OpenSSH 10.3 Released With Patch for Shell Injection and Other Security Flaws
the OpenSSH project released version 10.3 alongside its portable version 10.
GBHackers
20 articles
North Korea Uses GitHub as C2 in New LNK Phishing Campaign
A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) inf...
Top 10 Best SaaS Security Posture Management (SSPM) Tools 2026
The rapid and relentless adoption of Software-as-a-Service (SaaS) applications has fundamentally transformed how businesses operate in 2026. From critical pr...
Qilin Ransomware Deploys Malicious DLL to Disable Most EDR Defenses
The Qilin ransomware group has developed a highly sophisticated infection chain that targets and disables over 300 endpoint detection and response (EDR) solu...
Adobe Data Breach Allegedly Exposes 13 Million Support Tickets
A threat actor known as “Mr. Raccoon” claims to have breached Adobe, stealing a massive amount of sensitive data.
Akira-Style Ransomware Campaign Hits Windows Users Across South America
A newly identified ransomware campaign is targeting Windows users across South America, leveraging tactics that closely mimic the notorious Akira ransomware ...
Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm
The international cybersecurity community was alerted to a major data breach involving Israeli military infrastructure. Handala, a recognized Iranian nation-...
Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign
Hackers have launched a targeted phishing campaign by cloning Ukraine’s official CERT-UA website and distributing malicious software disguised as a security ...
RFQ Malware Campaign Uses DOCX, RTF, JS, and Python
Hackers are abusing DOCX, RTF, JavaScript, PowerShell, and Python to deliver an in‑memory Cobalt Strike beacon in a stealthy spear‑phishing campaign that imp...
NoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android Users
NoVoice is a new Android rootkit campaign that hid in more than 50 apps on Google Play, exploiting 22 vulnerabilities to hijack millions of older and unpatch...
CISA Issues Alert on Chrome Zero-Day Under Active Exploitation
The U.S.
Apple Releases iOS 18.7.7 Update to Defend Against DarkSword Exploit
Apple has officially expanded the rollout of iOS 18.7.
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
Microsoft has detailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure a...
FBI Warns Chinese Mobile Apps Could Expose User Data to Cyberattacks
The Federal Bureau of Investigation (FBI) has issued a public warning about potential data security risks associated with foreign-developed mobile applicatio...
New ZAP PTK Add-On Converts Browser Security Findings Into Native ZAP Alerts
The OWASP Zed Attack Proxy (ZAP) just received a massive upgrade for testing modern web applications. The release of the ZAP PTK Add-on 0.
Cisco Smart Software Manager Flaw Allowed Arbitrary Command Execution
Cisco has released a high-priority security advisory regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. The fla...
Critical PX4 Autopilot Vulnerability Let Attackers Gain Control of Drones
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a severe vulnerability in the PX4 Autopilot system. Th...
TA416 Broadens Europe Spy Campaign With Web Bugs and Malware
China-aligned threat actor TA416 has resumed large-scale espionage against European governments. It is now expanding to Middle Eastern diplomatic targets, co...
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
A new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access...
Cisco Warns of Critical IMC Vulnerability Enabling Authentication Bypass
Cisco has published an urgent security advisory for CVE-2026-20093, a critical 9.8-severity authentication bypass vulnerability affecting its Integrated Mana...