Category: GBHackers

Massive Scraper Botnet of 3,600+ Devices Targets US and UK Websites
10
Jul
2025

Massive Scraper Botnet of 3,600+ Devices Targets US and UK Websites

GreyNoise has discovered an undiscovered version of a scraper botnet with more than 3,600 distinct IP addresses worldwide, which is…

New Tool Automates GitHub Device Code Phishing Attacks
10
Jul
2025

New Tool Automates GitHub Device Code Phishing Attacks

Security researchers revealed the dangers of GitHub Device Code Phishing—a technique that leverages the OAuth 2.0 Device Authorization Grant flow….

McDonald’s AI Hiring Bot Exposed with ‘123456’ Password — Millions of Job Seekers’ Data at Risk
10
Jul
2025

McDonald’s AI Hiring Bot Exposed with ‘123456’ Password — Millions of Job Seekers’ Data at Risk

A shocking security vulnerability in McDonald’s AI-powered hiring system has exposed the personal information of millions of job applicants, after…

Critical mcp remote Vulnerability Enables LLM Clients to Remote Code Execution
10
Jul
2025

Critical mcp remote Vulnerability Enables LLM Clients to Remote Code Execution

The JFrog Security Research team has discovered a critical security vulnerability in mcp-remote, a widely used tool that enables Large…

Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk
09
Jul
2025

Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk

A critical security vulnerability in Microsoft 365’s PDF export functionality has been discovered and subsequently patched, highlighting significant risks to…

FUNNULL Uses Amazon and Microsoft Cloud to Hide Malicious Infrastructure
09
Jul
2025

FUNNULL Uses Amazon and Microsoft Cloud to Hide Malicious Infrastructure

A sophisticated threat network called “Triad Nexus,” which operates through the FUNNULL content delivery network (CDN) to hide malicious infrastructure…

Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server
09
Jul
2025

Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server

Microsoft has released critical security updates addressing a severe remote code execution vulnerability that could allow attackers to execute malicious…

Reflectiz Joins the Datadog Marketplace
09
Jul
2025

Reflectiz Joins the Datadog Marketplace

Reflectiz, a leading cybersecurity company specializing in web exposure management, today announced a new integration with Datadog, Inc. (NASDAQ: DDOG),…

Supply Chain Attack Unleashed via Compromised VS Code Extension
09
Jul
2025

Supply Chain Attack Unleashed via Compromised VS Code Extension

A sophisticated supply chain attack targeting cryptocurrency developers through the compromise of ETHcode, a legitimate Visual Studio Code extension with…

SparkKitty Malware Steals Photos from iOS and Android Devices
09
Jul
2025

SparkKitty Malware Steals Photos from iOS and Android Devices

A sophisticated Trojan malware campaign has been targeting mobile device users across iOS and Android platforms since February 2024, with…

TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions
09
Jul
2025

TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions

A new Android vulnerability called TapTrap that allows malicious apps to bypass the operating system’s permission system without requiring any…

Hackers Exploit IIS Machine Keys to Breach Organizations
09
Jul
2025

Hackers Exploit IIS Machine Keys to Breach Organizations

A sophisticated campaign by an initial access broker (IAB) group exploiting leaked Machine Keys from ASP.NET websites to gain unauthorized…