Threat Actors Compromise Popular npm Packages to Steal Maintainers’ Tokens
Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used JavaScript tooling...
Read more →Category: GBHackers
Beware of npm Phishing Emails Targeting Developer Credentials
An developer recently came across a highly advanced phishing email that spoofs the [email protected] address in order to impersonate npm,...
Read more →
APT41 Hackers Exploiting Atexec and WmiExec Windows Modules for Malware Deployment
Kaspersky MDR analysts recently uncovered a sophisticated targeted attack by the Chinese-speaking cyberespionage group APT41 against government IT services in...
Read more →
Attackers Can Exploit Lighthouse Studio RCE Bug to Gain Server Access
Researchers at Assetnote have uncovered a critical remote code execution (RCE) vulnerability in Lighthouse Studio, a widely used survey software...
Read more →
KAWA4096 Ransomware Employs WMI Techniques to Delete Backup Snapshots
Trustwave SpiderLabs has played a crucial role in monitoring new ransomware variants in the incredibly unstable ransomware threat landscape of...
Read more →
AI-Powered Cloaking Tools Help Threat Actors Hide Malicious Domains from Security Scans
Threat actors are increasingly adopting AI-powered cloaking services to obfuscate phishing domains, counterfeit e-commerce sites, and malware distribution endpoints from...
Read more →
Researchers Release PoC Exploit for High-Severity NVIDIA AI Toolkit Bug
Wiz Research has disclosed a severe vulnerability in the NVIDIA Container Toolkit (NCT), dubbed #NVIDIAScape and tracked as CVE-2025-23266 with...
Read more →
Snake Keylogger Uses Persistence via Scheduled Tasks to Steal Login Data Undetected
Researchers have uncovered a sophisticated phishing campaign zeroing in on Turkish enterprises, with a particular focus on the defense and...
Read more →
PHP PDO Flaw Allows Attackers to Inject Malicious SQL Commands
A critical vulnerability in PHP’s widely-used PDO (PHP Data Objects) library has been discovered that enables attackers to inject malicious...
Read more →
Surveillance Firm Exploits SS7 Flaw to Track User Locations
A sophisticated surveillance operation has been discovered exploiting critical vulnerabilities in the global telecommunications infrastructure to track mobile phone users’...
Read more →
CoinDCX Hack Leads to $44.2 Million Loss
Major Indian cryptocurrency exchange CoinDCX has confirmed a significant security breach that resulted in approximately $44 million in losses, though...
Read more →
Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks
A critical vulnerability discovered in Livewire, a popular full-stack framework for Laravel applications, exposes millions of web properties to unauthenticated...
Read more →