Skip to content

1010.cx

  • 11 Malicious NuGet Game Cheat Packages Deploy Pepesoft Windows Surveillance Malware

    ·

    cyber security, Cyber Security News, Malware

    11 malicious NuGet packages masquerading as game cheats, automation bots, and management “panels” that deploy a Windows payload called pepesoft.exe. The packages were published as .NET command-line tools, enabling users to install them through the dotnet tool install workflow and execute bundled commands such as throne-run. The affected packages target communities around Albion Online, GTA5RP, […]

    The post 11 Malicious NuGet Game Cheat Packages Deploy Pepesoft Windows Surveillance Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

    ·

    Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below – @asyncapi/generator-helpers@1.1.1 @asyncapi/generator-components@0.7.1 @asyncapi/generator@3.3.1 @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) “The

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • SheetAgent RAT Runs 14 Virtual Machine Checks and Self-Deletes When Analysis Is Detected

    ·

    cyber security, Cyber Security News

    A threat campaign targeting Indian government job seekers is using a recruitment notice for Senior Field Officer positions in the Cabinet Secretariat as a lure to deploy a custom remote access Trojan, SheetAgent RAT. The campaign begins with a ZIP archive named Approved Documents 2026.pdf.zip, which masquerades as a document-verification package. Its contents include a […]

    The post SheetAgent RAT Runs 14 Virtual Machine Checks and Self-Deletes When Analysis Is Detected appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • FaceTime Scammers Combine Credential Theft, Remote-Access Apps, and iOS Exploits for Device Takeover.

    ·

    cyber security, Cyber Security News, iOS

    Apple-focused scam operations are increasingly using FaceTime as a high-trust social-engineering channel to steal credentials and, in higher-risk cases, prepare victims for device compromise. Apple said threat actors may approach targets via phone calls, FaceTime, SMS, email, and other communications, posing as a legitimate organization. The company stressed that users should never disclose passwords, verification […]

    The post FaceTime Scammers Combine Credential Theft, Remote-Access Apps, and iOS Exploits for Device Takeover. appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Fixes Multiple Windows RDP Flaws Exposing Sensitive Data Over the Network

    ·

    CVE/vulnerability, cyber security, Cyber Security News, Microsoft, Vulnerabilities, vulnerability

    Microsoft has addressed multiple information-disclosure vulnerabilities in the Windows Remote Desktop Protocol (RDP). This widely used service enables remote administration and access to Windows systems. The five flaws could permit attackers to retrieve information from vulnerable hosts, potentially exposing data held in application memory during an RDP session. Microsoft Fixes Multiple Windows RDP Flaws All […]

    The post Microsoft Fixes Multiple Windows RDP Flaws Exposing Sensitive Data Over the Network appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Critical SonicWall SMA 1000 SSRF and Remote Code Execution Flaws Actively Exploited in the Wild

    ·

    CVE/vulnerability, cyber security, Cyber Security News, vulnerability

    SonicWall has issued a security advisory regarding two vulnerabilities affecting the SMA1000 Series appliances. Among these, a critical server-side request forgery (SSRF) flaw has been identified, which carries a maximum CVSS score of 10.0. The company has confirmed that threat actors are actively exploiting these vulnerabilities, increasing the urgency for enterprises that rely on these […]

    The post Critical SonicWall SMA 1000 SSRF and Remote Code Execution Flaws Actively Exploited in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Abuse OAuth Device Codes and Entra ID Enrollment for Persistent SaaS Access

    ·

    cyber security, Cyber Security News

    AI-enabled phishing-as-a-service operations are driving a sharp increase in identity attacks in 202620262026, with threat actors increasingly abusing OAuth device authorization flows and Microsoft Entra ID device enrollment to obtain durable access to SaaS environments. Jalisco is a device code phishing toolkit that generates OAuth device codes in real time and captures the tokens issued […]

    The post Hackers Abuse OAuth Device Codes and Entra ID Enrollment for Persistent SaaS Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Google Chrome 150 Update Fixes 15 Security Vulnerabilities, Including 2 Critical Use-After-Free Flaws

    ·

    Chrome, CVE/vulnerability, cyber security, Cyber Security News, Google, Vulnerabilities

    Google Chrome version 150 addresses vulnerabilities in several core browser components, including Ozone, Skia, V8, GPU, Media, UI, Navigation, libyuv, and Linux Toolkit Theming. Among the updates, two critical vulnerabilities, designated as CVE-2026-15764 and CVE-2026-15765, involve use-after-free issues in Ozone, which serves as Chrome’s platform abstraction layer for supporting graphics and window-system integrations across various […]

    The post Google Chrome 150 Update Fixes 15 Security Vulnerabilities, Including 2 Critical Use-After-Free Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Critical Claude for Chrome Flaw Lets Malicious Extensions Read Gmail, Google Docs, and Calendar

    ·

    CVE/vulnerability, cyber security, Cyber Security News

    Two vulnerabilities in Anthropic’s Claude for Chrome extension could allow a malicious browser extension to trigger AI-driven actions affecting a victim’s Gmail, Google Docs, and Google Calendar data. These issues are still reproducible in Claude for Chrome version 1.0.801.0, released on July 7, 2026, even after being reported to Anthropic in May. The primary issue […]

    The post Critical Claude for Chrome Flaw Lets Malicious Extensions Read Gmail, Google Docs, and Calendar appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • China-Linked Hackers Weaponize Claude Code and DeepSeek in Government Intrusion Campaign

    ·

    cyber security, Cyber Security News, DeepSeek

    A suspected China-linked threat actor has integrated Anthropic’s Claude Code and DeepSeek-v4-pro into an active intrusion campaign targeting government entities, Taiwanese industry, and financial-services organizations. TencShell was first documented by Cato CTRL in May and assessed as linked to suspected China-based activity. A shared HTTP header fingerprint on port 111111111111 led researchers to 131313 Hong […]

    The post China-Linked Hackers Weaponize Claude Code and DeepSeek in Government Intrusion Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

Previous Page
1 2 3 4 5 … 950
Next Page

1010.cx

cybersecurity / defense / intelligence