GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A newly disclosed critical vulnerability in the Open VSX Registry, the open-source marketplace for Visual Studio Code (VS Code) extensions, has put millions of developers worldwide at risk of devastating supply chain attacks. The flaw, discovered by cybersecurity researchers at Koi Security, could have allowed attackers to seize control of the entire extensions marketplace, enabling […]

The post Open VSX Marketplace Flaw Enables Millions of Developers at Risk of Supply Chain Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A Kansas City man has pleaded guilty to federal charges after admitting he hacked into the computer systems of multiple organizations in an attempt to promote his cybersecurity services, according to the U.S. Department of Justice. Nicholas Michael Kloster, 32, was indicted last year after a series of unauthorized intrusions targeting three separate organizations in […]

The post Kansas City Man Pleads Guilty After Hacking to Promote His Cybersecurity Services appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Iranian threat group Educated Manticore, also tracked as APT35, APT42, Charming Kitten, or Mint Sandstorm, has intensified its cyber-espionage operations targeting Israeli cybersecurity experts, computer science professors, and journalists. Associated with the Islamic Revolutionary Guard Corps’ Intelligence Organization (IRGC-IO), this advanced persistent threat (APT) group has been under scrutiny by Check Point Research for […]

The post Iranian APT35 Hackers Targeting High-Profile Cybersecurity Experts and Professors in Israel appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A severe security flaw has been identified in IBM WebSphere Application Server, potentially allowing remote attackers to execute arbitrary code on affected systems. Tracked under CVE-2025-36038, this vulnerability stems from a deserialization of untrusted data issue, classified under CWE-502. IBM has assigned a critical CVSS Base Score of 9 to this flaw, with a vector […]

The post IBM WebSphere Application Server Flaw Enables Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A severe security flaw, dubbed nOAuth, has been identified in certain software-as-a-service (SaaS) applications integrated with Microsoft Entra ID, potentially allowing attackers to achieve full account takeover across tenant boundaries. Research conducted by Semperis, disclosed on June 26, 2025, revealed that 9 out of 104 tested applications approximately 9% within the Microsoft Entra App Gallery […]

The post nOAuth Exploit Enables Full Account Takeover of Entra Cross-Tenant SaaS Applications appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers at BallisKit have introduced a sophisticated scenario within their MacroPack Pro tool to obfuscate and weaponize .NET assemblies, significantly enhancing their stealth against modern security solutions. As .NET has become a preferred language for crafting prominent offensive tools like Rubeus, SeatBelt, SharpDPAPI, and Certify over recent years, its widespread use has also drawn the […]

The post Researchers Weaponize and Obfuscate .NET Assemblies Using MacroPack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors are increasingly leveraging the trusted names of popular software and services like ChatGPT, Cisco AnyConnect, Google Meet, and Microsoft Teams to orchestrate sophisticated cyberattacks. According to a recent report by Kaspersky Lab, SMBs, often perceived as less fortified than larger enterprises, are prime targets for both opportunistic hackers and organized cybercrime groups. Rising […]

The post Threat Actors Exploit ChatGPT, Cisco AnyConnect, Google Meet, and Teams in Attacks on SMBs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

WhatsApp has announced the upcoming launch of “Message Summaries”—an AI-powered feature designed to help users quickly catch up on unread messages. Powered by Meta AI, this innovation aims to provide concise, private summaries of chats, making it easier than ever to stay updated, especially during busy days or after periods without connectivity. Whether you’re rushing […]

The post WhatsApp to Introduce AI-Powered Message Summaries for Faster Catch-Up appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cisco has issued urgent security patches addressing two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) platforms. These flaws, which both carry the highest possible CVSS severity score of 10.0, could allow unauthenticated remote attackers to execute malicious commands as the root user, effectively taking complete control of affected […]

The post Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is rolling out a major update to Microsoft Teams, empowering administrators with enhanced control over third-party app availability through new rule-based settings in the Teams admin center. This change—detailed in Microsoft’s recent Message Center update (MC1085133)—is set to begin global rollout in mid-August 2025, with completion expected by early September 2025. The new feature, […]

The post Microsoft Teams Adds Feature for Admins to Control 365 Certified Apps with Custom Rules appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

 In a major breakthrough in the fight against cybercrime, U.S. and French authorities have charged and detained 25-year-old British national Kai West, believed to be the notorious hacker known as “IntelBroker.” West was arrested in France in February and is currently awaiting extradition to the United States, where he faces multiple federal charges related to […]

The post Authorities Charge 25-Year-Old British National Linked to IntelBroker Hacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals are increasingly leveraging large language models (LLMs) to amplify their hacking operations, utilizing both uncensored versions of these AI systems and custom-built criminal variants. LLMs, known for their ability to generate human-like text, write code, and solve complex problems, have become integral to various industries. However, their potential for misuse is evident as malicious […]

The post Cybercriminals Exploit LLM Models to Enhance Hacking Activities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hewlett Packard Enterprise (HPE) has issued a critical security bulletin warning customers of a significant vulnerability in its OneView for VMware vCenter (OV4VC) software. The flaw, tracked as CVE-2025-37101, could allow attackers with only read-only privileges to escalate their access and perform administrative actions, putting enterprise IT environments at risk. Vulnerability Overview The vulnerability, detailed […]

The post HPE OneView for VMware vCenter Vulnerability Allows Elevated Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Check Point Research has uncovered a renewed global spear-phishing campaign orchestrated by the Iranian threat actor Educated Manticore, also known as APT42, Charming Kitten, and Mint Sandstorm. Linked to the IRGC Intelligence Organization, this group has intensified its operations amid growing Iran-Israel tensions, targeting high-value individuals with meticulously crafted attacks. The campaign, which has seen […]

The post Iranian Spear-Phishing Attack Impersonates Google, Outlook, and Yahoo Domains appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

IBM X-Force researchers have uncovered a series of targeted cyberattacks orchestrated by the China-aligned threat actor Hive0154. Throughout 2025, this group has been deploying the Pubload malware, a potent backdoor, through meticulously crafted phishing lures aimed at the Tibetan community. The timing of these campaigns is particularly notable, coinciding with significant events such as the […]

The post Chinese Hackers Deploy Pubload Malware Using Tibetan Community Lures and Weaponized Filenames appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CloudSEK’s TRIAD team has made the shocking discovery that the Androxgh0st botnet is a persistent and dynamic cyberthreat. It has targeted a subdomain of the University of California, San Diego, specifically the “USArhythms” portal associated with the USA Basketball Men’s U19 National Team for the 2025 FIBA Under-19 Basketball World Cup, to host its command-and-control […]

The post US University Targeted by Androxgh0st Botnet Operators for C2 Logger Hosting appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Proofpoint threat researchers have exposed an active account takeover (ATO) campaign, dubbed UNK_SneakyStrike, exploiting the TeamFiltration pentesting framework to target Microsoft Entra ID user accounts. Since December 2024, this malicious operation has impacted over 80,000 user accounts across hundreds of organizations, achieving several successful breaches. UNK_SneakyStrike Campaign The attackers have weaponized TeamFiltration a tool originally […]

The post Cybercriminals Use TeamFiltration Pentesting Framework to Breach Microsoft Teams, OneDrive, Outlook, and More appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers have uncovered a new malware sample in the wild that employs a unique and unconventional evasion tactic: prompt injection aimed at manipulating AI models used in malware analysis. Dubbed “Skynet” by its creator, this malware, discovered in early June 2025 through an anonymous upload to VirusTotal from the Netherlands, represents a potential shift in […]

The post New Malware Discovered Using Prompt Injection to Manipulate AI Models in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A zero-day research project has uncovered eight new vulnerabilities in multifunction printers (MFPs) and related devices from Brother Industries, Ltd., affecting a staggering 748 models across five major vendors, including Brother, FUJIFILM Business Innovation, Ricoh, Toshiba Tec Corporation, and Konica Minolta, Inc. This extensive impact, detailed in a coordinated release with JPCERT/CC after over a […]

The post Multiple Brother Device Vulnerabilities Allow Attackers to Execute Arbitrary HTTP Requests appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated Android phishing campaign, aptly named “Wedding Invitation,” has emerged as a significant threat targeting mobile users across India. According to a detailed report from K7 Computing, this malicious operation leverages the guise of digital wedding invitations to deceive unsuspecting users into installing compromised APK files. Stealthy Phishing Campaign Distributed primarily through popular messaging […]

The post Beware of Weaponized Wedding Invite Scams Delivering SpyMax RAT to Android Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.