Cloud Security Report Finds Fragmented Tools Widening the Cloud Complexity Gap
Washington D.C.
GBHackers
20 articles
73 Microsoft Packages Weaponized in Password Stealer Attack
GitHub disabled 73 repositories across four Microsoft organizations Azure, Azure-Samples, microsoft, and MicrosoftDocs inside a 105-second window. Each repo ...
New Windows CTF 0-Day Vulnerability Lets Attackers Gain Elevated Privileges
Microsoft has disclosed a new zero-day vulnerability in the Windows Collaborative Translation Framework (CTFMON) that could allow attackers to gain elevated ...
Hackers Use Fake Utility Downloads to Deploy ScreenConnect and Cryptominers
An active cryptojacking campaign in which malicious download sites are surfaced not only through traditional search engine poisoning, but also through AI cha...
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw
CISA has issued a new warning about an actively exploited zero-day vulnerability in Google Chromium that could allow attackers to execute arbitrary code thro...
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems
Cybercriminals are leveraging tax-themed phishing emails to deploy sophisticated in-memory malware on Windows systems, bypassing traditional disk-based detec...
Malicious npm Package ‘dbmux’ Targets Developers
Malware was discovered in the npm package dbmux. Any computer with this package installed or running should be considered fully compromised.
Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks
Microsoft has disclosed a newly identified zero-day vulnerability in Windows BitLocker that could allow attackers to bypass one of the operating system’s cor...
Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges
A newly disclosed zero-day vulnerability dubbed “RoguePlanet” is affecting Microsoft Defender, allowing attackers to escalate privileges and obtain full SYST...
OpenClaw AI Agent Leaks Credentials in Phishing Simulation
Autonomous email agents can become high‑impact phishing victims, leaking cloud credentials and sensitive business data even when wrapped in explicit safety i...
Microsoft Patch Tuesday June 2026 Fixes 198 Vulnerabilities, Including 3 Zero-Days
Microsoft’s June 2026 Patch Tuesday fixes 198 vulnerabilities across Windows, Office, Azure and other Microsoft products, including three zero‑day flaws that...
Hackers Use ClickFix Chain to Deploy MLTBackdoor Malware
A sophisticated new backdoor family, tracked as MLTBackdoor, that operators are deploying through a multi-stage ClickFix infection chain to establish foothol...
Critical Veeam Flaw Could Let Attackers Execute Code on Backup Servers
A critical remote code execution vulnerability in Veeam Backup & Replication could allow attackers to compromise backup infrastructure, posing significant ri...
Hackers Use TikTok and Instagram Reels to Push Fake Software Malware
An emerging phishing vector that weaponizes short-form social videos on TikTok and Instagram Reels to distribute malware and funnel victims to malicious down...
Fortinet FortiSandbox Vulnerability Lets Attackers Execute Unauthorized Commands
Fortinet has disclosed a critical vulnerability in its FortiSandbox product that could allow attackers to execute unauthorized commands without authenticatio...
Google Issues Urgent Chrome Security Update for Exploited Zero-Day Flaw
Google has released an urgent security update for its Chrome browser, addressing multiple vulnerabilities, including a zero-day flaw actively exploited in th...
MagicAd Android Malware Bypasses Restrictions to Flood Devices With Ads
Android.MagicAd, a stealthy Android trojan family that circumvents operating-system safeguards to push intrusive ads from the background.
Microsoft Defender Adds Monitoring for RPC Protocol Abuse in Cyberattacks
Microsoft has introduced enhanced monitoring capabilities in Microsoft Defender for Endpoint to detect and disrupt cyberattacks that abuse the Remote Procedu...
LiteLLM Vulnerability Allows Attackers to Execute Arbitrary Commands on Servers
A critical vulnerability chain affecting LiteLLM has been identified, enabling unauthenticated remote code execution (RCE) on exposed servers. Tracked as CVE...
New BitB Phishing Attack Targets Microsoft 365 Logins
A new Browser-in-the-Browser (BitB) phishing campaign is abusing fake OAuth login windows to steal Microsoft 365 credentials, and its design is polished enou...