Category: GBHackers

Discord Weaponized as C2 Server Across Popular Open-Source Package Repositories
14
Oct
2025

Discord Weaponized as C2 Server Across Popular Open-Source Package Repositories

Malicious packages on popular registries are abusing Discord webhooks to exfiltrate sensitive files and host telemetry, bypassing traditional C2 infrastructure…

Malicious NPM Packages Used in Sophisticated Developer Cyberattack
14
Oct
2025

Malicious NPM Packages Used in Sophisticated Developer Cyberattack

In October 2025, security researchers uncovered an unprecedented phishing campaign that weaponizes the npm ecosystem—not by infecting developers during package…

SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
14
Oct
2025

SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets

A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes…

Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials
14
Oct
2025

Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials

Hackers have launched a sophisticated phishing campaign impersonating both OpenAI and the recently released Sora 2 AI service. By cloning…

North Korean IT Workers Use VPNs and Laptop Farms to Evade Identity Verification
14
Oct
2025

North Korean IT Workers Use VPNs and Laptop Farms to Evade Identity Verification

In a sprawling network of covert remote labor, more than 10,000 North Korean IT professionals have infiltrated global technology and…

SimonMed Data Breach Exposes Sensitive Information of 1.2 Million Patients
14
Oct
2025

SimonMed Data Breach Exposes Sensitive Information of 1.2 Million Patients

SimonMed Imaging has confirmed that an external hacking incident compromised the personal data of 1,275,669 patients, making it one of…

Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
14
Oct
2025

Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands

Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could…

Threat Actors Exploit ScreenConnect to Gain Unauthorized Remote Access
14
Oct
2025

Threat Actors Exploit ScreenConnect to Gain Unauthorized Remote Access

A recent surge in threat actors leveraging remote management and monitoring (RMM) tools for initial access has intensified scrutiny of…

Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
14
Oct
2025

Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution

Ivanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and…

TA585 Deploys Novel Web-Injection to Deliver MonsterV2 Malware on Windows
14
Oct
2025

TA585 Deploys Novel Web-Injection to Deliver MonsterV2 Malware on Windows

As cybercrime continues to evolve, new adversaries and innovative tactics challenge defenders daily. The recently emerged threat group TA585 exemplifies…

Simple Prompt Injection Lets Hackers Bypass OpenAI Guardrails Framework
14
Oct
2025

Simple Prompt Injection Lets Hackers Bypass OpenAI Guardrails Framework

Security researchers have discovered a fundamental vulnerability in OpenAI’s newly released Guardrails framework that can be exploited using basic prompt…

Clevo UEFI Leak Allows Signing of Malicious Firmware with BootGuard Keys
14
Oct
2025

Clevo UEFI Leak Allows Signing of Malicious Firmware with BootGuard Keys

Clevo accidentally exposed private keys used in its Intel Boot Guard implementation, allowing attackers to sign malicious firmware that would…