-
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated traffic distribution system (TDS) hiding behind education-themed domains. The operation uses bulletproof hosting to deliver phishing pages, scams, and malware files. Analysts triaged a first-stage JavaScript loader from hxxps[:]//toxicsnake-wifes[.]com/promise/script.js. This revealed a commodity cybercrime farm routing victims to harmful payloads. The main domain, toxicsnake-wifes[.]com, acts as a TDS node. It injects db.php with […]
The post Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A malicious VS Code extension in the Open VSX registry that masquerades as the popular Angular Language Service. Published two weeks ago, it amassed 5,066 downloads before activating sophisticated malware. The extension bundles legitimate Angular tooling (@angular/language-service 21.1.0-rc.0) and TypeScript 5.9.3. However, it contains malicious code hidden in the extension/index.js file, posing a severe supply-chain […]
The post Sophisticated Malware Lurks In Open VSX Extension With 5,066 Downloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has released critical security updates for its GPU Display Drivers after discovering multiple high-severity vulnerabilities that could allow attackers to execute malicious code and escalate privileges on affected systems. The security bulletin, published on January 27, 2026, addresses five distinct vulnerabilities affecting Windows, Linux, and virtualization platforms, with CVSS scores reaching 7.8. Use-After-Free and […]
The post NVIDIA GPU Driver Vulnerability Opens Door to Elevated Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Wireshark Foundation released Wireshark version 4.6.3 on January 14, 2026, addressing four critical security vulnerabilities and multiple stability issues affecting the popular network protocol analysis tool. The maintenance update targets crashes and infinite loop conditions that could impact analysis workflows and system stability. Security Vulnerabilities Resolved The release patches four distinct security flaws identified […]
The post New Wireshark 4.6.3 Release Patches Dissector, Parser Stability Issues appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday. Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secrets for taking over 2,000 documents containing
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. “SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has disclosed two critical vulnerabilities affecting Endpoint Manager Mobile (EPMM) that could allow attackers to achieve unauthenticated remote code execution. The flaws, tracked as CVE-2026-1281 and CVE-2026-1340, both stem from code injection issues and carry a maximum CVSS severity score of 9.8, indicating critical risk to affected deployments. Vulnerability Overview Both vulnerabilities enable attackers […]
The post Ivanti Endpoint Manager Vulnerability Allows Remote Code Execution, appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A stealthy data theft technique in Microsoft 365 that abuses Outlook add-ins to exfiltrate email content without leaving meaningful forensic traces. The technique, dubbed “Exfil Out&Look,” takes advantage of how Outlook Web Access (OWA) handles add-ins and audit logging, creating a blind spot that traditional Microsoft 365 monitoring cannot see. Outlook add-ins are small web-based […]
The post Attackers Weaponize Microsoft 365 Outlook Add-ins to Quietly Exfiltrate Email Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog. The critical-severity vulnerabilities are listed below – CVE-2026-1281 (CVSS score:
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
