Tag: gbhackers

Fake Employee Performance Reports Deliver Guloader Malware Organizations are being warned about a new phishing campaign that weaponizes fake employee performance reports to deploy the Guloader malware and ultimately install Remcos… Go to gbhackers.com

Massive Instagram Data Breach Exposes Personal Details of 17.5 Million Users A staggering cybersecurity incident has come to light, with 17.5 million Instagram users’ personal information exposed in a data breach advertised on dark web… Go to gbhackers.com

Cybercriminals Exploit Maduro Arrest News to Spread Backdoor Malware Cybercriminals are leveraging reports of Venezuelan President Nicolás Maduro’s arrest on January 3, 2025, to distribute backdoor malware through a sophisticated social engineering campaign…. Go to gbhackers.com

Microsoft Introduces Teams External Collaboration Administrator Role  Microsoft is expanding its administrative capabilities in Teams by introducing a new built-in role called Teams External Collaboration Administrator.   This specialized RBAC role enables organizations to delegate external… Go to gbhackers.com

Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials Arctic Wolf Labs has uncovered a new ransomware variant dubbed “Fog” striking US organizations, primarily in education and recreation, through hijacked VPN access. First… Go to gbhackers.com

xRAT Malware Targets Windows Users via Fake Adult Game AhnLab Security Intelligence Center (ASEC) has uncovered a dangerous distribution campaign targeting Windows users through Korean web hard services. Threat actors are leveraging xRAT… Go to gbhackers.com

OWASP CRS Vulnerability Enables Charset Validation Bypass  A newly disclosed vulnerability in the OWASP Core Rule Set (CRS) allows attackers to bypass charset validation in web application firewalls (WAFs), enabling dangerous payloads to reach… Go to gbhackers.com

New OAuth Attack Lets Hackers Bypass Microsoft Entra Authentication and Steal Keys In a year-end tradition that has become all too familiar for cybersecurity defenders, researchers have uncovered a novel attack vector targeting Microsoft Entra ID… Go to gbhackers.com

New DocuSign-Themed Phishing Scam Delivers Stealth Malware to Windows Devices New research has uncovered a sophisticated phishing campaign that abuses DocuSign’s brand to deliver Vidar malware and infect Windows systems.   The operation uses a realistic phishing site, a fake… Go to gbhackers.com

Trump Signals Possible Cyber Involvement in Caracas Power Loss During Maduro Extraction President Donald Trump has strongly hinted that the United States used offensive cyber capabilities to help plunge Caracas into darkness during the operation to capture Venezuelan… Go to gbhackers.com

Cisco ISE Vulnerability Enables Access to Sensitive Data Cisco has disclosed a new XML External Entity (XXE) vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that… Go to gbhackers.com

ChatGPT Health: A New Secure Space for Trusted Health and Medical Conversations ChatGPT Health is launching as a dedicated health-focused version of ChatGPT that combines personalized health data with stronger privacy and security controls to support not replace conversations with clinicians.   The… Go to gbhackers.com

GitLab Patches Multiple Flaws Allowing Arbitrary Code Execution  Linux administrators are being urged to update promptly after disclosures of multiple vulnerabilities in GitLab, including flaws that could enable cross-site scripting, authorization bypass, and… Go to gbhackers.com

BlueDelta Hackers Target Microsoft OWA, Google, and Sophos VPN to Steal Credentials A sophisticated credential-harvesting operation conducted by BlueDelta, a Russian state-sponsored threat group linked to the GRU’s Main Directorate, targeted critical infrastructure organizations and research… Go to gbhackers.com

Three Malicious NPM Packages Target Developers’ Login Credentials Security researchers at Zscaler ThreatLabz have uncovered three malicious npm packages designed to install a sophisticated remote access trojan (RAT) targeting JavaScript developers. The… Go to gbhackers.com

Linux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering  Linux laptop users are being urged to update after a flaw in a popular battery optimisation tool was found to allow authentication bypass and system tampering.   The… Go to gbhackers.com

ownCloud Warns Users to Enable MFA After Credential Theft Incident ownCloud has issued an urgent security advisory urging users to enable Multi-Factor Authentication (MFA) following a credential theft incident reported by threat intelligence firm… Go to gbhackers.com

Veeam Backup Vulnerability Exposes Systems to Root-Level Remote Code Execution  Veeam has released a critical security update for its Backup & Replication software to address multiple high-severity vulnerabilities.   The most concerning of these flaws could allow attackers… Go to gbhackers.com

Black Cat Hacker Group Uses Fake Notepad++ Websites to Distribute Malware and Steal Data A sophisticated cyberattack campaign orchestrated by the notorious “Black Cat” criminal gang has been uncovered by CNCERT and Microstep Online, revealing a coordinated effort… Go to gbhackers.com

Google Warns of High-Risk WebView Vulnerability That Breaks Security Controls Google released Chrome versions 143.0.7499.192/.193 on January 6, 2026, to patch a high-severity vulnerability in WebView that could allow attackers to bypass important security… Go to gbhackers.com

Court Demands OpenAI Hand Over 20M Anonymized ChatGPT Chats in AI Copyright Dispute A federal judge has ordered OpenAI to turn over 20 million anonymized ChatGPT conversation logs in a major copyright lawsuit, rejecting the company’s arguments… Go to gbhackers.com

Hackers Create Fake DocuSign Login Page to Steal User Credentials Phishing attacks continue to dominate the cybercrime landscape as threat actors refine their social engineering tactics to evade detection systems. The FBI’s Internet Crime… Go to gbhackers.com

Hackers Steal $35M in Cryptocurrency Following LastPass Breach Russian cybercriminals have laundered over $35 million in stolen cryptocurrency linked to the devastating 2022 LastPass breach, according to new forensic analysis by blockchain… Go to gbhackers.com

Attackers Leverage FortiWeb Vulnerabilities to Deploy Sliver C2 for Long-Term Access Threat researchers have uncovered a sophisticated attack campaign targeting FortiWeb web application firewalls across multiple continents, with adversaries deploying the Sliver command-and-control framework to… Go to gbhackers.com

Kimwolf Botnet Exploits 2 Million Devices to Build a Global Proxy Infrastructure A massive new botnet dubbed “Kimwolf” has infected over 2 million devices globally, transforming innocent users’ home internet connections into secret proxy nodes for… Go to gbhackers.com

ProfileHound: Post-Escalation Tool Designed to Achieve Red Team Objectives ProfileHound emerges as a specialized post-exploitation instrument for offensive security professionals seeking to identify high-value targets within Active Directory environments. The tool addresses a… Go to gbhackers.com

GHOSTCREW: AI-Powered Red Team Toolkit Integrating Metasploit, Nmap, and More A new open-source tool is bridging the gap between artificial intelligence and offensive security operations.  GHOSTCREW is an advanced AI red team assistant that leverages Large… Go to gbhackers.com

Finnish Authorities Arrest Two Sailors in Probe Into Undersea Cable Disruption Finnish authorities have detained a cargo vessel suspected of damaging an undersea telecommunications cable connecting Helsinki to Estonia. The incident has raised fresh concerns… Go to gbhackers.com

Handala Hackers Breach Telegram Accounts Linked to Israeli Officials In December 2025, the Iran-linked hacking group known as Handala escalated its influence operations against Israel’s political establishment by publishing material it claimed was… Go to gbhackers.com

Google Tasks Feature Exploited in New Sophisticated Phishing Campaign Over 3,000 organisations, predominantly in manufacturing, fell victim to a sophisticated phishing campaign in December 2025 that leveraged Google’s own application infrastructure to bypass… Go to gbhackers.com

Hacker Group Claims Responsibility for Alleged Tokyo FM Broadcasting Breach A threat actor operating under the alias “victim” has claimed responsibility for a significant data breach targeting Tokyo FM Broadcasting Co., Ltd., a central… Go to gbhackers.com

Cognizant Faces Multiple US Class-Action Lawsuits After TriZetto Data Breach Cognizant Technology Solutions is facing a wave of legal challenges in the United States following a significant data breach at its subsidiary, TriZetto Provider… Go to gbhackers.com

RondoDoX Botnet Abuses React2Shell Vulnerability for Malware Deployment CloudSEK has uncovered a sustained nine-month campaign by the RondoDoX botnet operation, revealing rapid exploitation of emerging vulnerabilities including the critical React2Shell vulnerability. Analysis… Go to gbhackers.com

GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS… Go to gbhackers.com

New Cybercrime Tool “ErrTraffic” Enables Automated ClickFix Attacks The cybercriminal underground has entered a new phase of industrialization. Hudson Rock researchers have uncovered ErrTraffic v2, a sophisticated ClickFix-as-a-Service platform that commoditizes deceptive… Go to gbhackers.com

NeuroSploit v2 Launches as AI-Powered Penetration Testing Framework NeuroSploit v2 is an advanced AI-powered penetration testing framework designed to automate and enhance offensive security operations. Leveraging cutting-edge large language model (LLM) technology,… Go to gbhackers.com

DarkSpectre Malware Campaign Hits Chrome, Edge, and Firefox Users A sophisticated Chinese threat actor dubbed DarkSpectre has compromised 8.8 million users across Chrome, Edge, and Firefox through three distinct malware campaigns that have… Go to gbhackers.com

Malicious Manipulation of LLMs for Scalable Vulnerability Exploitation A groundbreaking study from researchers at the University of Luxembourg reveals a critical security paradigm shift: large language models (LLMs) are being weaponized to… Go to gbhackers.com

Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions A sophisticated and expansive Magecart campaign has been uncovered, marking a dangerous evolution in client-side attacks. Security researchers have identified a global operation utilizing… Go to gbhackers.com

Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion A threat actor operating under the handle Crypt4You has begun advertising a sophisticated new offensive tool on underground cybercrime forums, marketed as a “kernel-level” security neutralization… Go to gbhackers.com

ESET Flags Rising Threat of AI-Driven Malware and Ransomware The cybersecurity landscape entered a critical new era in the second half of 2025 as AI-powered malware transitioned from theoretical threat to tangible reality,… Go to gbhackers.com

Critical IBM API Connect Flaw Allows Attackers to Bypass Authentication IBM has disclosed a critical authentication bypass vulnerability affecting its API Connect platform, assigning it a maximum CVSS severity score of 9.8. The flaw,… Go to gbhackers.com

New Spear-Phishing Attack Targeting Security Individuals in the Israel Region Israel’s National Cyber Directorate has issued an urgent alert warning of an active spear-phishing campaign specifically targeting individuals employed in security and defense-related sectors…. Go to gbhackers.com

Hacker Dumped MacBook in River in Attempt to Destroy Digital Evidence A former employee of South Korean e-commerce giant Coupang attempted to destroy evidence of a massive data theft by throwing his MacBook Air into… Go to gbhackers.com

Hackers Launch 2.5 Million+ Malicious Requests Targeting Adobe ColdFusion Servers Security researchers have uncovered a massive coordinated exploitation campaign where threat actors launched over 2.5 million malicious requests against vulnerable systems during the Christmas… Go to gbhackers.com

Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts A severe unauthenticated remote code execution vulnerability has been discovered in XSpeeder networking devices, potentially affecting more than 70,000 publicly accessible hosts worldwide. Tracked… Go to gbhackers.com

New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones Security researchers have disclosed critical vulnerabilities in Airoha-based Bluetooth headphones that enable attackers to compromise connected smartphones through chained exploits. The three vulnerabilities CVE-2025-20700,… Go to gbhackers.com

Silver Fox Hackers Target Indian Entities Using Income Tax Phishing Lures Threat intelligence researchers at CloudSEK have uncovered a sophisticated phishing campaign targeting Indian entities using Income Tax-themed lures, attributed to the Chinese-aligned Silver Fox… Go to gbhackers.com

Hacktivist Proxies and the Normalization of Cyber Pressure Campaigns A significant shift in the cyber threat landscape has been identified in a new research report, distinguishing modern “Hacktivist Proxy Operations” from traditional digital… Go to gbhackers.com

MongoBleed Detector Launched to Identify Critical MongoDB Flaw (CVE-2025-14847) Security researchers have released an open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting multiple… Go to gbhackers.com

Hackers Compromise Trust Wallet Chrome Extension, Users Claim Millions Stolen Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025. The… Go to gbhackers.com

Google Introduces Option to Change @gmail.com Email Addresses For years, Google users have been stuck with the email addresses they created when they first signed up. If you picked an embarrassing username… Go to gbhackers.com

Critical LangChain Vulnerability Allows Attackers to Steal Sensitive Secrets A critical security vulnerability in LangChain, one of the world’s most widely deployed AI frameworks, enables attackers to extract environment variable secrets and, through… Go to gbhackers.com

Unpatched FortiGate Security Flaw Allows Attackers to Bypass 2FA Controls A critical authentication bypass vulnerability in FortiGate devices enables threat actors to circumvent two-factor authentication (2FA) protections through case-sensitive username manipulation. The flaw, tracked… Go to gbhackers.com

Evasive Panda APT: Malware Delivery via AitM and DNS Poisoning Evasive Panda, a sophisticated threat actor known by the aliases Bronze Highland, Daggerfly, and StormBamboo, has escalated its offensive capabilities through a two-year campaign… Go to gbhackers.com

Microsoft Enhances BitLocker with Hardware Acceleration Support Microsoft has officially announced a major upgrade to its encryption technology with the introduction of hardware-accelerated BitLocker. Revealed by Microsoft’s Rafal Sosnowski following the… Go to gbhackers.com

NVIDIA Isaac Vulnerabilities Enable Remote Code Execution Attacks NVIDIA released critical security updates for its Isaac Launchable platform on December 23, 2025, addressing three severe vulnerabilities that could allow unauthenticated attackers to… Go to gbhackers.com

Israeli Organizations Targeted by AV-Themed Malicious Word and PDF Files SEQRITE Labs’ Advanced Persistent Threat (APT) Team has uncovered a sophisticated campaign targeting Israeli organizations through weaponized Microsoft Word and PDF documents disguised as… Go to gbhackers.com

M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens A critical security vulnerability in M-Files Server could allow authenticated attackers to capture active user session tokens via the M-Files Web interface, enabling identity… Go to gbhackers.com

Operation PCPcat Exploits Next.js and React, Impacting 59,000+ Servers A sophisticated credential-stealing campaign named “Operation PCPcat” has compromised over 59,000 Next.js servers worldwide, exploiting critical vulnerabilities in the popular React framework to harvest… Go to gbhackers.com

WebRAT Malware Campaign Leveraging GitHub-Hosted Proof-of-Concept Code Cybersecurity specialists from the Solar 4RAYS cyberthreat research center, a division of the Solar Group, have uncovered a dangerous new malware strain dubbed “Webrat.”… Go to gbhackers.com

Critical MongoDB Flaw Leaks Sensitive Data Through zlib Compression MongoDB has disclosed a critical security vulnerability tracked as CVE-2025-14847 that could allow attackers to extract uninitialized heap memory from database servers without authentication…. Go to gbhackers.com

INTERPOL Dismantles Six Ransomware Operations, Detains 500+ Individuals Law enforcement agencies across 19 countries have made a significant breakthrough in combating cybercrime, arresting 574 suspects and recovering approximately USD 3 million during… Go to gbhackers.com

HardBit 4.0 Ransomware Abuses Unsecured RDP and SMB for Access Persistence HardBit ransomware continues its evolution with the release of version 4.0, introducing sophisticated mechanisms to establish persistence through vulnerable network services. The latest variant… Go to gbhackers.com

Nissan Discloses Data Breach Linked to Compromised Red Hat Infrastructure Nissan Motor Co., Ltd. has disclosed a significant data breach affecting approximately 21,000 customers of Nissan Fukuoka Sales Co., Ltd. following unauthorized access to… Go to gbhackers.com

Blind Eagle Hackers Target Government Agencies Using PowerShell Scripts Colombian government institutions are facing a sophisticated multi-stage cyberattack campaign orchestrated by the BlindEagle threat group, which leveraged compromised internal email accounts, PowerShell scripts,… Go to gbhackers.com

SideWinder APT Launches Cyberattacks on Indian Entities Posing as the Income Tax Department Zscaler Threat Hunting has identified a sophisticated espionage campaign targeting Indian entities through fraudulent “Income Tax Department” portals, representing a significant evolution in the… Go to gbhackers.com

Microsoft Brokering File System Vulnerability Enables Local Privilege Escalation Microsoft has addressed a critical use-after-free vulnerability in its Brokering File System (BFS) driver that could allow attackers to escalate privileges on Windows systems…. Go to gbhackers.com

PoC Exploit Released for Use-After-Free Vulnerability in Linux Kernel POSIX CPU Timers A critical race condition vulnerability in the Linux kernel’s POSIX CPU timers has been exposed through a detailed proof-of-concept, one of the most sophisticated… Go to gbhackers.com

Bangladeshi Operator of Fake ID Marketplaces Charged in International Fraud Case A 29-year-old Bangladeshi man has been indicted on federal charges for operating online marketplaces that sold fraudulent identity document templates to customers worldwide, U.S…. Go to gbhackers.com

25,000+ FortiCloud SSO-Enabled Systems Vulnerable to Remote Exploitation The Shadowserver Foundation has identified over 25,000 internet-facing Fortinet devices globally with FortiCloud Single Sign-On (SSO) functionality enabled, raising concerns about potential exposure to… Go to gbhackers.com

Microsoft Teams Outage Causes Global Messaging Delays and Service Interruptions Microsoft Teams users worldwide experienced significant service disruptions on December 20, 2025, as the collaboration platform encountered widespread issues affecting messaging functionality and other… Go to gbhackers.com

BlueDelta Hackers Target Users of Popular Ukrainian Webmail and News Service Russian state-sponsored threat group BlueDelta has conducted a sustained credential-harvesting campaign targeting users of UKR.NET, one of Ukraine’s most popular webmail and news services,… Go to gbhackers.com

Mapping the Emerging Alliance Between Qilin, DragonForce, and LockBit In mid-September 2025, the ransomware landscape witnessed a significant development when DragonForce announced an alliance with Qilin and LockBit on a Russian underground forum…. Go to gbhackers.com

Cloud Atlas Exploits Office Vulnerabilities to Execute Malicious Code The Cloud Atlas threat group, active since 2014, continues to pose a significant risk to organizations in Eastern Europe and Central Asia through sophisticated… Go to gbhackers.com

New Kibana Vulnerabilities Allow Attackers to Embed Malicious Scripts Elastic has released critical security updates to address a dangerous cross-site scripting (XSS) vulnerability affecting multiple versions of Kibana. The vulnerability, tracked as CVE-2025-68385,… Go to gbhackers.com

Scripted Sparrow Utilizes Automation to Generate and Dispatch Attack Messages Scripted Sparrow, a prolific Business Email Compromise (BEC) collective with members spanning three continents, has raised significant concerns among cybersecurity researchers due to the… Go to gbhackers.com

New Linux Kernel Rust Vulnerability Triggers System Crashes A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260,… Go to gbhackers.com

Amazon Identified North Korean IT Worker by Tracking Keystroke Activity Amazon has uncovered a North Korean imposter posing as a U.S.-based systems administrator. The discovery was made not through traditional background checks but by… Go to gbhackers.com

Targeted Phishing Attack Strikes HubSpot Users Evalian’s Security Operations Centre has uncovered an active, sophisticated phishing campaign targeting HubSpot customers, combining business email compromise (BEC) tactics with website compromise to… Go to gbhackers.com

GachiLoader Deploys Payloads Using Obfuscated Node.js Malware Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader… Go to gbhackers.com

Best Security Awareness Training Platforms For 2026 Security awareness training platforms empower organizations to combat rising cyber threats by educating employees on phishing, ransomware, and social engineering in 2026. These top… Go to gbhackers.com

Actively Exploited ASUS Vulnerability Added to CISA’s KEV List The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical ASUS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in… Go to gbhackers.com

New Reports Reveal WAFs Are Ineffective Against Latest React2Shell Exploit TEL AVIV, Israel, Dec. 17, 2025 Miggo Security has released a comprehensive benchmark study revealing critical gaps in Web Application Firewall (WAF) protection, with the… Go to gbhackers.com

Hackers Actively Exploit SonicWall SMA1000 Zero-Day to Escalate Privileges SonicWall has issued an urgent security advisory warning of active exploitation of a local privilege escalation vulnerability affecting its SMA1000 appliances. The flaw, tracked… Go to gbhackers.com

GhostPoster Attack Uses PNG Icons to Compromise 50,000 Firefox Users A sophisticated malware campaign dubbed “GhostPoster” has compromised approximately 50,000 Firefox users by exploiting browser extension icons. Security researchers at Koi Security discovered that… Go to gbhackers.com

Parked Domains Emerge as a Primary Channel for Malware and Phishing The landscape of domain parking has transformed dramatically over the past decade, shifting from a relatively benign monetization strategy to a sophisticated vector for… Go to gbhackers.com

ClickFix Spoof of “Word Online” Used to Spread DarkGate Malware A sophisticated social engineering campaign leveraging a fake “Word Online” extension error message has been discovered distributing the notorious DarkGate malware. This attack employs… Go to gbhackers.com

New Moonwalk++ PoC Demonstrates How Malware Can Forge Windows Call Stacks to Evade Detection Security researchers have unveiled a dangerous new technique that allows malware to completely hide its tracks by faking Windows call stacks a method designed… Go to gbhackers.com

Cellik Android Malware Uses One-Click APK Builder to Hide in Play Store Apps A newly discovered Android Remote Access Trojan (RAT) called Cellik is democratizing sophisticated mobile surveillance attacks by bundling advanced spyware capabilities with an automated… Go to gbhackers.com

Shannon: AI Pentesting Tool That Autonomously Identifies and Exploits Code Vulnerabilities Keygraph has unveiled Shannon, a fully autonomous artificial intelligence pentester designed to discover and execute real exploits in web applications. Unlike conventional vulnerability scanners that… Go to gbhackers.com

Frogblight Android Malware Spoofs Government Sites to Collect SMS and Device Details Kaspersky security researchers have uncovered a sophisticated Android banking Trojan called Frogblight that targets Turkish users by impersonating legitimate government applications. First detected in… Go to gbhackers.com

Android Users at Risk as Malware Poses as mParivahan and e-Challan Apps A sophisticated Android malware campaign dubbed NexusRoute is actively targeting Indian users by impersonating the Indian Government Ministry, mParivahan, and e-Challan services to steal… Go to gbhackers.com

ClickFix Attack Abuses finger.exe to Execute Malicious Code Cybersecurity researchers have identified a resurgence in the abuse of legacy Windows protocols, specifically the finger.exe command, to facilitate social engineering attacks. Since November… Go to gbhackers.com

Storm-0249: EDR Process Sideloading to Conceal Malicious Activity Initial access broker Storm-0249 has evolved from a mass phishing operation into a sophisticated threat actor weaponizing legitimate Endpoint Detection and Response (EDR) processes… Go to gbhackers.com

New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems CyberVolk, a pro-Russia hacktivist group first documented in late 2024, has resurfaced with a sophisticated ransomware-as-a-service (RaaS) offering called VolkLocker after months of dormancy… Go to gbhackers.com

NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute… Go to gbhackers.com

Critical Plesk Vulnerability Allows Users to Gain Root-Level Access A critical security vulnerability has been discovered in Plesk, a widely used web hosting control panel, that enables unauthorised users to escalate privileges and… Go to gbhackers.com

Critical pgAdmin Flaw Allows Attackers to Execute Shell Commands on Host A new critical vulnerability in pgAdmin 4 allows remote attackers to bypass security filters and execute arbitrary shell commands on the host server. The… Go to gbhackers.com

Researchers and Developers Targeted in AI-Driven GitHub Supply Chain Attack A sophisticated AI-generated supply chain attack is targeting researchers, developers, and security professionals through compromised GitHub repositories, according to findings from Morphisec Threat Labs…. Go to gbhackers.com