Attack List - 2026 2025 2024 2023 2021 2020 2019 2018
DATE |
NAME |
Info | CATEG. |
WEB |
| 20.6.26 | GhostTree Attack Abused Recursive Windows Junctions to Hide Malware | GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected. | Attack | BleepingComputer |
| 20.6.26 | AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution | Microsoft researchers have detailed an exploit chain, named AutoJack , that turns an AI browsing agent into a delivery vehicle for remote code | Attack | The Hacker News |
| 9.6.26 | New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing | A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The | Attack | The Hacker News |
| 7.6.26 | New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute | A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. | Attack | BleepingComputer |
| 3.6.26 | New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare | Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, | Attack | The Hacker News |
| 3.5.26 | ConsentFix v3 attacks target Azure with automated OAuth abuse | A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. | Attack | BleepingComputer |
| 2.5.26 | Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know | Three seconds of audio is all it takes to clone a voice for fraud. Adaptive Security shows how deepfake calls trick employees into sending real money—and why most defenses don't catch them. | Attack | BleepingComputer |
| 12.4.26 | CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads | Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. | Attack | |
| 11.4.26 | New GPUBreach attack enables system takeover via GPU rowhammer | A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. | Attack | |
| 8.4.26 | New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips | New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to | Attack | The Hacker News |
| 7.3.26 | Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers | A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication. | Attack | BleepingComputer |
| 7.3.26 | How a Brute Force Attack Unmasked a Ransomware Infrastructure Network | A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ransomware-as-a-service ecosystem tied to initial access brokers. | Attack | BleepingComputer |
| 5.3.26 | ClawJacked attack let malicious websites hijack OpenClaw to steal data | Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. | Attack | |
| 31.1.26 | Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms | Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks | Attack | The Hacker News |
| 28.1.26 | When Zoom Phishes You: Unmasking a Novel TOAD Attack Hidden in Legitimate Infrastructure | Prophet AI uncovers a Telephone-Oriented Attack Delivery (TOAD) campaign weaponizing Zoom's own authentication infrastructure. | Attack | The Hacker News |