A sophisticated and increasing wave of cyberattacks now targets software developers through a little-known yet legitimate GitHub feature: the OAuth 2.0 Device Code Flow. Security experts, notably from Praetorian, have warned that threat actors are leveraging this mechanism to trick…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM
Cybersecurity professionals and business leaders are on high alert following a confirmed breach of a utility billing software provider, traced to unpatched vulnerabilities in the widely used SimpleHelp Remote Monitoring and Management (RMM) platform. The Cybersecurity and Infrastructure Security Agency…
HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation
HashiCorp disclosed a critical security flaw (CVE-2025-4922) in its Nomad workload orchestration tool on June 11, 2025, exposing clusters to privilege escalation risks through improper ACL policy enforcement. The vulnerability, rated 8.1 CVSS, enables attackers to bypass namespace restrictions via…
Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks
Fog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime: hackers are using open-source penetration testing tools and genuine staff monitoring software to breach networks, steal confidential data, and initiate ransomware attacks. This unprecedented blend of…
Graphite Spyware Uses iOS Zero-Click Flaw to Target Journalists
Security researchers at Citizen Lab have uncovered the first forensic evidence linking Paragon’s Graphite mercenary spyware to zero-click attacks on journalists’ iPhones. The campaigns exploited a now-patched iMessage vulnerability (CVE-2025-43200) to compromise devices running iOS 18.2.1, highlighting the persistent threat…
JSFireTruck Obfuscation Helps Cybercriminals Hijack Trusted Sites with Malicious JavaScript
A sophisticated and extensive cyber attack campaign has been uncovered, in which threat actors are compromising legitimate websites to inject highly obfuscated JavaScript code. Dubbed “JSFireTruck,” this obfuscation technique enables cybercriminals to quietly redirect unsuspecting visitors to malicious sites capable…
PoC Exploit Unveiled for Windows Disk Cleanup Elevation Vulnerability
Microsoft addressed a high-severity elevation of privilege vulnerability (CVE-2025-21420) in its Windows Disk Cleanup Utility (cleanmgr.exe) during February 2025’s Patch Tuesday. The flaw, scoring 7.8 on the CVSS scale, enabled attackers to execute malicious code with SYSTEM privileges through DLL…
Major Outage Hits Google Cloud and Linked Cloudflare Services, Thousands Affected
On June 12, 2025, concurrent infrastructure failures at Cloudflare and Google caused widespread service disruptions, highlighting vulnerabilities in modern cloud dependencies. The outages impacted critical services ranging from authentication systems to AI platforms, underscoring the fragility of interconnected internet ecosystems.…
WebDAV Remote Code Execution 0-Day Actively Exploited — PoC Released
A critical zero-day vulnerability in Microsoft’s Web Distributed Authoring and Versioning (WebDAV) protocol, tracked as CVE-2025-33053, has been actively exploited by the advanced persistent threat (APT) group Stealth Falcon since March 2025. The flaw, patched in June’s Patch Tuesday, enables…
TokenBreak Exploit Tricks AI Models Using Minimal Input Changes
HiddenLayer’s security research team has uncovered TokenBreak, a novel attack technique that bypasses AI text classification models by exploiting tokenization strategies. This vulnerability affects models designed to detect malicious inputs like prompt injection, spam, and toxic content, leaving protected systems…
Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware
Security researchers have uncovered a sophisticated malware campaign exploiting a little-known flaw in Discord’s invitation system, enabling cybercriminals to hijack expired or deleted invite links and redirect unsuspecting users to malicious servers. This attack chain, discovered by Check Point Research,…
Threat Actors Exploit DeepSeek-R1 Popularity to Target Windows Device Users
A new, highly sophisticated cyberattack campaign is targeting users seeking to download the popular language model DeepSeek-R1, exploiting global interest in large language models (LLMs). Kaspersky researchers have uncovered that threat actors are utilizing malvertising and phishing tactics to distribute…
OpenPGP.js Vulnerability Allows Attackers to Bypass Message Signature Verification
A critical vulnerability in OpenPGP.js, a widely used JavaScript library for encrypted messaging and digital signatures, has been patched after researchers discovered it allowed attackers to spoof message signatures, potentially undermining the trust model of public key cryptography. The flaw,…
Windows Defender Bypass Using PowerShell and Registry Edits in CyberEYE RAT
A newly discovered remote access trojan (RAT) named CyberEye is making waves in the cybersecurity community for its sophisticated capabilities and its reliance on Telegram, the popular messaging platform, as its command-and-control (C2) infrastructure. First detected in the wild in May 2025,…
AitM Phishing Attacks on Microsoft 365 and Google Aimed at Stealing Login Credentials
A dramatic escalation in phishing attacks leveraging Adversary-in-the-Middle (AiTM) techniques has swept across organizations worldwide in early 2025, fueled by the rapid evolution and proliferation of Phishing-as-a-Service (PhaaS) platforms. Sekoia researchers and threat intelligence teams are sounding the alarm as…
OneLogin AD Connector Vulnerabilities Expose Authentication Credentials
A critical security vulnerability in OneLogin’s Active Directory (AD) Connector service has exposed enterprise authentication systems to significant risk The flaw, now reportedly fixed, uncovered by SpecterOps allowed malicious actors to obtain authentication credentials, impersonate users, and access sensitive applications…
Threat Actors Using Bat Files to Deploy Quasar RAT
Remote Access Trojans (RATs) like Quasar have been a persistent threat for years, enabling attackers to control infected systems remotely. Recent SANS research has uncovered a new and particularly stealthy Quasar campaign, characterized by strong obfuscation and an innovative anti-sandbox technique.…
137,000 SoftBank Customers Affected by Data Leak from Third-Party Vendor
SoftBank has previously experienced significant data breaches. In 2004, the company confirmed that personal information on 4,517,039 customers had been leaked through two separate cases involving suspects Yuasa and Kimata. This historical incident demonstrates the scale of data security challenges…
Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks
GitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity vulnerabilities that could allow attackers to take over user accounts, inject malicious code, and disrupt services. The new versions—18.0.2, 17.11.4, and 17.10.8 for both Community Edition…
Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity
Microsoft has addressed multiple critical issues affecting Windows Server 2025 domain controllers through its June 2025 Patch Tuesday updates, resolving authentication failures and network connectivity problems that have plagued administrators since April. The fixes come as part of update KB5060842,…