Microsoft has confirmed a controversial new feature coming to Teams that will automatically reveal employee work locations by detecting which Wi-Fi networks they connect to raising significant concerns about workplace surveillance and hybrid work policies. The feature, documented in Microsoft’s 365 Roadmap and Admin Centre (Message ID MC1081568), will automatically set users’ work location when […]

The post Microsoft Teams to Begin Sharing Employee Location with Employers Based on Wi-Fi Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has announced the public preview of the Windows App Development CLI (winapp), a new open-source command-line tool designed to simplify Windows application development across multiple frameworks and toolchains. The tool is now available on GitHub for developers working outside traditional Visual Studio or MSBuild environments. The winapp CLI targets developers using cross-platform frameworks including […]

The post Microsoft Open-Sources winapp, a New CLI Tool for Streamlined Windows App Development appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has confirmed that it provided BitLocker encryption recovery keys to the FBI following a valid search warrant, marking the first publicly known case of the technology giant sharing encryption keys with law enforcement. The disclosure occurred after federal investigators in Guam requested access to three encrypted laptops believed to contain evidence of fraud in […]

The post Microsoft Shared BitLocker Recovery Keys with the FBI to Unlock Encrypted Laptop Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations, leveraging SharePoint file-sharing services to bypass traditional email security controls and compromise multiple user accounts. SharePoint Abuse for Initial Access The attack began with a phishing email sent from a compromised trusted vendor’s email address, embedding SharePoint URLs that mimicked […]

The post Researchers Uncover Multi-Stage AiTM Attack Using SharePoint to Bypass Security Controls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The flaw allows remote attackers to gain root access without authentication, triggering widespread exploitation attempts across internet-exposed systems. The security flaw affects GNU InetUtils telnetd versions 1.9.3 through 2.7, with the vulnerable […]

The post Attackers Leveraging telnetd Exploit for Root Privileges After PoC Goes Public appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ISO 27001 is an internationally recognized standard that defines the requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS) within an organization. First introduced in 1999, the standard has evolved through multiple revisions to address changing security needs. The most recent update, ISO 27001:2022, was released on October 25, 2022, […]

The post ISO 27001:2013 vs 2022 – A Quick Comparison Guide appeared first on Kratikal Blogs.

The post ISO 27001:2013 vs 2022 – A Quick Comparison Guide appeared first on Security Boulevard.

Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities CVE-2025-59718 and CVE-2025-59719 discovered during internal code audits in December 2025, with exploitation attempts now documented in customer environments. The vulnerabilities stem from improper verification of cryptographic signatures in FortiCloud […]

The post Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026, permitted the reuse of domain validation data across different ACME accounts, allowing unauthorized certificate issuance for domains that were validated by other users. The vulnerability violated the CA/Browser Forum Baseline […]

The post TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security checks or browser validation steps. What appears to be a routine security interstitial something millions […]

The post Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations. The vulnerability, tracked as CVE-2026-0920 with a CVSS severity rating of 9.8 (Critical), enables unauthenticated attackers to create administrator accounts and achieve complete site compromise. The function fails to properly restrict […]

The post 20,000 WordPress Sites Compromised by Backdoor Vulnerability Enabling Malicious Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws affecting widely-used enterprise software and development tools. All vulnerabilities were added on January 22, 2026, with a standardized deadline of February 12, 2026, requiring federal agencies and critical infrastructure operators to implement patches or mitigations. […]

The post CISA Updates KEV Catalog with 4 Critical Vulnerabilities Following Ongoing Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Node.js has implemented a new quality control measure on its HackerOne bug bounty program, requiring researchers to maintain a minimum Signal reputation score of 1.0 before submitting vulnerability reports. This policy change, announced by the OpenJS Foundation, aims to reduce the growing volume of low-quality submissions that have overwhelmed the security team’s triage capacity. The […]

The post Node.js Sets New Standard for HackerOne Reports, Demands Signal of 1.0 or Higher appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack begins with a deceptive LNK file named “실전 트레이딩 핵심 비법서.pdf.lnk” (translating to “Practical Trading Core Secret Book”), specifically crafted to target South Korean investors seeking financial guidance. This social engineering approach exploits users’ trust […]

The post Threat Actors Exploit LNK Files to Deploy MoonPeak Malware on Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over three intense days of competition, researchers successfully identified and exploited 76 unique zero-day vulnerabilities across automotive systems, claiming a combined prize pool of $1,047,000 USD. The competition crowned Tobias Scharnowski, […]

The post 76 Zero-Day Vulnerabilities Exposed at Pwn2Own Automotive 2026 by Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency users. The attack chain begins with phishing redirects and culminates in persistent access through trojanized hardware wallet applications. The campaign initiates with credential harvesters impersonating Microsoft login pages. Analysis of crosoftonline[.]com/login[.]srf a domain spoofing official Microsoft […]

The post MacSync macOS Infostealer Exploits ClickFix-style Attack to Trick Users with Single Terminal Command appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is launching a new security feature designed to protect Teams users from fraudulent external callers impersonating trusted organizations. The Brand Impersonation Protection for Teams Calling will roll out starting mid-February 2026, with general availability expected by late February. The new protection mechanism evaluates inbound calls from external parties to identify signs of brand impersonation […]

The post Microsoft Introduces Brand Impersonation Protection Warning for Teams Calls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Red Teaming has become one of the most discussed and misunderstood practices in modern cybersecurity. Many organizations invest heavily in vulnerability scanners and penetration tests, yet breaches continue to happen through paths those tools never simulate. Enterprise leaders now ask a deeper question: “Does our security testing completely reflect how attackers will break in?” This […]

The post 10 Questions Enterprise Leaders Should Ask Before Running a Red Teaming Exercise appeared first on Kratikal Blogs.

The post 10 Questions Enterprise Leaders Should Ask Before Running a Red Teaming Exercise appeared first on Security Boulevard.

A newly discovered ransomware family, Osiris, targeted a major foodservice franchisee in Southeast Asia in November 2025. Despite sharing a name with a 2016 Locky ransomware variant, security researchers confirm this represents an entirely new threat with no connection to its predecessor. However, evidence suggests potential links to threat actors previously associated with Inc ransomware […]

The post New Osiris Ransomware Leverages Living Off the Land and Dual-Use Tools in Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential harvesting. Attackers exploit customer trust in the brand while leveraging free hosting services and Telegram bots to exfiltrate data in real time. […]

The post PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers. This represents a fundamental erosion of trust signals that Linux users previously […]

The post Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.