Security researchers have discovered a sophisticated method that allows attackers to steal access tokens from Microsoft Teams, potentially granting unauthorized access to sensitive corporate communications, emails, and SharePoint documents. The attack vector represents a significant security risk for organizations relying…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Global SMS Phishing Campaign Traced to China Targets Users Worldwide
A sophisticated and widespread smishing campaign originating from China has emerged as a significant threat to users worldwide. Researchers have attributed the ongoing attack to a group known as the Smishing Triad, which has demonstrated unprecedented scale and complexity through…
Vulnerability in Perplexity’s Comet Browser Screenshot Feature Allows Malicious Prompt Injection
Researchers have discovered a critical security vulnerability in Perplexity’s Comet AI browser that allows attackers to inject malicious commands through hidden text in screenshots. The vulnerability, disclosed on October 21, 2025, demonstrates how AI-powered browsers can become dangerous gateways for…
Caminho Malware Loader Conceals .NET Payloads inside Images via LSB Steganography
Cybersecurity researchers at Arctic Wolf Labs have uncovered a cunning new threat dubbed Caminho, a Brazilian Loader-as-a-Service (LaaS) that’s turning everyday images into Trojan horses for malware. Active since March 2025 and evolved rapidly by June, this operation hides .NET…
Stealthy Malware Leveraging Variable Functions and Cookies for Evasion
Cybersecurity researchers at Wordfence Threat Intelligence and their Care and Response teams have observed a persistent trend in new malware that leverages heavy obfuscation techniques to evade detection. While some malware attempts to blend in as legitimate files, the more…
Cybercriminals Impersonate Aid Agencies to Lure Victims with Fake Financial Offers
Scammers have intensified their efforts to defraud vulnerable populations through sophisticated impersonation schemes and fraudulent financial aid offers, according to recent intelligence monitoring and law enforcement findings. The threat landscape reveals a coordinated, international ecosystem of fraud operations targeting individuals…
TransparentTribe Targets Linux Systems in Indian Military to Deploy DeskRAT
In July 2025, cybersecurity firm CYFIRMA uncovered an active phishing campaign targeting Linux-based operating systems used by Indian government and military organisations. This operation, attributed to TransparentTribe (also known as APT36 or Operation C-Major), is the latest in a series…
Jira Vulnerability Lets Attackers Alter Files Accessible to the Jira JVM Process
Atlassian has disclosed a critical path traversal vulnerability affecting Jira Software Data Center and Server that could allow authenticated attackers to modify files accessible to the Jira Java Virtual Machine (JVM) process. The vulnerability, tracked as CVE-2025-22167, carries a high…
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbed SessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected…
Jingle Thief Hackers Exploit the Festive Season with Weaponized Gift Card Scams
Cybersecurity researchers have uncovered a sophisticated campaign targeting global retail and consumer services organizations through credential theft and gift card fraud. Dubbed “Jingle Thief,” this operation exploits the festive shopping season when companies are most vulnerable to financial fraud schemes.…
Warlock Ransomware Exploits SharePoint ToolShell Zero-Day in New Attack Campaign
Chinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability. The group’s sophisticated attack infrastructure, combined with evidence of historical espionage activities dating back to 2019,…
OpenAI Faces DHS Request to Disclose User’s ChatGPT Prompts in Investigation
Over the past year, federal agents struggled to uncover who operated a notorious child exploitation site on the dark web. Their search took an unexpected turn when the suspect revealed their use of ChatGPT, marking a significant moment in digital…
New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as “Nursultan Client,” a legitimate Minecraft application popular in Eastern-European and Russian gaming communities. The malware leverages the Telegram Bot API as…
SideWinder Leverages ClickOnce Installer to Deliver StealerBot Malware
The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with ClickOnce technology to deploy StealerBot malware against diplomatic targets across South Asia. SideWinder orchestrated a carefully…
New Malware Toolkit from MuddyWater Delivers Phoenix Backdoor to Global Targets
Group-IB Threat Intelligence has uncovered a sophisticated phishing campaign orchestrated by the Iran-linked Advanced Persistent Threat group MuddyWater, targeting international organizations worldwide to gather foreign intelligence. The campaign demonstrates the threat actor’s evolving tactics and enhanced operational maturity in exploiting…
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code…
BIND 9 Vulnerabilities Expose DNS Servers to Cache Poisoning and DoS
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly disclosed on October 22, 2025, affecting DNS resolvers and potentially impacting millions of users worldwide.…
Critical Argument Injection Flaw in AI Agents Enables Remote Code Execution
AI-powered agents are increasingly relied upon to execute tasks like code analysis, file management, and automating workflows. However, a newly highlighted vulnerability argument injection shows how attackers can use these very capabilities to achieve remote code execution (RCE), even when…
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual…
Critical MCP Server Flaw Exposes Over 3,000 Servers and Thousands of API Keys
A critical vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service, exposed over 3,000 AI servers and thousands of API keys to potential attackers. Security researchers discovered a simple path traversal flaw that enabled unauthorized access to…