Aggregator

A major security vulnerability in the Android spyware operation Catwatchful has exposed the complete database of over 62,000 customer accounts, including plaintext passwords and email addresses, according to a security researcher who discovered the breach in June 2025. Canadian cybersecurity researcher Eric Daigle uncovered the vulnerability through a SQL injection attack that allowed him to […]

The post Android Spyware Catwatchful Exposes Credentials of Over 62,000+ Customer Accounts appeared first on Cyber Security News.

Dylan, 13, has accomplished a remarkable achievement by becoming the youngest security researcher to work with the Microsoft Security Response Center (MSRC), leaving his mark on the history of cybersecurity. His journey from tinkering with Scratch, a visual programming language for creating games, to identifying critical vulnerabilities in Microsoft products showcases a rare blend of […]

The post 13-Year-Old Dylan Joins Forces with Microsoft Security Response Center as the Youngest Security Researcher appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new malware loader dubbed “BUBBAS GATE” has surfaced on underground forums and Telegram channels, drawing attention for its bold claims of advanced evasion capabilities, including bypassing Microsoft’s SmartScreen and modern AV/EDR solutions. The loader was first advertised on June 22, 2025, with the threat actor touting a suite of features designed to evade detection and maximize […]

The post New ‘BUBBAS GATE’ Malware Advertised on Telegram Boasts SmartScreen and AV/EDR Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew out information that may benefit them, such as phishing URLs and fake download pages. Surfacing incorrect, potentially malicious URLs SEO poisoning and malvertising has made searching for login pages and software via Google or other search engines a minefield: if you don’t … More →

The post You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code appeared first on Help Net Security.

The sudden emergence of the “TeamsPhantom” malware in early June rattled school districts and multinational corporations alike. Masquerading as a harmless Microsoft Teams plug-in, the threat weaponized legitimate meeting invitations to sideload a multi-stage loader that siphoned Azure AD refresh tokens and session cookies. Within forty-eight hours, telemetry showed probing activity on more than 24,000 […]

The post 13-Year-Old Dylan – Youngest Security Researcher Collaborates with Microsoft Security Response Center appeared first on Cyber Security News.

Microsoft has officially confirmed that its recent Windows 11 update, KB5060829, is causing unexpected error entries in the Windows Firewall With Advanced Security logs. The company has assured users and IT administrators that these errors, while potentially alarming, do not indicate any malfunction or security risk and can be safely ignored. Following the installation of […]

The post Microsoft Acknowledges Error Entry in Windows Firewall With Advanced Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Let’s Encrypt, a leading certificate authority (CA) known for providing free SSL/TLS certificates since 2015, has issued its first-ever certificate for an IP address. This development, announced earlier in January, marks a significant step in expanding secure communication options for Internet infrastructure. The organization is now rolling out this feature gradually to its subscribers, with […]

The post Let’s Encrypt Expands to Issue SSL/TLS Certificates for IP Addresses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The popular artificial intelligence tools, including GPT models and Perplexity AI, are inadvertently directing users to phishing websites instead of legitimate login pages.  The study found that when users ask these AI systems for official website URLs, over one-third of the responses point to domains not controlled by the intended brands, creating unprecedented security vulnerabilities […]

The post AI Tools Like GPT Direct Users to Phishing Sites Instead of Legitimate Ones appeared first on Cyber Security News.

Microsoft has released a critical security update for its Edge browser, addressing a high-severity vulnerability in the Chromium engine that is currently being exploited in the wild. The update, available in Microsoft Edge Stable Channel Version 138.0.3351.65, patches CVE-2025-6554—a flaw that security experts urge all users to remediate without delay. CVE-2025-6554 is a type confusion […]

The post Microsoft Edge Fixes Actively Exploited Chromium Flaw — Update Immediately appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Let’s Encrypt, the world’s largest certificate authority, has achieved a significant milestone by issuing its first SSL/TLS certificate for an IP address on July 1, 2025. This development marks a substantial shift in the certificate ecosystem, as IP address certificates have historically been available from only a handful of certificate authorities on a limited scale. […]

The post Let’s Encrypt Started to Issue SSL/TLS Certificate for IP Address appeared first on Cyber Security News.

You must login to view this content

Two high-severity vulnerabilities in Anthropic’s Model Context Protocol (MCP) Filesystem Server enable attackers to escape sandbox restrictions and execute arbitrary code on host systems.  The vulnerabilities, designated CVE-2025-53109 and CVE-2025-53110, affect all versions prior to 0.6.3 and represent a significant security risk as MCP adoption accelerates across enterprise environments where AI applications often run with […]

The post Anthropic’s MCP Server Vulnerability Allowed Attackers to Escape Sandbox and Execute Code appeared first on Cyber Security News.

The ongoing Russia-Ukraine conflict, which intensified in 2022, continues to reshape the cybercrime landscape in 2025, with hacktivism emerging as a potent weapon in geopolitical disputes. Since the war’s outbreak, pro-Russian and pro-Ukrainian hacktivist groups have waged a parallel battle in cyberspace, employing distributed denial-of-service (DDoS) attacks, website defacements, and data breaches to influence the […]

The post Pro-Russian Hackers Forge New Alliances for High-Profile Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.