Multiple Critical Flaws Fixed in Next.js and React Server Components
Vercel has released Next.js v16.
GBHackers
19 articles
Fake Call History Apps on Google Play Steal Payments, Hit 7.3M+ Downloads
28 fake “call history” utilities on Google Play, collectively installed more than 7.3 million times, have been exposed as subscription scams that generate fa...
CISA Issues Warning Over Palo Alto PAN-OS Flaw Enabling Root-Level Access
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a newly identified, severe vulnerability within Palo Alto ...
Hackers Weaponize Claude AI in Attacks on Water and Drainage Utilities
Hackers have abused commercial Claude AI models to help compromise a Mexican water and drainage utility’s IT network and probe systems connected to critical ...
Claude and SpaceX Join Forces to Enhance Large-Scale Compute Capacity
Anthropic has officially announced a massive strategic partnership with SpaceX to expand its computing capabilities significantly. This collaboration aims to...
Spring Vulnerabilities Open Door to Arbitrary File Access and GCP Secret Leaks
Security researchers have identified four new vulnerabilities in the Spring Cloud Config Server, ranging from medium to critical severity. These newly disclo...
Fake Claude AI Installers Used to Spread Malware in New Cyber Scam
Hackers are abusing fake Claude AI installer pages promoted through Google Ads to trick users into running malware in a campaign. The operation combines high...
Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking
New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrast...
Google Chrome 148 Released With Fixes for 127 Security Flaws
Google has officially rolled out Chrome version 148 to the stable channel, delivering a massive security overhaul that addresses 127 vulnerabilities across W...
UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools
A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America...
Hackers Exploit Google Ads to Steal GoDaddy ManageWP Logins
Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying vi...
Redis Security Flaws Expose Servers to Remote Code Execution Risks
Redis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote...
Malicious NuGet Packages Steal Browser Credentials, SSH Keys, and Crypto Wallets
Malicious NuGet packages are quietly stealing browser credentials, SSH keys, and cryptocurrency wallet data from developer machines and CI/CD infrastructure,...
Cisco Network Flaw Exposes Devices to Remote Denial-of-Service Exploits
Cisco has issued a high-severity security advisory detailing a critical connection exhaustion vulnerability affecting its network management software. Tracke...
Critical vm2 Node.js Library Flaws Enable Arbitrary Code Execution Attacks
Multiple critical sandbox-escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers to ...
Fake Disk Cleanup Apps Fuel New macOS ClickFix Attack
A wave of ClickFix-style social engineering attacks that specifically target macOS users, using fake disk cleanup and system utility tips hosted on popular c...
Cybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFA
Iranian state-sponsored threat actors linked to MuddyWater (Seedworm) have been caught hiding behind the Chaos ransomware brand to conduct sophisticated espi...
WatchGuard Agent Flaws Allow Attackers to Gain Full SYSTEM Privileges on Windows
Multiple high-severity vulnerabilities in the WatchGuard Agent for Windows could allow malicious actors to elevate their privileges to the highest system lev...
Salat Malware Abuses QUIC and WebSockets for Stealthy C2 Control
A powerful new Windows malware family dubbed Salat Stealer, a Go-based Remote Access Trojan (RAT) that blends classic infostealing with a stealthy QUIC/WebSo...