tokens

November 28, 2025

Cybercriminals Register 18,000 Holiday-Themed Domains to Launch Seasonal Scams

The holiday season has always been a magnet for increased online activity, but 2025 marks a new high-water mark in…
Read More »
November 24, 2025

Zapier’s NPM Account Hacked, Multiple Packages Infected with Malware

Zapier’s NPM account has been successfully compromised, leading to the injection of the Shai Hulud malware into 425 packages currently…
Read More »
November 23, 2025

Hackers Use Salesforce Gainsight Breach to Access Data from More Than 200 Companies

Salesforce has disclosed a significant security incident involving unauthorized access to customer data through compromised Gainsight-published applications. The breach, detected…
Read More »
November 22, 2025

Advanced Features Bypass AI Detection and Steal Password Manager Data

The Python-based information-stealing tool Xillen Stealer has reached versions 4 and 5, significantly expanding its targeting capabilities and functionality across…
Read More »
November 21, 2025

Critical Azure Bastion Vulnerability Lets Attackers Bypass Login and Gain Higher Privileges

Microsoft disclosed a critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enabling attackers to escalate privileges…
Read More »
November 14, 2025

Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens

On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm…
Read More »
November 12, 2025

Hackers Exploit SSRF Flaw in Custom GPTs to Steal ChatGPT Secrets

A cybersecurity researcher has uncovered a server-side request forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, hidden in the Custom…
Read More »
November 4, 2025

Open VSX Registry Responds to Leaked Tokens and Malicious Extension Incident

The Open VSX team and Eclipse Foundation have addressed a significant security incident involving leaked authentication tokens and malicious extensions…
Read More »
November 3, 2025

New BOF Tool Bypasses Microsoft Teams Cookie Encryption to Steal User Chats

Cybersecurity researchers at Tier Zero Security have released a specialised Beacon Object File (BOF) tool that exploits a critical weakness…
Read More »
October 30, 2025

Threat Actors Abuse AzureHound Tool to Enumerate Azure and Entra ID Environments

The cybersecurity landscape continues to shift toward cloud-based attacks, with threat actors increasingly exploiting legitimate security tools for malicious reconnaissance.…
Read More »
October 29, 2025

Massive Tata Motors Data Leak Exposes 70+ TB of Sensitive Information

Tata Motors, India’s largest automaker and a major player in the global automotive industry, suffered a catastrophic data exposure that…
Read More »
October 19, 2025

Critical Zimbra SSRF Flaw Exposes Sensitive Data

Zimbra has released an emergency security patch to address a critical Server-Side Request Forgery (SSRF) vulnerability that could allow attackers…
Read More »
October 13, 2025

Russian Cybercrime Marketplace Shifting from RDP Access to Malware Stealer Log Exploits

The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the…
Read More »
October 12, 2025

Threat Actors Exploit Discord Webhooks for C2 via npm, PyPI, and Ruby Packages – GBHackers Security

Threat actors are increasingly abusing Discord webhooks as covert command-and-control (C2) channels inside open-source packages, enabling stealthy exfiltration of secrets,…
Read More »
October 9, 2025

GitLab Releases Security Update to Patch Multiple DoS-Enabling Vulnerabilities

GitLab has issued a critical security update to address several denial-of-service (DoS) vulnerabilities affecting both Community Edition (CE) and Enterprise…
Read More »
October 5, 2025

SideWinder Hacker Group Targets Users with Fake Outlook/Zimbra Portals to Steal Login Credentials

The notorious SideWinder APT group has intensified its credential harvesting operations across South Asia, deploying sophisticated phishing campaigns that target…
Read More »
September 27, 2025

Apache Airflow Vulnerability Lets Read-Only Users Access Sensitive Data

Apache Airflow maintainers have disclosed a serious security issue, tracked as CVE-2025-54831, that allows users holding only read permissions to…
Read More »
September 16, 2025

The Hidden Risks of Backdoor Injections

AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and…
Read More »
September 11, 2025

Multiple Vulnerabilities in GitLab Patched, Blocking DoS and SSRF Attack Vectors

GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side…
Read More »
September 10, 2025

Meta Verified Scam Ads on Facebook Steal User Account Details

Content creators and small businesses are facing a sophisticated new threat targeting their Facebook accounts through deceptive advertisements promising free…
Read More »

Previous page Next page