Posts of last 24 hours
The APT-C-60 threat actor has continued targeting Japanese organizations with a spear-phishing campaign that abuses Proton Drive, Windows shortcut files, trusted developer platforms, and native Windows utilities to deliver the SpyGlace malware. While the group retains several established tradecraft elements, including the abuse of legitimate services and the use of git.exe to execute malicious scripts, […]
The post Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A critical authentication bypass vulnerability has been disclosed in the widely used miniOrange OAuth Single Sign-On (SSO) WordPress plugin, carrying a near-maximum CVSS score of 9.8. This flaw, tracked as CVE-2026-57807, affects all plugin versions up to and including version 38.5.8. As of now, it remains unpatched, with no official fix available from the vendor. […]
The post Critical WordPress OAuth SSO Plugin Flaw Allows Unauthenticated Attackers to Gain Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.