Iran-Nexus Hackers Exploit Omani Mailbox to Target Governments
A sophisticated spear-phishing campaign that exploited a compromised mailbox belonging to the Ministry of Foreign Affairs of Oman. The operation,...
Read more →Category: GBHackers
Prompt Injection Attacks Can Exploit AI-Powered Cybersecurity Tools
Researchers have demonstrated that advanced prompt injection techniques can turn defensive AI agents into potent vectors for system compromise. The...
Read more →
Ukrainian Hackers Ramp Up Brute-Force and Password-Spraying Attacks on VPN and RDP Systems
In mid-2025, a coalition of Ukraine-based autonomous systems orchestrated unprecedented brute-force and password-spraying campaigns against exposed SSL VPN and Remote...
Read more →
Hackers Can Hijack Your Chats
Users of the popular messaging app WhatsApp are being targeted by a new, highly deceptive scam that grants attackers full...
Read more →
Azure AD Vulnerability Leaks Credentials, Lets Attackers Deploy Malicious Apps
Exposing an ASP.NET Core appsettings.json file containing Azure Active Directory (Azure AD) credentials poses a critical attack vector, effectively handing adversaries...
Read more →
HashiCorp Vault Vulnerability Allows Attackers to Crash Servers
A critical vulnerability in HashiCorp Vault—tracked as CVE-2025-6203 and HCSEC-2025-24—has been disclosed that allows malicious actors to submit specially crafted...
Read more →
Lazarus Hackers Exploit 0-Day to Deploy Three Remote Access Trojans
Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms....
Read more →
Microsoft to Require Multi-Factor Authentication on Azure Portal Logins
Microsoft announced that it will enforce mandatory multi-factor authentication (MFA) for all sign-in attempts to the Azure portal and other administrative interfaces....
Read more →
New TinkyWinkey Trojan Targets Windows Systems With Sophisticated Keylogging
A sophisticated new keylogger malware dubbed “TinkyWinkey” that is targeting Windows systems with advanced stealth capabilities and comprehensive data exfiltration...
Read more →
Critical Next.js Flaw Lets Attackers Bypass Authorization Controls
A newly disclosed critical vulnerability in the Next.js framework, tracked as CVE-2025-29927, allows unauthenticated attackers to bypass middleware-based authorization checks...
Read more →
Phishing Campaign Exploits Ads to Breach Hotel Property Management Systems
A sophisticated malvertising campaign has emerged that specifically targets hoteliers and vacation rental operators by impersonating well-known service providers. Okta...
Read more →
Google Web Designer Vulnerability Lets Hackers Take Over Client Systems
A critical client-side remote code execution (RCE) vulnerability in Google Web Designer exposed Windows users to full system compromise, according...
Read more →