A severe security vulnerability has been discovered in Hewlett Packard Enterprise OneView software, threatening enterprise infrastructure across data centers and hybrid cloud environments. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS 3.1 severity score of 10.0, indicating critical risk…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
APT35 Leak Reveals Spreadsheets Containing Domains, Payments, and Server Information
Iranian cyber unit Charming Kitten, officially designated APT35, has long been dismissed as a noisy but relatively unsophisticated threat actor a politically motivated collective known for recycled phishing templates and credential-harvesting pages. Episode 4, the latest intelligence dump, fundamentally rewrites…
Beware of Malicious Scripts in Weaponized PDF Purchase Orders
A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate cloud infrastructure and encrypted messaging apps to steal corporate credentials. The attack vector was brought to light after security researchers…
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Security researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active…
RansomHouse RaaS Enhances Double Extortion with Data Theft and Encryption
RansomHouse, a ransomware-as-a-service (RaaS) operation managed by the threat group Jolly Scorpius, has significantly enhanced its encryption capabilities, marking a critical escalation in the threat landscape. Recent analysis of RansomHouse binaries reveals a sophisticated upgrade from basic linear encryption to…
Phantom Stealer Targeting Users to Steal Sensitive Data
Sophisticated malware employs a multi-stage infection chain and advanced evasion techniques to exfiltrate sensitive information. Phantom, a sophisticated stealer malware variant, is conducting targeted attacks to harvest sensitive data from infected systems, including passwords, browser cookies, credit card information, and…
Critical Apache Commons Text Flaw Lets Hackers Execute Remote Code
A critical remote code execution vulnerability has been discovered in Apache Commons Text, affecting all versions prior to 1.10.0. The flaw, tracked as CVE-2025-46295, poses a significant security risk to organizations relying on the widely-used Java library for text manipulation…
Chinese Ink Dragon Breaches European Government Networks, Affecting Asia and South America
Ink Dragon, a Chinese espionage group, has significantly expanded its operational reach from Southeast Asia and South America into European government networks, according to ongoing research by Check Point Research. The threat actor employs a methodical approach that combines strategic…
Hackers Actively Exploit SonicWall SMA1000 Zero-Day to Escalate Privileges
SonicWall has issued an urgent security advisory warning of active exploitation of a local privilege escalation vulnerability affecting its SMA1000 appliances. The flaw, tracked as CVE-2025-40602, enables attackers with management console access to gain elevated privileges and potentially achieve complete…
New Reports Reveal WAFs Are Ineffective Against Latest React2Shell Exploit
TEL AVIV, Israel, Dec. 17, 2025 Miggo Security has released a comprehensive benchmark study revealing critical gaps in Web Application Firewall (WAF) protection, with the discovery of React2Shell (CVE-2025-55182) serving as a stark real-world validation of these vulnerabilities. The research, titled…
Kimwolf Android Botnet Compromises 1.8 Million Devices Worldwide
A newly discovered Android botnet dubbed “Kimwolf” has silently compromised over 1.8 million devices globally, primarily targeting Android TV boxes in residential networks. The massive operation, which at one point saw its command-and-control (C2) domain surpass Google in global popularity…
Cybercriminals Registering Fake Shopping Domains to Target Users This Holiday Season
As the global holiday shopping season reaches its peak, cybersecurity researchers have uncovered a massive, industrialized operation designed to defraud consumers through a sophisticated network of counterfeit e-commerce sites. In a report released in November 2025, PreCrime™ Labs, the research…
Hackers Actively Target Cisco and Palo Alto VPN Gateways to Steal Login Credentials
Cybersecurity researchers at GreyNoise have identified a large-scale, coordinated campaign targeting enterprise VPN authentication systems. The attackers are systematically attempting to breach Cisco SSL VPN and Palo Alto Networks GlobalProtect services through credential-based attacks rather than exploiting specific vulnerabilities. The…
Microsoft 365 Outage Disrupts Teams, Outlook, and Copilot in Japan and China
Thousands of users across Japan and China experienced significant disruptions to Microsoft 365 services on Thursday morning due to a critical routing issue affecting the company’s infrastructure. The outage affected essential workplace tools, including Teams, Outlook, OneDrive, and Copilot, resulting…
Critical Node.js Library Flaw Lets Hackers Execute Remote Commands on Windows
A severe command injection vulnerability has been discovered in systeminformation, a widely-used Node.js library for retrieving system information. The flaw, tracked as CVE-2025-68154, allows attackers to execute arbitrary commands on Windows systems when applications pass user input to the vulnerable…
Chinese Hackers Turn Compromised Servers Into ShadowPad Nodes
A sophisticated Chinese threat actor tracked as Ink Dragon has been weaponizing a custom ShadowPad IIS Listener module to convert compromised servers into distributed relay nodes, according to research by Check Point Research. The tactic represents a significant escalation in…
Hackers Can Seize Control of Car Dashboards Through Modem Vulnerabilities
Imagine cruising down the highway in your brand-new electric car when suddenly the multimedia display fills with Doom, the iconic 3D shooter game completely replacing your navigation map and vehicle controls. Shockingly, this isn’t science fiction. Security researchers have demonstrated…
Microsoft Desktop Window Manager Flaw Allows Privilege Escalation
A critical vulnerability has been discovered in the Windows Desktop Window Manager (DWM) that could allow attackers to escalate privileges to system level. The flaw, tracked as CVE-2025-55681, resides in the dwmcore.dll component and was disclosed during the TyphoonPWN Windows security competition, where…
ForumTrol Operation Uses Chrome Zero-Day in Fresh Phishing Attacks
The ForumTroll APT group has resurfaced with a sophisticated phishing campaign targeting Russian academics, marking a significant escalation in their ongoing operations against entities in Russia and Belarus. While the group initially gained notoriety for exploiting CVE-2025-2783, a zero-day vulnerability…
Kimsuky Hackers Use Weaponized QR Codes to Distribute Malicious Mobile Apps
Threat researchers have uncovered a sophisticated mobile malware campaign attributed to North Korea-linked threat actor Kimsuky, leveraging weaponized QR codes and fraudulent delivery service impersonations to trick users into installing remote access trojans on their smartphones. The ENKI WhiteHat Threat…