In a new disclosure, security researchers revealed that a threat actor group called TigerJack has been publishing malicious extensions on Microsoft’s Visual Studio Code (VSCode) […]
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by…
Malicious Ivanti VPN Client Sites in Google Search Deliver Malware — Users Warned
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign…
Phishing training needs a new hook — here’s how to rethink your approach
Phishing is a tried-and-true attack vector. These attacks account for…
Cisco SNMP Vulnerability Actively Exploited to Install Linux Rootkits
Cybersecurity researchers at Trend Micro have discovered an active attack…
NightMARE: A Python Library for Advanced Malware Analysis and Threat Intelligence Extraction
Elastic Security Labs has officially released nightMARE version 0.16, a…
Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials
Hackers have launched a sophisticated phishing campaign impersonating both OpenAI and the recently released Sora 2 AI service. By cloning legitimate-looking landing pages, these actors are duping users into submitting their login credentials, participating in faux “gift” surveys, and even falling victim to cryptocurrency scams. Security researchers note that these deceptive domains are already ensnaring […] The post Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. The original article found on GBHackers Security | #1 Globally Trusted Cyber Security News Platform Read More
Phishing training needs a new hook — here’s how to rethink your approach
Phishing is a tried-and-true attack vector. These attacks account for…
Malicious Ivanti VPN Client Sites in Google Search Deliver Malware — Users Warned
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign…
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by…
NightMARE: A Python Library for Advanced Malware Analysis and Threat Intelligence Extraction
Elastic Security Labs has officially released nightMARE version 0.16, a…
Cisco SNMP Vulnerability Actively Exploited to Install Linux Rootkits
Cybersecurity researchers at Trend Micro have discovered an active attack…
Weak Password Enables Ransomware Attack on 158-Year-Old Firm
A single compromised password has been identified as the catalyst…
Securing Agentic AI: How to Protect the Invisible Identity Access
AI agents promise to automate everything from financial reconciliations to…
7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems
A critical denial-of-service vulnerability has been discovered in 7-Zip that…
Chrome Security Update Fixes High-Severity Flaws Allowing Arbitrary Code Execution
Google has released a critical security update for its Chrome…
Open VSX Marketplace Flaw Enables Millions of Developers at Risk of Supply Chain Attacks
A newly disclosed critical vulnerability in the Open VSX Registry,…
Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the […]
Chrome Use-After-Free Flaw Lets Attackers Execute Arbitrary Code
Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code […]
Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code
Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws […]
Microsoft IIS Exploit Allows Unauthenticated Attackers to Run Arbitrary Code
A serious security flaw has been discovered in Microsoft’s Internet Information Services (IIS) that lets attackers run arbitrary code without logging in. The vulnerability affects […]
FortiOS CLI Bypass Flaw Lets Attackers Run Arbitrary System Commands
Fortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing […]
TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions
Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, […]
FortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass Authentication
Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks. The vulnerability, […]
Africa Remains Top Global Target, Even as Attacks Decline
Organizations across the continent saw 10% fewer attacks in September, but Africa remains the most attacked region in the world, leading the Global South. The […]
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors—WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites—to distribute malicious Android droppers. Once installed, these droppers […]