Attack & News

Latest cybersecurity news, threat reports, and attack campaigns

All Feeds Attack & News Gov Alerts / ISAC Vulnerability Alerts Privacy & Governance Fraud & Scams

517 articles

NEWScriticalInfosecurity Magazine1 day ago

Critical phpBB Flaw Lets Attackers Hijack Any Account with One Request

Critical phpBB authentication bypass lets attackers hijack any account with one request

NEWSSecurityWeek1 day ago

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications

Atsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiti…

NEWSThe Register1 day ago

Signal says UK plan to scan devices for nude images 'endangers us all'

Encrypted messaging app warns device-level checks could be repurposed for censorship

NEWShighThe Hacker News1 day ago

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, a…

NEWScriticalSecurityWeek1 day ago

SAP Patches Critical NetWeaver, Commerce Vulnerabilities

The flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage. The pos…

NEWScriticalThe Register1 day ago

Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year

Google paid researcher a tidy $55K bounty for its discovery

NEWSThe Hacker News1 day ago

Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open…

NEWScriticalThe Hacker News1 day ago

Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the w…

NEWSSecurityWeek1 day ago

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in N…

NEWSThe Hacker News1 day ago

The Hidden Security Risk in Modern Networks: The Work Between Tools

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increas…

NEWSThe Register1 day ago

France probes compromise of gov messaging platform after account hijack

Authorities say the breach only exposed public chat rooms, but alleged attacker claims to have accessed far more data

NEWScriticalHackread1 day ago

Maine Govt Portal Lists 10M Discord Data Breach Notice, But Filing Shows Red Flags

Maine Attorney General portal lists a Discord breach notice claiming 10 million affected, but odd filing details leave it unverifi…

NEWSSecurityWeek1 day ago

Will AI Kill the Bug Bounty Industry?

Anthropic's Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive securit…

NEWSBleeping Computer1 day ago

French govt messaging service breached in account hijacking attack

DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap,…

NEWShighHackread1 day ago

Handala Claims Israeli Radar Hack, But Evidence Shows Phone Admin Panel

An Iranian-linked hacker group called Handala claimed to have hit Israeli military targets with massive cyberattacks on Sunday,…

NEWShighInfosecurity Magazine1 day ago

Google Releases Patch for Chrome Vulnerability Exploited in the Wild

The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page

NEWSThe Hacker News1 day ago

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of you…

NEWScriticalSecurityWeek1 day ago

Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks

The authentication bypass vulnerability allows attackers to establish VPN connections without a valid password. The post Check Poi…

NEWScriticalInfosecurity Magazine1 day ago

Check Point Warns Critical Auth Bypass Bug Exploited in the Wild

Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin

NEWSThe Register1 day ago

Qilin NHS breach tally grows as Essex trust confirms stolen records

Two years on from ransomware attack, hospitals are still trying to identify and warn patients

NEWSThe Hacker News1 day ago

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts ac…

NEWSInfosecurity Magazine1 day ago

Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-Attack

Speaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to…

NEWScriticalBleeping Computer1 day ago

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a cr…

NEWShighInfosecurity Magazine1 day ago

WhatsApp Discovers NSO Group-Linked Spearphishing Attempts

Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing

NEWScriticalBleeping Computer1 day ago

Google patches new Chrome zero-day flaw exploited in the wild

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fift…

NEWShighThe Hacker News1 day ago

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to…

NEWSHackread2 days ago

WhatsApp Says It Blocked Pegasus Spyware Campaign Linked to NSO

WhatsApp says it blocked Israeli firm NSO’s Pegasus spyware activity and is asking a US court to treat the targeting as an injunct…

NEWSThe Register2 days ago

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

When an unsolicited job offer sounds too good to be true …

NEWShighBleeping Computer2 days ago

NFCShare Android malware spreads via fake banking app updates on GitHub

New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. […

NEWScriticalBleeping Computer2 days ago

SoFi confirms third-party data breach at Hong Kong subsidiary

SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor contain…