soc

HackerOne, a leading vulnerability coordination and bug bounty platform, has officially confirmed a data breach impacting its employees. The security incident did not occur directly on HackerOne’s internal network or infrastructure. Instead, the sensitive data was exposed through a targeted cyberattack on a third-party service provider known as Navia. Employee Data Stolen According to a […]

The post HackerOne Confirms Employee Data Stolen Following Linked Navia Hack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google’s passkey ecosystem quietly depends on a powerful cloud-side component that changes where “passwordless trust” actually lives and that shift could open new avenues for account takeover in the real world. Most passkey discussions focus on WebAuthn and FIDO specs, but attackers care about implementations, not standards. In Google’s case, synced passkeys sit on top […]

The post Google Authenticator’s Hidden Passkey Design May Expose New Passwordless Attack Vectors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silently exfiltrate sensitive credentials. While Aqua’s commercial products remain completely unaffected, the incident highlights the severe risks of using mutable version tags in deployment automation. The attack […]

The post Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.