Hacking Fox – Securitydive

Hackers Exploiting Microsoft Office 0-day Vulnerability to Deploy Malware

admin1 hour ago03 mins

Cybersecurity investigators have identified a new cyberattack campaign connected to the Russia-linked hacking group APT28, also known as UAC-0001. The campaign, named Operation Neusploit, uses a recently discovered Microsoft Office vulnerability called CVE-2026-21509. Security researchers from Zscaler ThreatLabz revealed that the attackers began exploiting the weakness just days after Microsoft publicly disclosed it. The attacks…

Google Uncovered Significant Expansion in ShinyHunters Threat Landscape

admin1 day ago03 mins

The ShinyHunters threat group has expanded its extortion operations with sophisticated attack methods targeting cloud-based systems across multiple organizations. These cybercriminals use voice phishing and fake harvesting credential websites to steal login information from employees. Once they gain access, they extract sensitive data from cloud software applications and use this information to demand ransom payments from…

Grubhub confirms data breach: hackers demand ransom tied to Salesforce attacks

admin2 weeks ago2 weeks ago03 mins

Grubhub confirms it’s been hacked after unauthorized actors gain access to internal systems. The attackers reportedly gained access through credentials stolen during the Salesloft breach last August. Salesloft, a sales engagement platform, suffered a compromise that exposed OAuth tokens for multiple integrated services. Those tokens provided persistent access that attackers exploited months later. Grubhub confirmed…

Chinese-Linked Cyberespionage Target U.S. Government; Mustang Panda

admin3 weeks ago3 weeks ago02 mins

The Chinese-linked cyberespionage group ‘Mustang Panda’ targeted U.S. government and policy-related officials with phishing emails themed around Venezuela. The campaign, uncovered by Acronis, exploited geopolitical events to infect systems and steal data. The U.S. Department of Justice recognizes Mustang Panda as a hacker group backed by China. Chinese-linked cyberespionage group, identified as ‘Mustang Panda,’…

One of the largest US broadband providers investigates breach

admin3 weeks ago05 mins

Crimson Collective claims to have stolen PII on 1M+ Brightspeed customers, including names, emails, phone numbers, and partial payment data Brightspeed has not confirmed the breach, saying it is investigating reports of a cybersecurity event The company, headquartered in Charlotte, NC, operates fiber broadband across 20 states and serves millions of premises One of the…

Russian Defense firms targeted by hackers using AI, other tactics

admin1 month ago1 month ago05 mins

Russian technology companies working on air defense, sensitive electronics and other defense applications were targeted in recent weeks by a cyber espionage group using AI-generated decoy documents, according to a cybersecurity analyst. The discovery by cybersecurity firm Intezer shows how AI tools can be easily harnessed for high-stakes operations, senior security researcher Nicole Fishbein said,…

Cisco says China-linked hackers exploiting insecure setting in security products

admin2 months ago02 mins

China-linked hackers have been using misconfigured Cisco security products to deploy backdoors on target networks for at least the past several weeks. The hacker group, which Cisco tracks as UAT-9686, has been taking advantage of an insecure setting in Cisco’s AsyncOS software, which powers the company’s email and web security devices and virtual platforms, Cisco…

700Credit Data Breach Impacts 5.8 Million Individuals

admin2 months ago2 months ago03 mins

Credit report and identity verification services provider 700Credit has disclosed a data breach impacting more than 5.8 million individuals. 700Credit is the largest provider of credit checks, identity verification, fraud detection, and compliance services for automotive, marine, powersports, and RV dealers in North America. It serves roughly 18,000 dealerships. The incident, the company says, was…

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

admin2 months ago03 mins

The cybersecurity industry is on high alert following the disclosure of a critical React vulnerability that can be exploited by a remote, unauthenticated attacker for remote code execution. React (React.js) is an open source JavaScript library designed for creating application user interfaces. Maintained by Meta and a large community of companies and individual developers from…

FCC says hackers hijack US radio gear to send for False Alerts

admin2 months ago03 mins

Hackers are hijacking U.S. radio transmission equipment to broadcast bogus emergency messages and obscene language, the Federal Communications Commission said on Wednesday. In a public notice, opens new tab, the FCC said a “recent string of cyber intrusions against various radio broadcasters” had occurred, resulting in the issuance of the U.S. Emergency Alert System’s “Attention Signal.”…