Malicious npm Package Lures Job Seekers and Exfiltrates Sensitive Data
A self-proclaimed Ukrainian Web3 team targeted a community member during an interview’s first round by instructing them to clone and run a GitHub repository named…
Category: GBHackers
FortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing User
A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user…
Chrome Security Update Fixes High-Severity Flaws Allowing Arbitrary Code Execution
Google has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code…
New Zero-Click NTLM Credential Leak Exploit Bypasses Microsoft Patch for CVE-2025-24054
Security researchers at Cymulate Research Labs have discovered a critical zero-click NTLM credential leakage vulnerability that successfully bypasses Microsoft’s security patch for CVE-2025-24054, demonstrating that…
Law Enforcement Seizes BlackSuit Ransomware Servers Targeting U.S. Critical Infrastructure
The U.S. Department of Justice, in collaboration with multiple domestic and international law enforcement agencies, announced the seizure of critical infrastructure associated with the BlackSuit…
Electronic Arts Blocks 300,000 Cheating Attempts After Battlefield 6 Beta Launch
Electronic Arts’ SPEAR Anti-Cheat Team has released a noteworthy update, stating that since the Battlefield 6 Open Beta Early Access launch, the company’s Javelin anti-cheat…
1,500 Jenkins Servers Vulnerable to Command Injection via Git Parameter Plugin
Jenkins disclosed CVE-2025-53652, also known as SECURITY-3419, as part of a batch of 31 plugin vulnerabilities. Initially rated as medium severity, this flaw affects the…
PoisonSeed Phishing Kit Bypasses MFA to Steal Credentials from Users and Organizations
The threat actor known as PoisonSeed, loosely affiliated with groups like Scattered Spider and CryptoChameleon, has deployed an active phishing kit designed to circumvent multi-factor…
ShinyHunters Claims BreachForums Seized by Law Enforcement, Now a Honeypot
The threat actor known as ShinyHunters has publicly disclosed what they claim is a covert seizure of BreachForums, a notorious online platform used for trading…
Fortinet SSL VPN Targeted by Hackers from 780 Unique IP Addresses
Cybersecurity researchers at GreyNoise have detected an alarming surge in brute-force attacks against Fortinet SSL VPN systems, with over 780 unique IP addresses launching coordinated…
Ivanti Connect Secure, Policy Secure, and ZTA Flaws Allow Attackers to Launch DoS Attacks
Ivanti has released critical security updates addressing multiple vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products that could allow remote attackers to…
Citrix NetScaler Flaw (CVE-2025-6543) Is Being Actively Exploited to Breach Organizations
The National Cyber Security Centre (NCSC) in the Netherlands has issued an urgent update on a series of sophisticated cyberattacks exploiting a zero-day vulnerability in…