Iran-Linked Hackers Wipe IT and Recovery Systems in Middle East Cyberattack
Iran-linked hackers have launched a destructive cyber campaign that wipes IT, backup, and recovery systems at multiple organizations in the Middle East and b...
GBHackers
20 articles
Meta AI Vulnerability Allegedly Enables Instagram Password Resets
Instagram is facing scrutiny after a critical vulnerability in its Meta AI-powered support system allegedly allowed attackers to take over user accounts by a...
Microsoft KB5089573 Fixes Windows 11 Patch Tuesday Install Failures
Microsoft has released cumulative update KB5089573 for Windows 11 versions 24H2 and 25H2, aimed at improving stability and resolving installation issues repo...
Windows Netlogon 0-Click RCE Vulnerability Under Active Exploitation
Microsoft’s May 2026 Patch Tuesday release has taken a critical turn after security researchers confirmed that a high-risk Windows Netlogon vulnerability is ...
Hackers Target Signal Users to Steal Backups in New Attack Wave
Hackers are abusing Signal’s in‑app messaging to trick users into giving up their backup recovery keys, allowing attackers to unlock years of supposedly priv...
Palo Alto PAN-OS Authentication Bypass Vulnerability Actively Exploited in the Wild
A critical authentication-bypass vulnerability affecting Palo Alto Networks PAN-OS and Prisma Access is being actively exploited by malicious actors. In resp...
Google Chrome’s DBSC Now Generally Available to Prevent Account Takeovers
Google has officially made Device Bound Session Credentials (DBSC) generally available for the Chrome browser on Windows. This architectural upgrade delivers...
SideCopy Deploys Persistent XenoRAT Against Afghanistan Finance Ministry
Pakistan-linked threat actor SideCopy has launched a highly targeted spear-phishing campaign against Afghanistan’s Ministry of Finance (MoF). The operation s...
Ransomware Abuses SYSTEM Task to Encrypt Drives with Elevated Privileges
A newly analyzed ransomware strain, “The Gentlemen,” is raising concern among security researchers due to its ability to combine strong encryption with aggre...
JINX-0164 Uses LinkedIn Lures to Deploy Custom macOS Malware
A newly identified threat actor tracked as JINX-0164 is targeting cryptocurrency organizations through sophisticated LinkedIn-based social engineering campai...
GREYVIBE Threat Actors Use ChatGPT and Google Gemini to Scale Cyberattack Operations
Threat actors are increasingly turning to generative AI tools such as ChatGPT and Google Gemini to accelerate cyberattack operations, lowering technical barr...
Malicious NuGet Package Disguised as Sicoob SDK Exfiltrates Banking Passwords
A newly discovered malicious NuGet package disguised as a legitimate Sicoob software development kit (SDK) has been caught exfiltrating sensitive banking cre...
Trusted Dev Tools Abused to Steal Code and Secrets
Attackers are increasingly weaponizing trusted developer tools to infiltrate software supply chains, with CISA warning of multiple ongoing campaigns targetin...
Typosquatted npm Packages Steal Cloud and CI/CD Secrets
A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers acti...
GitLab Patches Multiple Duo AI, DoS, and Authorisation Vulnerabilities
GitLab has released patch versions 19.0.
Fake Adobe Document Cloud Pages Spread ScreenConnect Malware
Hackers are actively exploiting trust in Adobe Document Cloud by using fake delivery pages to install remote access malware. The campaign leverages a sophist...
Samba Security Flaw Lets Attackers Execute Code Remotely
A critical security vulnerability in Samba’s printing subsystem has been disclosed, allowing unauthenticated attackers to execute arbitrary code remotely on ...
Zapocalypse Attack Lets Threat Actors Hijack Zapier Accounts
“Zapocalypse” is a newly disclosed attack chain that shows how attackers could have abused Zapier’s “Code by Zapier” feature to move from a single sandboxed ...
OpenVPN Connect macOS Vulnerability Allows Remote Command Execution
OpenVPN has released a critical security update for its macOS client after researchers uncovered a vulnerability that could allow remote command execution on...
Claude Opus 4.8 Released With Advanced Engineering-Level Coding Capabilities
Anthropic has announced the release of Claude Opus 4.8, a major upgrade to its flagship AI model that introduces advanced engineering-level coding capabiliti...