Shai-Hulud 2.0 Cyberattack Compromises 30,000 Repos and Exposes 500 GitHub Accounts
The Shai-Hulud 2.0 supply chain attack has proven to be one of the most persistent and destructive malware campaigns targeting the developer ecosystem. Since the…
Category: GBHackers
Cutting Certificate Lifespan from 90 Days to 45 Days
Let’s Encrypt, the nonprofit certificate authority serving millions of websites, announced a significant shift in how it issues digital certificates. Starting in 2026, the organization…
New Calendly-Inspired Phishing Attack Aims to Steal Google Workspace Credentials
A long-running phishing campaign is abusing Calendly-branded job invitations to compromise Google Workspace and Facebook Business accounts, with a particular focus on hijacking ad management…
Critical Elementor Plugin Flaw Allows Attackers to Seize WordPress Admin Control
A severe privilege escalation vulnerability in the King Addons for Elementor WordPress plugin has exposed thousands of websites to complete administrative compromise. The flaw, tracked…
New Stealth K.G.B RAT Marketed by Threat Actors on Underground Forums
Threat actors on an underground cybercrime forum are allegedly promoting a new remote access Trojan (RAT) bundle dubbed “K.G.B RAT + Crypter + HVNC,” claiming…
Authorities Seize Domains Linked to Tai Chang Cryptocurrency Investment Scam
The United States Justice Department has seized a website domain used to steal money from Americans through fake cryptocurrency investments. The domain, tickmilleas.com, was operated…
Threat Actors Using Matanbuchus Downloader to Deliver Ransomware and Maintain Persistence
Threat actors are increasingly abusing the Matanbuchus malicious downloader as a key enabler for hands-on-keyboard ransomware operations, using its backdoor-like capabilities to deliver secondary payloads,…
Researchers Catch Lazarus Group’s Recruitment Workflow on Camera via Honeypot
A groundbreaking collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has lifted the curtain on North Korean threat actors from the Lazarus…
Multiple Django Vulnerability Expose Applications to SQL Injection and DoS Attacks
The Django development team has released critical security patches for three major versions of the popular Python web framework, addressing two significant vulnerabilities that could…
CISA Alerts on Iskra iHUB Authentication Flaw Allowing Remote Device Reconfiguration
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe authentication vulnerability affecting Iskra iHUB and iHUB Lite intelligent metering…
Water Saci Hackers Exploit AI Tools to Target WhatsApp Web Users
The Water Saci campaign targeting Brazilian users has escalated significantly, with threat actors demonstrating remarkable technical sophistication by employing artificial intelligence to enhance their malware…
Chrome 143 Update Patches 13 Security Vulnerabilities Allowing Arbitrary Code Execution
Google has released Chrome 143 to the stable channel, addressing 13 security vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The…