Security Advisory Bulletin 064 describing a critical chain of vulnerabilities in UniFi OS Server that allows unauthenticated remote code execution and full root takeover. The issue combines an authentication-gateway bypass, a path-traversal mismatch, and a command-injection sink in the package-update…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Exploit Claude Code MCP Traffic to Hijack OAuth Authentication Tokens
Threat researchers have uncovered a novel man-in-the-middle (MitM) attack chain targeting Anthropic’s Claude Code ecosystem, where adversaries hijack Model Context Protocol (MCP) traffic to steal OAuth authentication tokens and persist access to enterprise SaaS platforms. The technique, detailed by Mitiga,…
Microsoft Warns Claude Code GitHub Action May Expose CI/CD Secrets
Anthropic’s Claude Code GitHub Action could unintentionally expose CI/CD workflow secrets when AI agents process untrusted GitHub content. The risk arises because certain tools the agent uses to read files were not sandboxed like subprocess execution paths such as Bash.…
EDRChoker Tool Abuses Windows QoS Policies to Disrupt Endpoint Security Tools
A newly disclosed red-team tool dubbed “EDRChoker” is drawing attention across the cybersecurity community for its novel approach to disrupting Endpoint Detection and Response (EDR) visibility by abusing Windows Policy-based Quality of Service (quality of service). Unlike traditional EDR evasion…
Hackers Exploit 2026 FIFA World Cup With Phishing and Ticket Scams
Cybercriminals are already turning the 2026 FIFA World Cup into a fraud opportunity, using phishing pages, fake online stores, and ticket scams to steal money and personal data. The risk is rising because the tournament will attract huge global demand,…
Free Samsung and LG Smart TV Apps Reportedly Exploit Devices for AI Proxy Traffic
Free apps available on Samsung, LG, Roku, and other connected TV (CTV) platforms are quietly enrolling users’ smart televisions into a commercial residential proxy network operated by Bright Data, according to a technical investigation published June 5, 2026, by Include…
New ChatGPT Lockdown Mode Aims to Block Prompt Injection and Data Exfiltration Attacks
OpenAI this week introduced Lockdown Mode, a security-focused setting for ChatGPT designed to reduce the risk of data exfiltration from prompt-injection attacks. The feature is rolling out to eligible personal accounts (Free, Go, Plus, Pro) and self-serve ChatGPT Business workspaces,…
Top 10 Best Software Composition Analysis (SCA) Tools for Security Teams in 2026
The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought. With modern applications consisting of over 80% open-source components, the attack surface has shifted drastically. Whether you are…
China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS
A previously disclosed China-linked threat cluster, tracked as OP-512, has been observed deploying a purpose-built web shell framework to compromise Internet Information Services (IIS) servers. Identified by ReliaQuest, the espionage operation targeted a Windows Server 2016 environment running an end-of-life…
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE
Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with root privileges. Disclosed on May 21, 2026, via Security Advisory Bulletin 064 (SAB-064), the flaws are…
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader
A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the attack utilizes highly personalized dynamic lures to initiate a complex, five-stage infection chain that actively dismantles…
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-28318, this flaw allows unauthenticated threat actors to remotely crash the file transfer service.…
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins
Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United States. According to Mandiant’s Google Threat Intelligence Group (GTIG), this financially motivated campaign leverages a highly effective…
Hackers Weaponize Trusted Tools to Deploy Notorious Malware
Attackers are leaning harder on legitimate, preinstalled, or widely used system tools to deliver and operate notorious malware families, creating a stealthy, high-velocity threat that outpaces many traditional defenses. The operational logic for attackers is straightforward. Native utilities such as…
New Magecart Attack Abuses Stripe as Malware C2
A novel Magecart campaign that weaponizes legitimate cloud services to evade detection: attackers are storing a JavaScript skimmer inside Stripe customer metadata and delivering it to victim checkouts via Google Tag Manager. The combination makes Stripe both the command server…
Trend Micro Deep Security Agent Flaw Allows Repeatable Security Bypass
Trend Micro’s Deep Security Agent for Linux contains a design flaw in its behavior-monitoring stack that allows a local, unprivileged attacker to repeatedly force short “blind spots” in which endpoint protections are temporarily bypassed. The issue stems from how the…
Hola Browser Windows Delivery Pipeline Hijacked to Deploy Cryptominer
An undeclared executable bundled with Hola Browser for Windows (version 1.251.91.0) that later proved to be a crypto‑miner. The binary, written to C:\Program Files\Hola\me.exe in affected installs, was not part of the certified footprint, lacked code signing and a timestamp,…
Hugging Face Transformers Security Flaw Allows Remote Code Execution
A critical security flaw in Hugging Face Transformers, tracked as CVE-2026-4372, has exposed millions of machine learning workflows to silent remote code execution (RCE) through a malicious model configuration. Discovered by Pluto Security researcher Yotam Perkal, the issue allows attackers…
New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics
A new Gafgyt-family botnet, tracked as C0XMO, marks a notable technical shift in IoT malware design: the separation of scanning and propagation into distinct components and multi-architecture payloads that maximize reach across heterogeneous Linux devices. The operator delivered C0XMO by…
Malicious Browser Add-Ons Target Major AI Chatbot Users
Malicious browser add-ons are actively harvesting conversations and personal data from users of major AI platforms including ChatGPT, Claude, Copilot, Gemini, and DeepSeek. The threat leverages ostensibly helpful Chrome extensions VPNs, sidebars, and “AI assistants” to intercept agentic-AI interactions, exfiltrate…