-
Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved with it. In The Shadow Builders report (get it here), a
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers actively stealing cloud credentials and CI/CD secrets from infected systems. The malicious packages imitate legitimate libraries by using lookalike names such as opensearch-setup and elastic-opensearch-helper, while falsely linking to the official OpenSearch GitHub repository in […]
The post Typosquatted npm Packages Steal Cloud and CI/CD Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Email still reaches more people than any other digital channel. Getting it to actually land in the inbox…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released patch versions 19.0.1, 18.11.4, and 18.10.7 to fix seven security issues affecting GitLab CE and EE, including Duo AI workflow runner access control, a Wiki denial-of-service flaw, and several authorization bugs across GraphQL, Duo Workflows, Operations, Pipelines, and authentication endpoints. The company says self-managed installations should upgrade immediately. At the same time, […]
The post GitLab Patches Multiple Duo AI, DoS, and Authorisation Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of “Sicoob.Sdk” contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively exploiting trust in Adobe Document Cloud by using fake delivery pages to install remote access malware. The campaign leverages a sophisticated phishing kit named “RatPressto,” which abuses compromised WordPress sites and legitimate software to evade detection while targeting financial organizations. The attack begins with phishing emails that appear to be standard corporate […]
The post Fake Adobe Document Cloud Pages Spread ScreenConnect Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in Samba’s printing subsystem has been disclosed, allowing unauthenticated attackers to execute arbitrary code remotely on affected servers. Tracked as CVE-2026-4480, the flaw carries a maximum CVSS score of 10.0, highlighting its severe impact on confidentiality, integrity, and availability. The issue affects Samba print servers configured with the “print command” and […]
The post Samba Security Flaw Lets Attackers Execute Code Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
“Zapocalypse” is a newly disclosed attack chain that shows how attackers could have abused Zapier’s “Code by Zapier” feature to move from a single sandboxed Python step to a potential full-scale Zapier account takeover. The research, carried out by Token Security, is notable because it did not rely on any unknown zero‑days or exotic primitives. […]
The post Zapocalypse Attack Lets Threat Actors Hijack Zapier Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenVPN has released a critical security update for its macOS client after researchers uncovered a vulnerability that could allow remote command execution on affected systems. The issue, tracked as CVE-2026-9560, impacts the privileged helper component in OpenVPN Connect and has been fixed in version 3.8.2 (build 6009), released on May 25, 2026. OpenVPN Connect macOS […]
The post OpenVPN Connect macOS Vulnerability Allows Remote Command Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Anthropic has announced the release of Claude Opus 4.8, a major upgrade to its flagship AI model that introduces advanced engineering-level coding capabilities and improved autonomous task execution. The latest version builds on Opus 4.7, focusing on enhanced reasoning, longer independent operation, and more transparent decision-making. These improvements are expected to affect both software development […]
The post Claude Opus 4.8 Released With Advanced Engineering-Level Coding Capabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
