Microsoft Warns of Security Risks in New Agentic AI Feature
Microsoft is sounding the alarm on critical security considerations as it introduces agentic AI capabilities to Windows through experimental features like Copilot Actions. The company…
Category: GBHackers
NVIDIA Isaac-GROOT Flaws Let Attackers Inject Malicious Code
NVIDIA has released security updates addressing two critical code injection vulnerabilities in its Isaac-GR00T robotics software platform. The flaws could allow attackers with local system…
APT35 Data Leak Uncovers the Iranian Hacker Group’s Operations and Tactics
In October 2025, a significant breach exposed internal operational documents from APT35, also known as Charming Kitten, revealing that the Iranian state-sponsored group operates as…
Elephant Group Launches Defense Sector Attacks Using MSBuild-Delivered Python Backdoor
An India-aligned advanced persistent threat group known as Dropping Elephant has launched sophisticated cyberattacks against Pakistan’s defense sector using a newly developed Python-based backdoor delivered…
Attackers Swap ‘m’ with ‘rn’ in Microsoft.com to Trick Users
A sophisticated phishing campaign is currently exploiting a subtle typographical illusion to deceive users into surrendering sensitive login credentials. Cybercriminals have registered the domain “rnicrosoft.com,”…
Hackers Leveraging WhatsApp to Silently Harvest Logs and Contact Details
Security researchers at K7 Labs have uncovered a sophisticated phishing campaign targeting Brazilian users that exploits WhatsApp Web to distribute malware and steal sensitive financial…
ToddyCat APT Targeting Internal Employee Communications at Organizations
Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities.…
Tenda N300 Flaws Allow Attackers to Run Commands as Root
High command injection vulnerabilities have been discovered in Tenda’s N300 Wi-Fi 4G LTE Router and the 4G03 Pro model, allowing authenticated attackers to execute arbitrary…
North Korean Scam Job Platform Targets U.S. AI Developers
A sophisticated new variant of the North Korean-linked Contagious Interview campaign has emerged, featuring an unprecedented level of polish and technical sophistication designed to compromise…
New EtherHiding Technique Uses Web Attacks to Deploy Malware and Rotate Payloads
A new era of web-delivered malware has arrived with EtherHiding, a technique that fundamentally reshapes how attackers distribute and rotate malicious payloads. Unlike traditional threats…
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information
Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package,…
PoC Published for W3 Total Cache Flaw Exposing 1M+ Sites to RCE
Security researchers have published a proof-of-concept exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress’s most popular caching plugins…