Hackers Target SharePoint Flaw to Access IIS Machine Keys
Zero-day exploits against Microsoft SharePoint are enabling attackers to extract IIS machine keys, establishing persistent backdoors that survive patches and...
Read more →Category: GBHackers
Cloudflare Accuses Perplexity AI of Bypassing Firewalls with User-Agent Spoofing
Cloudflare has publicly accused Perplexity AI of employing deceptive crawling practices that violate established web crawling protocols and deliberately circumvent...
Read more →
Cisco Discloses Data Breach Exposed User Profiles from Cisco.com
Cisco Systems has disclosed a data breach that compromised basic profile information of users registered on Cisco.com following a successful...
Read more →
APT36 Targets Indian Government: Credential Theft Campaign Uncovered
A sophisticated phishing campaign attributed with medium confidence to the Pakistan-linked APT36 group, also known as Transparent Tribe or Mythic...
Read more →
North Korean Hackers Exploit NPM Packages to Steal cryptocurrency and Sensitive Data
Veracode Threat Research has uncovered a sophisticated North Korean cryptocurrency theft operation that continues to evolve, building on campaigns previously...
Read more →
Threat Actors Exploit Open-Source Vulnerabilities to Spread Malicious Code
FortiGuard Labs has reported a sustained trend in the exploitation of open-source software (OSS) repositories for malware dissemination within supply...
Read more →
MediaTek Chip Vulnerabilities Allow Attackers to Gain Elevated Access
MediaTek has disclosed three critical security vulnerabilities affecting dozens of its chipsets, potentially allowing attackers to gain elevated system privileges...
Read more →
Raspberry Robin Malware Targets Windows Systems via New CLFS Driver Exploit
The Raspberry Robin malware, also known as Roshtyak, has undergone substantial updates that enhance its evasion and persistence on Windows...
Read more →
Chollima APT Group Targets Job Seekers and Organizations with JavaScript-Based Malware
The North Korean-linked Chollima advanced persistent threat (APT) group, also known as Famous Chollima, has been orchestrating a persistent cyber...
Read more →
Streamlit Vulnerability Exposes Users to Cloud Account Takeover Attacks
A critical security flaw in Streamlit, the popular open-source framework for building data applications, has been discovered that could allow...
Read more →
WAF Protections Bypassed via JS Injection and Parameter Pollution for XSS Attacks
A groundbreaking security research has revealed that parameter pollution techniques combined with JavaScript injection can bypass 70% of modern Web Application...
Read more →
LegalPwn Attack Tricks AI Tools Like ChatGPT and Gemini into Running Malicious Code
Security researchers have discovered a new type of cyberattack that exploits how AI tools process legal text, successfully tricking popular...
Read more →