A new phishing campaign exploiting Microsoft’s OAuth 2.0 Device Authorization Grant flow to gain unauthorized and persistent access to Microsoft 365 accounts. The sophisticated attack active since December 2025 specifically targets professionals and enterprises in North America, with over 44%…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
PromptSpy: First Android AI Malware Leverages Google’s Gemini for Decision-Making
PromptSpy is a newly discovered Android malware family that abuses Google’s Gemini generative AI model to make real‑time decisions on how to manipulate the user interface and stay active on infected devices. PromptSpy’s AI‑assisted functionality is focused on persistence rather…
China’s Parallel CVE Systems Expose Alternate Vulnerability Disclosure Timeline
Beyond CVE, China’s dual vulnerability databases, CNVD and CNNVD, show that vulnerability disclosure is not a single, global, unified process but a set of parallel systems with different rules, incentives, and timelines. China runs two national vulnerability databases: CNNVD, operated…
Citizen Lab Finds Evidence of Mobile Data Extraction from Detained Kenyan Activist
Citizen Lab says it found forensic evidence that Cellebrite’s mobile extraction technology was used on a Samsung Android phone belonging to detained Kenyan activist and politician Boniface Mwangi while the device was in police custody in July 2025. The group…
Researchers Uncover DoS Vulnerabilities in Socomec DIRIS M-70 IIoT Power Meter via Thread Emulation & Fuzzing
Selective thread emulation and coverage-guided fuzzing have exposed six denial-of-service (DoS) vulnerabilities in the Socomec DIRIS M-70 IIoT power-monitoring gateway, all of which are now patched under Cisco’s Coordinated Disclosure Policy. The Socomec DIRIS M-70 gateway is a central communications…
Microsoft Defender Introduces Centralized Script Library Powered by Copilot for Live Response
Microsoft has unveiled a significant enhancement to its Defender platform: centralized library management for live response operations, powered by Microsoft Security Copilot. This new capability addresses a critical workflow limitation that previously required security analysts to upload scripts and tools…
Threat Actors Using Fake Google Forms Site to Harvest Google Logins
A new phishing campaign in which threat actors are using a convincing fake version of Google Forms to steal Google account credentials. Cybercriminals are once again exploiting a trusted brand Google to trick job seekers and steal their credentials. The…
CISA Alerts Organizations to Honeywell CCTV Flaw Enabling Account Takeovers
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical vulnerability affecting multiple Honeywell CCTV camera products that could allow attackers to take over user accounts and gain unauthorized access to camera feeds. The flaw,…
Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via DNS
Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The “ClickFix” tactic, which typically tricks users into copying and pasting malicious scripts to “fix” a fake browser error, has undergone significant evolution.…
Hackers Hide Malware in Emoji-Based Code to Bypass Security Defenses
Hackers are increasingly abusing emoji and other Unicode tricks to hide malicious code, bypass filters, and evade modern security controls, including AI-powered defenses. This emerging technique, known as emoji or Unicode smuggling, turns harmless-looking characters into stealth carriers for commands, data, and…
Stealthy Crypto-Mining Malware Jumps Air-Gaps, Spreads via External Drives
Cryptojacking, the unauthorized use of a victim’s computing resources to mine cryptocurrency, has transitioned from a browser-based nuisance (typified by Coinhive scripts) to a system-level threat utilizing advanced malware techniques. The infection chain starts with a familiar lure: cracked “premium”…
OpenAI Launches EVMbench: A New Framework to Detect and Exploit Blockchain Vulnerabilities
OpenAI has collaborated with crypto investment firm Paradigm to release EVMbench, a new benchmark designed to evaluate how artificial intelligence agents interact with smart contract security. As smart contracts currently secure over $100 billion in open-source crypto assets, the ability…
New Threat Emerges as Attackers Leverage Grok and Copilot to Evade Security Monitoring
Researchers at Check Point Research (CPR) have uncovered a novel technique where cybercriminals utilize popular AI platforms like Grok and Microsoft Copilot to orchestrate covert attacks. This method transforms benign AI web services into proxies for Command and Control (C2)…
Researchers Expose DigitStealer C2 Infrastructure Targeting macOS Users
DigitStealer’s expanding command-and-control (C2) footprint is exposing more of its backend than its operators likely intended, giving defenders fresh opportunities to track and block new infrastructure linked to the macOS‑targeting infostealer. Unlike many popular stealers, it does not expose a…
Microsoft 365 Copilot Vulnerability Exposes Sensitive Emails Through AI Summaries
A security flaw in Microsoft 365 Copilot is currently causing the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, essentially bypassing configured Data Loss Prevention (DLP) policies. This vulnerability exposes potentially sensitive organizational data to unauthorized…
Critical MCP Server Enables Arbitrary Code Execution and Sensitive Data Exfiltration
MCP servers can silently turn AI assistants into powerful attack platforms, enabling arbitrary code execution, large‑scale data exfiltration, and stealthy user manipulation across both local machines and cloud environments. New research and recent real‑world incidents show that this emerging ecosystem…
OpenClaw AI Framework v2026.2.17 Adds Anthropic Model Support Amid Credential Theft Bug Concerns
OpenClaw, the open-source autonomous AI assistant that has gained widespread adoption in early 2026, released version v2026.2.17 on February 17, 2026, introducing support for Anthropic’s latest Claude Sonnet 4.6 model. The release comes amid growing security concerns after researchers documented…
Cryptocurrency Scams in Asia Combine Malvertising and Pig Butchering, Causing Losses Up to ¥10 Million
A rising wave of cryptocurrency scams sweeping across Asia is blending two major fraud techniques malvertising and pig butchering to create a more deceptive and scalable attack model. The scams begin with malvertising, where attackers run ads impersonating well‑known financial experts or promoting…
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in the Wild, Targeting Corporate Networks
Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, are being actively exploited to compromise enterprise mobile fleets and corporate networks. Both are remote code execution (RCE) vulnerabilities that allow unauthenticated attackers to run…
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations
Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise‑wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side‑loading, and dual malware families…