-
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly observed intrusion demonstrates how attackers are replacing static playbooks with AI-driven agents that adapt in real time. The attack began on May 10, 2026, როდესაც threat actors exploited CVE-2026-39987, a remote code execution flaw in the marimo notebook environment. Once inside, the attacker harvested cloud credentials from environment files and system paths. Unlike […]
The post Hackers Pivot from marimo RCE to Internal Database Using LLM Agent appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
·
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now – meanwhile some researcher casually drops a technique that turns a “minor” foothold into total account¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity from the editors at Cybercrime Magazine
Sausalito, Calif. – May. 28, 2026– Read the full story in Daily Mirror
Hilmy Cader warns that the intensity and sophistication of cybercrime, now supercharged by the pervasive use of Generative AI, is overwhelming governments, enterprises and consumers worldwide.
“Cybersecurity must be treated as a strategic emergency,” says Cader, CEO at MTI Consulting, an international strategy consultancy with offices in Africa, Australia, England, Bahrain, Canada, and Sri Lanka.
Cybersecurity Ventures predicted that global cybercrime costs would reach $ 10.5 trillion USD annually by 2025 — making it the world’s third-largest economy, if measured by GDP. This staggering figure underscores the scale of the threat and the need for immediate action.
Sri Lanka, an island country lying in the Indian Ocean with a population of around 22 million, is not immune.
The Sri Lanka Computer Emergency Readiness Team continues to report a sharp rise in phishing and ransomware incidents. As Sri Lanka accelerates digital adoption in banking, e-commerce and government services, the risks of cybercrime grow exponentially.
The Morning reports that local experts warn weak governance and poor awareness are leaving State systems exposed and that Business Email Compromise (BEC) is also on the rise.
Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:
- SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
- NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
- HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
- VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
- M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
- BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
- PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
- PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
- RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.
Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.
The post Sri Lanka CERT Reports Sharp Rise In Phishing And Ransomware Incidents appeared first on Cybercrime Magazine.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious websites can now exploit subtle SSD timing signals in modern browsers to quietly track what users are doing on their devices, including which sites and apps they open, using a new side‑channel technique called FROST. Security researchers Hannesweissteiner have revealed that a single drive‑by visit to a booby‑trapped page is enough for an attacker […]
The post Malicious Websites Exploit SSD Timing Signals to Monitor Visitor Activity appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don’t understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed phishing technique dubbed “VaultJacking” is raising serious concerns across the cybersecurity community after researchers demonstrated how a single captured Google Password Manager (GPM) PIN can expose an entire user credential vault. The attack shows that even passkeys widely promoted as phishing-resistant can be indirectly compromised when attackers target the underlying sync infrastructure […]
The post VaultJacking Attack Exposes Google Password Vaults via Single PIN appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
As mobile usage continues to dominate the digital landscape, securing mobile applications has never been more critical. The year 2026 brings new challenges to the table: sophisticated AI-driven cyberattacks, complex vulnerabilities, and the rapid evolution of continuous integration workflows. For enterprises and developers, relying on outdated security measures is no longer a viable strategy; proactive […]
The post Top 10 Best Mobile Application Security Testing (MAST) Tools in 2026 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability, tracked as CVE-2026-27771, has been discovered in Gitea’s built-in container registry, allowing unauthenticated remote attackers to access private container images without credentials. This flaw poses a serious risk as it can expose sensitive application data, including source code, secrets, and infrastructure configurations. Due to its severity and ease of exploitation, security experts […]
The post Gitea Container Registry Vulnerability Could Lead to Private Image Exposure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitHub token. Identified by OX Security researchers, the package, named mouse5212-super-formatter, operates as an infostealer that silently exfiltrates sensitive files from compromised systems while masquerading as a legitimate development utility. The package, which has already reached […]
The post AI-Generated npm Malware Leaks Hacker’s Private GitHub Token appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶