Threat actors are leveraging sophisticated phishing campaigns by creating fake Microsoft OAuth applications to impersonate legitimate enterprises, enabling credential theft while bypassing multifactor authentication (MFA). Proofpoint researchers have tracked this activity since early 2025, identifying over 50 impersonated applications, including…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Search Engines Are Indexing ChatGPT Chats — Here’s What Our OSINT Found
A significant privacy breach has emerged in the artificial intelligence landscape, as ChatGPT shared conversations are being indexed by major search engines, effectively transforming private exchanges into publicly discoverable content accessible to millions of users worldwide. This discovery has exposed…
LLMs Boost Offensive R&D by Identifying and Exploiting Trapped COM Objects
Outflank is pioneering the integration of large language models (LLMs) to expedite research and development workflows while maintaining rigorous quality standards. This approach allows teams to focus on refining and testing techniques for their Outflank Security Tooling (OST) suite, which…
APT36 Hackers Target Indian Railways, Oil, and Government Systems Using Malicious PDF Files
The Pakistan-linked threat group APT36, also known as Transparent Tribe, has broadened its cyber operations beyond traditional military targets to encompass Indian railways, oil and gas infrastructure, and the Ministry of External Affairs. Security researchers have uncovered two sophisticated desktop-based…
Threat Actors Exploit Proofpoint and Intermedia Link Wrapping to Conceal Phishing Payloads
Cybercriminals are increasingly exploiting link wrapping features from vendors like Proofpoint and Intermedia to mask malicious payloads, leveraging the inherent trust users place in these security tools. Link wrapping, intended as a protective measure, reroutes URLs through vendor scanning services…
Microsoft to Block External Workbook Links to Unsafe File Types by Default
Microsoft announced a significant security enhancement for Excel users, revealing plans to block external workbook links to unsafe file types by default starting in October 2025. This major change aims to strengthen workbook security by preventing potential security vulnerabilities that…
WhatsApp 0-Click RCE Exploit Worth $1 Million at Pwn2Own Ireland 2025
Cybersecurity researchers have a massive incentive to target WhatsApp this fall, as the Zero Day Initiative (ZDI) announced a record-breaking $1 million bounty for a zero-click remote code execution exploit against the popular messaging platform at Pwn2Own Ireland 2025. The…
Hackers Abuse EDR Free Trials to Bypass Endpoint Protection
Cybersecurity researchers have uncovered a concerning new attack vector where threat actors are exploiting free trials of endpoint detection and response (EDR) software to disable existing security protections on targeted systems. This technique, dubbed “BYOEDR” (Bring Your Own EDR), represents…
Microsoft Upgrades .NET Bounty Program, Offers Rewards Up to $40,000
Microsoft has announced significant enhancements to its .NET Bounty Program, introducing expanded coverage, streamlined award structures, and substantially increased financial incentives for security researchers. The updated program now offers maximum rewards of USD 40,000 for critical vulnerabilities affecting .NET and…
Over 17,000 SharePoint Servers Found Exposed Online — 840 Vulnerable to Active 0-Day Attacks
A significant cybersecurity crisis has emerged with the discovery of over 17,000 Microsoft SharePoint servers exposed to internet-based attacks, including 840 systems vulnerable to a critical zero-day vulnerability that Chinese threat actors are actively exploiting. The vulnerability, designated CVE-2025-53770 and…