquatting

NEWSSecurity Magazine14 days ago

AI Agent Conducted a Cyberattack on Its Own — It Took Less Than One Hour

Security magazine speaks to a researcher about an observed cyberattack driven entirely by AI.

NEWScriticalSecurity Magazine14 days ago

6M Impacted by Carnival Cruise Data Breach

The incident was caused by a social engineering attack targeting an employee device.

NEWScriticalInfosecurity Magazine14 days ago

Microsoft Condemns "Uncoordinated" Zero Day Disclosures

Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”

NEWSInfosecurity Magazine14 days ago

New Threat Actor Jinx-0164 Targets Crypto Developers on macOS

New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware

NEWSInfosecurity Magazine14 days ago

Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals

ISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reactin…

NEWShighWired Security14 days ago

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Customer data from more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams.

NEWSInfosecurity Magazine14 days ago

GCHQ Chief Urges Action as AI Reshapes Cyber Threats

GCHQ director urges urgent business cyber action as AI and quantum reshape the threat

NEWSSecurity Magazine14 days ago

FBI Warning: IT Personnel Impersonated by Cybercriminals

Cybercriminals are targeting law firms with social engineering tactics.

NEWShighSecurity Magazine14 days ago

Windows Users Targeted in New Phishing Campaign

Windows users are the primary target of a new phishing threat.