Attack List - 2026 2025 2024 2023 2021 2020 2019 2018
DATE |
NAME |
Info | CATEG. |
WEB |
| 3.5.26 | ConsentFix v3 attacks target Azure with automated OAuth abuse | A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. | Attack | BleepingComputer |
| 2.5.26 | Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know | Three seconds of audio is all it takes to clone a voice for fraud. Adaptive Security shows how deepfake calls trick employees into sending real money—and why most defenses don't catch them. | Attack | BleepingComputer |
| 12.4.26 | CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads | Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. | Attack | |
| 11.4.26 | New GPUBreach attack enables system takeover via GPU rowhammer | A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. | Attack | |
| 8.4.26 | New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips | New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to | Attack | The Hacker News |
| 7.3.26 | Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers | A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication. | Attack | BleepingComputer |
| 7.3.26 | How a Brute Force Attack Unmasked a Ransomware Infrastructure Network | A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ransomware-as-a-service ecosystem tied to initial access brokers. | Attack | BleepingComputer |
| 5.3.26 | ClawJacked attack let malicious websites hijack OpenClaw to steal data | Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. | Attack | |
| 31.1.26 | Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms | Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks | Attack | The Hacker News |
| 28.1.26 | When Zoom Phishes You: Unmasking a Novel TOAD Attack Hidden in Legitimate Infrastructure | Prophet AI uncovers a Telephone-Oriented Attack Delivery (TOAD) campaign weaponizing Zoom's own authentication infrastructure. | Attack | The Hacker News |