Cache Deception Flaw in SvelteKit And Vercel Stack Exposes User Data
A cache deception vulnerability in SvelteKit apps deployed on Vercel exposes sensitive user data to attackers. The flaw allows publicly cached responses to be authenticated.…
Category: GBHackers
128M Users Exposed as Popular VS Code Extensions Reveal Critical Flaws
Serious vulnerabilities in four popular Visual Studio Code (VS Code) extensions, affecting over 128 million downloads. These flaws, including three assigned CVEs CVE-2025-65715, CVE-2025-65716, and…
Anthropic Debuts Claude Code Security
Anthropic has quietly flipped the script on application security. On February 20, the company launched Claude Code Security, a new capability baked directly into Claude Code…
Critical Jenkins Flaw Exposes Build Environments to XSS Attacks
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18,…
Silicon Valley Engineers Indicted for Alleged Trade Secret Theft From Google and Tech Firms
Federal authorities arrested three Silicon Valley engineers on Thursday, charging them with conspiring to steal trade secrets from Google and other tech giants. The case…
PayPal Data Breach – 6 Months of Users’ Data Leaked Online
PayPal has begun notifying a small number of customers about a significant cybersecurity incident in which their personally identifiable information (PII) was exposed for nearly…
Google Blocks 1.75 Million Malicious Apps from Entering Play Store
Google has revealed that it blocked more than 1.75 million malicious or policy‑violating Android apps from reaching users through the Play Store in 2025, highlighting…
Grandstream VoIP Phones Vulnerability Grants Attackers Root Privileges
A critical unauthenticated stack-based buffer overflow vulnerability, tracked as CVE-2026-2329, affecting Grandstream GXP1600 series VoIP phones. The vulnerability, rated as critical with a CVSS score of 9.8, allows remote attackers…
CharlieKirk Grabber Malware Targets Windows Systems to Steal Login Credentials
CharlieKirk Grabber is a Python-based Windows infostealer that focuses on rapid “smash‑and‑grab” credential theft and data exfiltration rather than long-term system control or destructive behavior.…
FBI Issues Emergency Alert as Ploutus Malware Drains U.S. ATMs Without Cards or Accounts
Ploutus malware is powering a new wave of “jackpotting” attacks that drain U.S. ATMs without needing a bank card, customer account, or bank authorization, prompting…
LLM-Generated Passwords Expose Security Risks with Predictability and Weakness
LLM-generated passwords may look complex and “high entropy,” but new research shows they are highly predictable, frequently repeated, and far weaker than traditional cryptographic password…
Google Issues Emergency Chrome Update for High-Severity PDFium, V8 Flaws
Google has rushed out a vital security patch for Chrome, fixing three flaws that could let attackers run malicious code on users’ devices. The Stable…