A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-based workflows and, by extension, the software artifacts they produce. The issue is not a single bug in GitHub or any…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
DifyTap Flaws Expose AI Data Across Tenants on Platform Powering 1M+ Apps
A series of critical vulnerabilities in the widely used open-source LLMOps platform Dify, which powers over one million AI applications. These vulnerabilities, collectively referred to as “DifyTap,” include four flaws, two rated as critical and two that require no authentication.…
AWS Urges Organizations to Turn Outbound Blind Spots Into Monitored Checkpoints
When securing an Amazon Web Services (AWS) estate, teams naturally concentrate on inbound protections firewalls, WAFs, and IAM policies because those defenses stop the most visible attacks. Yet outbound traffic often remains under-monitored, left permissive to avoid breaking dependencies or…
Tata Electronics Data Breach Exposes 200,000+ Files Linked to Apple and Tesla, Hackers Claim
Tata Electronics has reported a cybersecurity incident following claims from a ransomware-linked threat group that it has exfiltrated and published over 200,000 files related to Apple and Tesla’s manufacturing operations. The leaked data, which is said to amount to more…
Microsoft Uncovers Parallel Threat Activity From Two Cyberattackers in Single Intrusion
Microsoft’s latest incident write-up shows that a single intrusion can mask two parallel threat activity streams, one tied to Storm-2603 and another to an unknown actor, making the attack far more complex than a conventional ransomware case. The incident began…
Critical libssh2 Vulnerability Lets Remote Attackers Execute Code via Crafted SSH Packets
A critical security vulnerability has been identified in libssh2, a widely used client-side SSH library. This flaw allows remote attackers to execute code by sending specially crafted SSH packets. The vulnerability, tracked as CVE-2026-55200, has a CVSS score of 9.2…
Critical FFmpeg Vulnerability Lets Hackers Execute Remote Code via Malicious Media Files
A critical memory corruption vulnerability in FFmpeg has been disclosed, allowing for remote code execution through specially crafted media files. This flaw, tracked as CVE-2026-8461 and named “PixelSmash,” affects the MagicYUV decoder within FFmpeg’s libavcodec library and has a CVSS…
Cybercriminals Abuse TDS Infrastructure to Bypass Firewalls and Hide Malicious Destinations
Cybercriminals are increasingly abusing traffic distribution systems (TDSs) to evade defenses, conceal malicious destinations, and funnel victims into phishing, fraud, and malware campaigns. Once considered a legitimate marketing tool to route visitors to different content or offers, TDS infrastructure is…
FlutterShell Malware Uses C2-Delivered JavaScript Payloads to Evade Sandbox Detection
Targeted macOS endpoint monitoring, the CL-CRI-1089 cluster tied to Operation FlutterBridge repurposes the Flutter framework to deliver a novel macOS malware family dubbed FlutterShell. Rather than rehashing prior campaign reporting, this piece treats recovered artifacts as a technical detection case…
CodeStorm Phishing Campaign Targets M365 Tenants With Token Reuse and Replay Attacks
A multi-organization phishing campaign attributed to the CodeStorm family is actively targeting Microsoft 365 tenants with a tenant-aware AiTM (adversary-in-the-middle) phishing kit that combines rotating frontends and backend replay behavior under a stable controller path, /google.php. The human recipient rarely…
FortiBleed Campaign Uses FortigateSniffer to Harvest 110 Million Credentials From Fortinet Firewalls
A large-scale credential harvesting campaign called “FortiBleed” has been uncovered, revealing how threat actors are exploiting Fortinet FortiGate firewalls to capture authentication data on an unprecedented scale. Research from the SOCRadar Threat Research Unit (STRU) indicates that this operation has…
Two Scattered Spider Hackers Convicted Over Transport for London Cyber Attack
Two alleged members of the notorious Scattered Spider cybercrime collective have pleaded guilty to orchestrating a disruptive cyber attack against Transport for London (TfL). This marks a significant law enforcement victory against a group known for targeting large enterprises and…
CalPhishing Campaigns Use Outlook Calendar Invites to Deliver Persistent Phishing Lures
A growing trend in which attackers weaponize Microsoft 365 collaboration features to deliver persistent phishing lures via Outlook calendar invites. By abusing Microsoft 365 Groups and Outlook calendar functionality, threat actors move malicious intent out of a single suspicious message…
OpenAI Launches Daybreak to Automate Vulnerability Patching With GPT-5.5-Cyber
OpenAI has announced Daybreak, a new cybersecurity initiative aimed at automating vulnerability patching on a large scale using its latest GPT-5.5-Cyber model. This marks a shift from merely discovering vulnerabilities to focusing on end-to-end remediation. The initiative addresses a growing…
29-Year-Old Squid Proxy Vulnerability Exposes Authorization Headers and API Keys
A recently disclosed vulnerability in Squid Proxy, tracked as CVE-2026-47729 and referred to as “Squidbleed,” is exposing sensitive user data, including HTTP authorization headers and API keys. This issue arises from a decades-old memory-handling flaw in Squid’s codebase, dating back…
ClawHub Scope Squatting Lets Plugins Masquerade as Official OpenClaw Integrations
A supply-chain weakness in ClawHub’s plugin registry that allowed third-party packages to squat under organizational scopes and inherit first‑party credibility. In a catalog review Manifold found 23 code‑executing plugins published under the @openclaw/ and @clawhub/ scopes by accounts that have…
QNAP Fixes 14 Vulnerabilities in QTS, QuTS Hero, QuTS Cloud, and QVP
QNAP has issued security advisory QSA-26-10, which addresses 14 vulnerabilities affecting its widely used NAS and surveillance platforms, including QTS, QuTS hero, QuTS cloud, and QVP (QVR Pro appliances). These vulnerabilities were disclosed on April 6, 2026, and are categorized…
Microsoft 365 Sensitivity Labels Now Block AI-Powered Content Analysis in Office Apps
Microsoft has announced a significant update to its Microsoft 365 ecosystem to enhance data protection. This update will prevent AI-powered and connected content analysis in Office applications when sensitivity labels are applied. According to Microsoft, the company is expanding the…
Malicious npm Package Masquerades as PostCSS Utility to Deliver PowerShell Downloader
A malicious npm package, postcss-minify-selector-parser, has been discovered masquerading as a benign PostCSS utility and delivering a multi-stage Windows remote access trojan (RAT). The imposter deliberately mimics the widely used postcss-selector-parser a legitimate library with more than 150 million weekly…
Multi-Stage Steganographic Loader Deploys Remcos RAT and Multiple Infostealers Globally
A suspicious file named “GST Debit Note Apr_26.com,” which triggered a deeper investigation and revealed a polished, multi-stage steganographic loader delivering Remcos RAT and multiple infostealers across a global phishing campaign. The initial sample arrived as an archive attachment and…