Category: GBHackers

BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration
13
Nov
2025

BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration

New York, New York, November 13th, 2025, CyberNewsWire BreachLock, a global leader in offensive security, just announced a powerful new…

Share: X : BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New IntegrationFacebook : BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New IntegrationLinkedin : BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New IntegrationReddit : BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New IntegrationTelegram : BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New IntegrationWhatsApp : BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New IntegrationEmail : BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration
OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio Data
13
Nov
2025

OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio Data

Security researchers have successfully extracted the system prompt from OpenAI’s Sora 2 video generation model by exploiting cross-modal vulnerabilities, with…

Share: X : OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio DataFacebook : OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio DataLinkedin : OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio DataReddit : OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio DataTelegram : OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio DataWhatsApp : OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio DataEmail : OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio Data
Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years
13
Nov
2025

Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years

Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over…

Share: X : Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two YearsFacebook : Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two YearsLinkedin : Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two YearsReddit : Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two YearsTelegram : Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two YearsWhatsApp : Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two YearsEmail : Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years
Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens
13
Nov
2025

Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens

On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm…

Share: X : Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal TokensFacebook : Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal TokensLinkedin : Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal TokensReddit : Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal TokensTelegram : Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal TokensWhatsApp : Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal TokensEmail : Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens
Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized Code
13
Nov
2025

Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized Code

A sophisticated campaign attributed to North Korean-aligned threat actors is weaponizing legitimate JSON storage services as an effective vector for…

Share: X : Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized CodeFacebook : Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized CodeLinkedin : Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized CodeReddit : Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized CodeTelegram : Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized CodeWhatsApp : Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized CodeEmail : Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized Code
CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation
13
Nov
2025

CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of a new zero-day…

Share: X : CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege EscalationFacebook : CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege EscalationLinkedin : CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege EscalationReddit : CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege EscalationTelegram : CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege EscalationWhatsApp : CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege EscalationEmail : CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation
Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software
13
Nov
2025

Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated attack campaign leveraging legitimate Remote Monitoring and Management…

Share: X : Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate SoftwareFacebook : Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate SoftwareLinkedin : Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate SoftwareReddit : Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate SoftwareTelegram : Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate SoftwareWhatsApp : Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate SoftwareEmail : Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software
GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data Theft
13
Nov
2025

GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data Theft

GitLab has released critical security patches addressing nine vulnerabilities across Community Edition (CE) and Enterprise Edition (EE), including a concerning prompt…

Share: X : GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data TheftFacebook : GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data TheftLinkedin : GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data TheftReddit : GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data TheftTelegram : GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data TheftWhatsApp : GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data TheftEmail : GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data Theft
Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and Elysium
13
Nov
2025

Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and Elysium

Between November 10 and 14, 2025, law enforcement agencies executed one of the most significant coordinated operations against cybercriminals in…

Share: X : Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and ElysiumFacebook : Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and ElysiumLinkedin : Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and ElysiumReddit : Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and ElysiumTelegram : Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and ElysiumWhatsApp : Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and ElysiumEmail : Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and Elysium
Kibana Vulnerabilities Expose Systems to SSRF and XSS Attacks
13
Nov
2025

Kibana Vulnerabilities Expose Systems to SSRF and XSS Attacks

Elastic has released a security advisory addressing an origin validation error in Kibana that could expose systems to Server-Side Request Forgery (SSRF)…

Share: X : Kibana Vulnerabilities Expose Systems to SSRF and XSS AttacksFacebook : Kibana Vulnerabilities Expose Systems to SSRF and XSS AttacksLinkedin : Kibana Vulnerabilities Expose Systems to SSRF and XSS AttacksReddit : Kibana Vulnerabilities Expose Systems to SSRF and XSS AttacksTelegram : Kibana Vulnerabilities Expose Systems to SSRF and XSS AttacksWhatsApp : Kibana Vulnerabilities Expose Systems to SSRF and XSS AttacksEmail : Kibana Vulnerabilities Expose Systems to SSRF and XSS Attacks
Malicious Chrome Extension Grants Full Control Over Ethereum Wallet
13
Nov
2025

Malicious Chrome Extension Grants Full Control Over Ethereum Wallet

Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered…

Share: X : Malicious Chrome Extension Grants Full Control Over Ethereum WalletFacebook : Malicious Chrome Extension Grants Full Control Over Ethereum WalletLinkedin : Malicious Chrome Extension Grants Full Control Over Ethereum WalletReddit : Malicious Chrome Extension Grants Full Control Over Ethereum WalletTelegram : Malicious Chrome Extension Grants Full Control Over Ethereum WalletWhatsApp : Malicious Chrome Extension Grants Full Control Over Ethereum WalletEmail : Malicious Chrome Extension Grants Full Control Over Ethereum Wallet
New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware
13
Nov
2025

New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across…

Share: X : New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer MalwareFacebook : New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer MalwareLinkedin : New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer MalwareReddit : New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer MalwareTelegram : New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer MalwareWhatsApp : New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer MalwareEmail : New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware