APT36 Targets Indian Government: Credential Theft Campaign Uncovered
A sophisticated phishing campaign attributed with medium confidence to the Pakistan-linked APT36 group, also known as Transparent Tribe or Mythic...
Read more →Category: GBHackers
North Korean Hackers Exploit NPM Packages to Steal cryptocurrency and Sensitive Data
Veracode Threat Research has uncovered a sophisticated North Korean cryptocurrency theft operation that continues to evolve, building on campaigns previously...
Read more →
Threat Actors Exploit Open-Source Vulnerabilities to Spread Malicious Code
FortiGuard Labs has reported a sustained trend in the exploitation of open-source software (OSS) repositories for malware dissemination within supply...
Read more →
MediaTek Chip Vulnerabilities Allow Attackers to Gain Elevated Access
MediaTek has disclosed three critical security vulnerabilities affecting dozens of its chipsets, potentially allowing attackers to gain elevated system privileges...
Read more →
Raspberry Robin Malware Targets Windows Systems via New CLFS Driver Exploit
The Raspberry Robin malware, also known as Roshtyak, has undergone substantial updates that enhance its evasion and persistence on Windows...
Read more →
Chollima APT Group Targets Job Seekers and Organizations with JavaScript-Based Malware
The North Korean-linked Chollima advanced persistent threat (APT) group, also known as Famous Chollima, has been orchestrating a persistent cyber...
Read more →
Streamlit Vulnerability Exposes Users to Cloud Account Takeover Attacks
A critical security flaw in Streamlit, the popular open-source framework for building data applications, has been discovered that could allow...
Read more →
WAF Protections Bypassed via JS Injection and Parameter Pollution for XSS Attacks
A groundbreaking security research has revealed that parameter pollution techniques combined with JavaScript injection can bypass 70% of modern Web Application...
Read more →
LegalPwn Attack Tricks AI Tools Like ChatGPT and Gemini into Running Malicious Code
Security researchers have discovered a new type of cyberattack that exploits how AI tools process legal text, successfully tricking popular...
Read more →
Claude AI Flaws Let Attackers Execute Unauthorized Commands Using the Model Itself
Security researchers have discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to bypass security restrictions and execute unauthorized...
Read more →
New Malware Attack Uses LNK Files to Deploy REMCOS Backdoor on Windows Systems
The investigation began with the detection of two scanning IP addresses, 91.238.181[.]225 and 5.188.86[.]169 sharing a common Secure Shell (SSH)...
Read more →
PXA Stealer Distributed via Telegram Harvests 200K Passwords and Credit Card Data
SentinelLABS and Beazley Security have uncovered a sophisticated infostealer campaign deploying the Python-based PXA Stealer, which has rapidly evolved since...
Read more →