Fake Video Player Updates Spread Miner and RAT Malware
Hackers are actively exploiting illegal streaming platforms to distribute advanced malware, using fake video player updates as a lure to infect unsuspecting ...
GBHackers
20 articles
Fake Codex Remote UI Steals OpenAI Auth Tokens
A newly uncovered supply chain attack is leveraging a legitimate-looking developer tool, codexui-android, to silently steal OpenAI Codex authentication token...
MicrosoftSystem64 Malware Abuses Hugging Face for Stealthy Data Theft
A sophisticated supply chain attack targeting the npm ecosystem has been uncovered, involving a malicious package named js-logger-pack that evolved into a po...
Carnival Cruise Breach Leaks Sensitive Customer Information
Carnival Corporation has disclosed a significant data breach impacting approximately 5.99 million individuals, raising serious concerns about data security w...
Malicious RVTools Installer Uses Sectigo Cert to Evade SmartScreen
A malicious fake RVTools installer is abusing a legitimately issued Sectigo code‑signing certificate to slip past Microsoft Defender SmartScreen and many end...
New Gogs 0-Day Flaw Enables Remote Code Execution on Servers
A new 0-day vulnerability in Gogs, a popular self-hosted Git service, allows authenticated users to run arbitrary commands on the server and potentially take...
The CISO Whisperer’s Watch List For The Gartner Security & Risk Management Summit 2026
New York, USA, May 28th, 2026, CyberNewswire TVC Analyst Group has released its list of twelve cybersecurity companies identified for their activity and posi...
Hackers Pivot from marimo RCE to Internal Database Using LLM Agent
A newly observed intrusion demonstrates how attackers are replacing static playbooks with AI-driven agents that adapt in real time. The attack began on May 1...
Malicious Websites Exploit SSD Timing Signals to Monitor Visitor Activity
Malicious websites can now exploit subtle SSD timing signals in modern browsers to quietly track what users are doing on their devices, including which sites...
VaultJacking Attack Exposes Google Password Vaults via Single PIN
A newly disclosed phishing technique dubbed “VaultJacking” is raising serious concerns across the cybersecurity community after researchers demonstrated how ...
Top 10 Best Mobile Application Security Testing (MAST) Tools in 2026
As mobile usage continues to dominate the digital landscape, securing mobile applications has never been more critical. The year 2026 brings new challenges t...
Gitea Container Registry Vulnerability Could Lead to Private Image Exposure
A critical vulnerability, tracked as CVE-2026-27771, has been discovered in Gitea’s built-in container registry, allowing unauthenticated remote attackers to...
AI-Generated npm Malware Leaks Hacker’s Private GitHub Token
A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitH...
Critical Notepad++ Flaw Could Enable Remote Code Execution Attacks
Notepad++ has released version 8.9.
ClearFake Abuses BSC Testnet Contracts for Resilient C2 Operations
Threat actors behind the ClearFake campaign have adopted a novel and highly resilient command-and-control (C2) architecture by leveraging BNB Smart Chain (BS...
Roundcube Webmail Vulnerability Allows Hackers to Execute Malicious SQL Queries
Roundcube Webmail users are being urged to update their systems immediately after the disclosure of multiple security vulnerabilities, including a critical p...
Hackers Spread VIP Keylogger via Fake Business Emails
Hackers are actively deploying VIP Keylogger through phishing emails disguised as routine business documents, using multi‑layered loaders, steganography, and...
Motorola App Allegedly Hijacks Amazon App Activity to Insert Affiliate Referral Codes
Motorola is facing scrutiny after researchers and users discovered that its preinstalled Smart Feed app was silently hijacking launches of the Amazon Shoppin...
Microsoft Warns Against Public Release of Zero-Day Details Before Vendor Coordination
Microsoft has issued a strong warning to the cybersecurity community following a recent surge in publicly disclosed zero-day vulnerabilities without prior co...
Hackers Host JS Malware on GHOSTYNETWORKS and OMEGATECH
Hackers are abusing two bulletproof hosting providers, GHOSTYNETWORKS and OMEGATECH, to run a global JavaScript (JS) malware infrastructure that powers large...