EvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BEC
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end‑to‑end factory for Business Email Compromise (BEC) at…
Category: GBHackers
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
Security researchers at EXPMON have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in the wild late…
Anthropic Launches Claude Mythos Preview Focused on Zero-Day Vulnerability Discovery
Anthropic recently unveiled Claude Mythos Preview, a groundbreaking general-purpose language model demonstrating an unprecedented, emergent ability to autonomously discover and exploit zero-day vulnerabilities. In response…
IBM Security Verify Access Flaws Let Remote Attackers Access Sensitive Data
IBM has issued an urgent security bulletin addressing a slew of vulnerabilities impacting IBM Verify Identity Access and IBM Security Verify Access. These flaws span…
Russian Threat Actors Abuse Home Routers in Expanding DNS Hijacking Wave
Russian military-linked hackers are actively compromising poorly secured home and small-office routers to hijack internet traffic and spy on organizations worldwide. Microsoft Threat Intelligence recently…
Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published
Cybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmill engine. These severe flaws allow remote…
BPFDoor Variants Hide with Stateless C2 and ICMP Relay Tactics
Seven new BPFDoor variants that push Linux backdoor tradecraft deep into the kernel, making them harder to spot in large telecom networks. These implants use…
CUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code Execution
A team of AI-driven vulnerability hunting agents directed by security researcher Asim Viladi Oglu Manizada has discovered two critical security flaws in CUPS, the standard…
Hackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 Hours
Hackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential‑theft operation that has already compromised at least 766 servers in…
New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images
Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released…
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may…
Google Brings Lazy Loading to Media Files in New Chrome Release
Google has announced a significant update for its Chrome browser, extending native lazy loading capabilities to audio and video elements. This highly anticipated feature aims…