Attack & News

Latest cybersecurity news, threat reports, and attack campaigns

All Feeds Attack & News Gov Alerts / ISAC Vulnerability Alerts Privacy & Governance Fraud & Scams

518 articles

Infosecurity Europe: How DSIT Protects Thousands of UK Orgs from Cyber Vulnerabilities

The Department of Science, Innovation and Technology details how a combination of hands-on human advice and technology systems kee…

NEWSInfosecurity Magazine3 days ago

Meta AI Bug Exposes Over 20,000 Instagram Accounts

Meta confirms an AI tool vulnerability led to unauthorized access to Instagram accounts after a failure in email verification duri…

NEWSThe Hacker News3 days ago

UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens…

NEWSThe Hacker News3 days ago

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated develop…

NEWSWired Security3 days ago

All the Ways Europe Is Ditching American Technology

A WIRED timeline shows how dozens of governments, companies, and other organizations across Europe are moving, or planning to shif…

NEWSThe Hacker News4 days ago

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration…

NEWSWired Security5 days ago

Crypto-Funded Chinese Peptide Labs Are Booming

Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may…

NEWSThe Hacker News5 days ago

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, incl…

NEWScriticalThe Hacker News5 days ago

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv…

NEWScriticalThe Hacker News5 days ago

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg…

NEWSThe Register5 days ago

Oxford Uni student data pwned yet again - this time via career platform breach

Totally different attack from the break-in last month. Oh so that's OK then

NEWSThe Hacker News5 days ago

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack c…

NEWScriticalThe Hacker News5 days ago

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vul…

NEWSThe Register5 days ago

If you don't fall for these extortionists' calls, they'll show up with USB sticks

When 'Chatty Spider' morphs into tech services cosplay spider

NEWSThe Hacker News5 days ago

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions o…

NEWScriticalThe Register5 days ago

Yet another Cisco SD-WAN 0-day under attack, and no patch in sight

Good luck, sys admins

NEWSSecurity Magazine5 days ago

93% of Organizations Use or Plan to Use AI Agents for Sensitive Security Tasks

Organizations are handing AI the keys to sensitive systems before securing guardrails around those identities.

NEWScriticalSecurity Magazine5 days ago

2.6M Accounts Exposed in DentaQuest Data Breach

Threat actors released the sensitive data of 2.6 million accounts.

NEWSThe Hacker News5 days ago

Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Sl…

NEWSCyberScoop5 days ago

Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away

When a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post…

NEWSThe Register5 days ago

World Food Programme breach exposes data of 600k vulnerable Gazan families

Those receiving aid in the famine-threatened, war-torn territory told support will remain

NEWSThe Hacker News5 days ago

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent")…

NEWSInfosecurity Magazine6 days ago

Infosecurity Europe: Practical Lessons From Lloyds' Agentic AI Security Playbook

Lloyds Banking Group shared its approach for securing agentic AI workflows, with a mix of hands on experimentation and cross funct…

NEWSThe Hacker News6 days ago

Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver

Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to…

NEWSInfosecurity Magazine6 days ago

Infosecurity Europe: OWASP Introduces Agentic AI Security Maturity Framework

The OWASP agentic AI security framework helps organizations assess governance maturity vs adoption and adjust governance as needed

NEWSThe Register6 days ago

Council in UK's City of York outs hundreds of disabled residents with a single email blunder

Blue Badge holders exposed to each other after BCC function proves too complex

NEWSInfosecurity Magazine6 days ago

Infosecurity Europe: AI Coding Tools Need Built-In Security for Agentic Development Era

Ox Security field CTO, Boaz Barzel, makes the case for vibe security to tackle AI agent coding risks

NEWScriticalThe Hacker News6 days ago

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active in…

NEWSInfosecurity Magazine6 days ago

Infosecurity Europe: Reactive Security Is Failing Healthcare Organizations, Experts Warn

A perfect storm of legacy devices, hyper connectivity and human fatigue is bad news for the healthcare sector, warns Cyber Salus

NEWShighThe Hacker News6 days ago

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before…