Category: Cyber Attack News

Authorities Seized 800 Servers of Hosting Company Used to Launch Cyberattacks Dutch authorities have seized more than 800 servers and arrested two individuals as part of a major investigation into a hosting infrastructure allegedly used to support cyberattacks, disinformation campaigns, and sanctions evasion linked to Russia. The Fiscal Information and Investigation Service (FIOD) confirmed that…

Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that ultimately accessed Active Directory. According to Microsoft’s Defender Security Research, the attack reflects a growing…

GitHub Hacked – Internal Source Code Repositories Compromised via Employee Device GitHub has confirmed unauthorized access to its internal repositories after detecting a compromised employee device infected through a malicious Visual Studio Code extension, the company disclosed in a series of official statements on May 20, 2026. The Microsoft-owned code hosting platform said it identified…

Hackers Breach Government and Military Servers by Exploiting cPanel Vulnerability A sophisticated adversarial campaign targeting South-East Asian government and military infrastructure, combining rapid exploitation of a critical cPanel authentication bypass with a custom zero-day exploit chain against an Indonesian defense-sector portal and ultimately pivoting to exfiltrate over 4GB of sensitive Chinese railway documents. The campaign’s…

Hackers Abuse SS7 and Diameter Protocols to Track Mobile Users Worldwide A major investigation has revealed that sophisticated threat actors are exploiting fundamental vulnerabilities in global mobile networks to track users worldwide. By abusing legacy 3G SS7 and 4G Diameter signaling protocols, hackers are successfully bypassing telecom firewalls to conduct silent, cross-border espionage. The extensive…

Hackers Leverage Microsoft Teams to Breach Organizations Posing as IT Helpdesk Staff A newly identified threat group, UNC6692, has been caught running a sophisticated multistage intrusion campaign that uses Microsoft Teams impersonation, a custom modular malware suite, and cloud infrastructure abuse to deeply penetrate enterprise networks, all without exploiting a single software vulnerability. Google Threat…

Checkmarx KICS Official Docker Repo Compromised to Inject Malicious Code A significant supply chain attack targeting the official checkmarx/kics Docker Hub repository, where threat actors pushed trojanized images capable of harvesting and exfiltrating sensitive developer credentials and infrastructure secrets. Docker’s internal monitoring flagged suspicious activity around KICS image tags on April 22, 2026, and promptly…

Nearly 6 Million Internet-Facing FTP Servers Still Exposed in 2026, Censys Warns According to a recent April 2026 report by security researcher Himaja Motheram at Censys, just under 6 million internet-facing hosts are still running the File Transfer Protocol (FTP). While this marks a significant 40% decline from the 10.1 million servers observed in 2024,…

Rockstar’s GTA Game Hacked – Attackers published 78.6 Million Records Online Rockstar Games has confirmed a data breach after the notorious hacking group ShinyHunters exploited a third-party integration to access the company’s internal Snowflake data warehouse, ultimately leaking over 78.6 million records on April 14, 2026. The breach did not stem from a direct attack…

FBI Disrupts Russian Router Hijacking Operation Compromised Thousands of Users The U.S. Justice Department and the FBI have successfully dismantled a massive cyberespionage network in a court-authorized takedown dubbed “Operation Masquerade.” Announced on April 7, 2026, the technical operation neutralized thousands of compromised small office/home office (SOHO) routers that were hijacked by Russian military intelligence…

Hackers Using Fake “Microsoft Teams” Domains to Attack Users Via Malicious Payload Cybercriminals are launching a sophisticated new wave of attacks using fake Microsoft Teams domains. According to recent threat intelligence shared by SEAL Org, hackers are actively tricking corporate users into downloading malicious payloads by mimicking the widely used communication platform. As Microsoft Teams remains…

Hackers Probe Citrix NetScaler Instances Ahead of Likely CVE-2026-3055 Exploitation Cybersecurity researchers are sounding the alarm over imminent in-the-wild exploitation of a recently disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances. Threat intelligence firm watchTowr and Defused Cyber have detected active reconnaissance campaigns specifically targeting CVE-2026-3055, a high-severity memory overread flaw that could…

FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers Iran-linked hackers have claimed responsibility for breaching FBI Director Kash Patel’s personal Gmail inbox, leaking photographs, documents, and email correspondence online. The hacker group Handala Hack Team announced the breach on their website, declaring that Patel “will now find his name among the list…

Hackers Compromise Trivy Scanner to Inject malicious Scripts and Steal Login Credentials A sophisticated supply chain attack targeting the official Trivy GitHub Action (aquasecurity/trivy-action) has compromised continuous integration and continuous deployment (CI/CD) pipelines globally. Disclosed in late March 2026, this incident marks the second distinct compromise affecting the Trivy ecosystem within a single month. Threat…

New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data A sophisticated full-chain iOS exploit kit dubbed DarkSword, actively deployed by multiple commercial surveillance vendors and state-sponsored threat actors since at least November 2025 to steal sensitive personal data from iPhone users across four countries. DarkSword is a full-chain iOS exploit that…

Salesforce Warns of ShinyHunters Group Exploiting Experience Cloud Sites A critical warning has been issued about an active threat campaign targeting misconfigured Experience Cloud sites. The notorious threat actor group ShinyHunters has claimed responsibility for a massive data theft operation exploiting overly permissive guest user configurations, reportedly impacting hundreds of high-profile organizations. According to Salesforce’s…

Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices A new artificial intelligence (AI) offensive security tool called CyberStrikeAI, which is being actively leveraged by threat actors to target edge devices, particularly Fortinet FortiGate appliances. This open-source platform, developed by a China-based individual with potential ties to state-sponsored operations, represents a significant escalation in the…

BridgePay Payment Gateway Hit by Ransomware, Causing Nationwide Outages BridgePay Network Solutions, a major U.S. payment gateway provider, confirmed a ransomware attack caused a widespread outage, disrupting card processing for merchants nationwide. The outage began early on February 6, 2026, around 3:29 a.m. EST with degraded performance in systems like the Gateway.Itstgate.com virtual terminal, reporting,…

Threat Actors Hacking NGINX Servers to Redirect Web Traffic to Malicious Servers A sophisticated campaign in which threat actors are stealthily compromising NGINX servers to redirect web traffic to malicious destinations. The attackers, previously linked to “React2Shell” exploits, are now targeting NGINX configurations, specifically those using the Baota (BT) management panel, widely used in Asia.…

OpenClaw AI Agent Skills Abused by Threat Actors to Deliver Malware Hundreds of malicious skills designed to deliver trojans, infostealers, and backdoors disguised as legitimate automation tools. VirusTotal has uncovered a significant malware distribution campaign targeting OpenClaw, a rapidly growing personal AI agent ecosystem. OpenClaw, previously known as Clawdbot and briefly as Moltbot, is a…

Notepad++ Hack Detailed Along With the IoCs and Custom Malware Used A sophisticated espionage campaign attributed to the Chinese Advanced Persistent Threat (APT) group Lotus Blossom (also known as Billbug). The threat actors compromised the infrastructure hosting the popular text editor Notepad++ to deliver a custom, previously undocumented backdoor named “Chrysalis”. This campaign, discovered by…

State-Sponsored Actors Hijacked Notepad++ Update Servers to Redirect Users to Malicious Servers The developer of Notepad++ has confirmed that a targeted attack by a likely Chinese state-sponsored threat actor compromised the project’s former shared hosting infrastructure between June and December 2025. The breach allowed attackers to intercept and selectively redirect update traffic to malicious servers,…

Ubisoft Rainbow Six Siege Servers Breach linked to MongoBleed Vulnerability The chaos surrounding Ubisoft escalated significantly today as the first group of hackers, previously known for silent exploits, initiated a highly visible and disruptive takeover of Rainbow Six Siege servers. Players worldwide are reporting a massive influx of in-game currency, unwarranted bans, and taunting messages…

TrustWallet Chrome Extension Hacked – Users Reporting Millions in Losses Many Trust Wallet users saw their wallets drained of over $7 million after a security breach in the Chrome browser extension version 2.68.0, released on December 24, 2025. Blockchain investigator ZachXBT first flagged the incident on X, noting a surge in unauthorized outflows from affected…

Amazon Catches North Korean IT Worker by Tracking Tiny 110ms Keystroke Delays A slight delay in keystrokes from a supposed U.S.-based IT worker alerted Amazon to a North Korean infiltrator accessing a corporate laptop. The commands should have zipped from the worker’s machine to Amazon’s Seattle headquarters in under 100 milliseconds. Instead, they trickled in…

Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware A deceptive Android application lurking in the Google Play Store, disguised as a document reader and file manager, but delivering the Anatsa banking trojan to users. Cybersecurity firm Zscaler ThreatLabz found an app named “Document Reader – File Manager” by developer ISTOQMAH.…

Crypto User Loses $9,000 in Seconds After Clicking Instagram Ad Promising Easy Profits Jack, a Solana enthusiast using the Phantom wallet, fell victim to a sophisticated crypto drainer scam that wiped out $9,000 from his wallet almost instantly. He informed Cybersecurity News that the incident began with an attractive Instagram advertisement touting quick profits that…

Beware of Weaponized Google Meet Page uses ClickFix Technique to Deliver Malicious Payload A new, highly sophisticated malware campaign has been identified targeting remote workers and organizations through a fake Google Meet landing page. Hosted on the deceptive domain gogl-meet[.]com, this attack leverages the “ClickFix” social engineering technique to bypass traditional browser security controls and…

London Councils’ IT Systems Impacted by CyberAttack, Including Phone Lines Three West London councils are struggling with significant disruption to IT systems and phone lines after a cyberattack on a shared services provider, which officials are publicly describing only as an “IT incident”. The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC),…

Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Devices and Networks An ongoing malicious advertising campaign is weaponizing legitimate software downloads to deploy OysterLoader malware, previously identified as Broomstick and CleanUpLoader. This sophisticated initial access tool enables cybercriminals to establish footholds in corporate networks, ultimately serving as a delivery mechanism for the…

Fake Postmark MCP Server Silently Stole Thousands of Emails With a Single Line of Malicious Code A malicious npm package masquerading as the official Postmark MCP Server has been exfiltrating user emails to an external server.  This fake “postmark-mcp” module, available on npm from versions 1.0.0 through 1.0.15, built trust over 15 incremental releases before…

New Domain-fronting Attack Uses Google Meet, YouTube, Chrome and GCP to Tunnel Traffic Organizations commonly allow traffic to core services like Google Meet, YouTube, Chrome update servers, and Google Cloud Platform (GCP) to ensure uninterrupted operations.  A newly demonstrated domain fronting technique weaponizes this trust to establish covert command-and-control (C2) channels, enabling attackers to tunnel…

First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Ransomware Code AI-powered malware, known as ‘MalTerminal’, uses OpenAI’s GPT-4 model to dynamically generate malicious code, including ransomware and reverse shells, marking a significant shift in how threats are developed and deployed. This discovery follows the recent analysis of PromptLock, another AI-driven malware, indicating a clear…

Heathrow and Other European Airports Hit by Cyberattack, Several Flights Delayed A major cyberattack on a popular aviation software provider has caused significant disruptions at key European airports, including London’s Heathrow, Brussels, and Berlin, resulting in hundreds of flight delays and cancellations on Saturday. The attack disabled electronic check-in and baggage drop systems, forcing airport…

UK Arrested 2 Scattered Spider Hackers Linked to London Transport System Breach UK law enforcement has arrested two individuals linked to the notorious Scattered Spider cybercriminal group, including 19-year-old Thalha Jubair from London, who faces charges in connection with over 120 network intrusions that resulted in more than $115 million in ransom payments.  The arrests…

Google Warns 2.5B Gmail Users to Reset Passwords Following Salesforce Data Breach Google has issued a broad security alert to its 2.5 billion Gmail users, advising them to enhance their account security in the wake of a data breach involving one of the company’s third-party Salesforce systems. The incident, which occurred in June 2025, has…

Hackers Actively Scanning to Exploit Microsoft Remote Desktop Protocol Services From 30,000+ IPs A massive coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with threat actors deploying over 30,000 unique IP addresses to probe for vulnerabilities in Microsoft RD Web Access and RDP Web Client authentication portals.  The campaign represents one of the…

Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections A sophisticated attack technique was uncovered where cybercriminals exploit free trials of Endpoint Detection and Response (EDR) software to disable existing security protections on compromised systems.  This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage…