NeuroSploit v2 is an advanced AI-powered penetration testing framework designed to automate and enhance offensive security operations. Leveraging cutting-edge large language model (LLM) technology, the framework brings automation to vulnerability assessment, threat simulation, and security analysis workflows. NeuroSploit v2 represents…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
New Cybercrime Tool “ErrTraffic” Enables Automated ClickFix Attacks
The cybercriminal underground has entered a new phase of industrialization. Hudson Rock researchers have uncovered ErrTraffic v2, a sophisticated ClickFix-as-a-Service platform that commoditizes deceptive social engineering at an unprecedented scale. Priced at just $800 and advertised on top-tier Russian cybercrime…
GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS
GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS Code extensions, has completed a significant platform pivot to macOS with 50,000 downloads and a fully…
New Open-Source C2 Framework AdaptixC2 Debuts With Improved Stability and Speed
The open-source community has received a major update with the release of AdaptixC2 Version 1.0. This new version brings significant enhancements to the Command and Control (C2) framework, with a focus on network stability, user interface (UI) performance, and operational…
New AI-Enhanced Crypter Promoted as Capable of Evading Windows Defender
Cybersecurity researchers have spotted a new high-sophistication malware loader being advertised on dark web forums, marketed as a commercial solution for evading modern endpoint protection. The tool, dubbed InternalWhisper x ImpactSolutions, is being promoted by a threat actor known as “ImpactSolutions.”…
New Spear-Phishing Attack Targeting Security Individuals in the Israel Region
Israel’s National Cyber Directorate has issued an urgent alert warning of an active spear-phishing campaign specifically targeting individuals employed in security and defense-related sectors. The operation, linked to infrastructure associated with APT42 (also known as Charming Kitten), represents a deliberate…
Critical IBM API Connect Flaw Allows Attackers to Bypass Authentication
IBM has disclosed a critical authentication bypass vulnerability affecting its API Connect platform, assigning it a maximum CVSS severity score of 9.8. The flaw, tracked as CVE-2025-13915, represents a primary authentication weakness (CWE-305) that requires no user interaction or special…
ESET Flags Rising Threat of AI-Driven Malware and Ransomware
The cybersecurity landscape entered a critical new era in the second half of 2025 as AI-powered malware transitioned from theoretical threat to tangible reality, while the ransomware-as-a-service economy expanded at an unprecedented pace. According to ESET Research’s latest Threat Report,…
Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion
A threat actor operating under the handle Crypt4You has begun advertising a sophisticated new offensive tool on underground cybercrime forums, marketed as a “kernel-level” security neutralization utility. Dubbed VOID KILLER, the malware is designed explicitly to terminate antivirus (AV) and Endpoint Detection and…
Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions
A sophisticated and expansive Magecart campaign has been uncovered, marking a dangerous evolution in client-side attacks. Security researchers have identified a global operation utilizing over 50 distinct malicious scripts to hijack checkout and account creation flows across dozens of e-commerce…
70,000+ MongoDB Servers Exposed After MongoBleed PoC Released
Over 74,000 MongoDB database servers remain vulnerable to a critical security flaw after proof-of-concept exploit code for the MongoBleed vulnerability became publicly available. The Shadowserver Foundation reports that 74,854 exposed MongoDB instances are running unpatched versions susceptible to CVE-2025-14847, representing…
EmEditor Website Breach Used to Spread Infostealer Malware
The popular text editor EmEditor fell victim to a sophisticated supply chain attack between December 19-22, 2025, in which attackers compromised the official website to distribute malware-laced installation packages. Emurasoft, Inc., the software’s developer, confirmed on December 23 that malicious…
Silver Fox Hackers Target Indian Entities Using Income Tax Phishing Lures
Threat intelligence researchers at CloudSEK have uncovered a sophisticated phishing campaign targeting Indian entities using Income Tax-themed lures, attributed to the Chinese-aligned Silver Fox APT group. The campaign employs an advanced multi-stage malware chain delivering Valley RAT, a modular remote…
New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones
Security researchers have disclosed critical vulnerabilities in Airoha-based Bluetooth headphones that enable attackers to compromise connected smartphones through chained exploits. The three vulnerabilities CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 affect dozens of popular headphone models from Sony, Marshall, Jabra, Bose, and other…
Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts
A severe unauthenticated remote code execution vulnerability has been discovered in XSpeeder networking devices, potentially affecting more than 70,000 publicly accessible hosts worldwide. Tracked as CVE-2025-54322, the flaw allows attackers to gain root-level access without any authentication credentials. CVE ID…
Hackers Launch 2.5 Million+ Malicious Requests Targeting Adobe ColdFusion Servers
Security researchers have uncovered a massive coordinated exploitation campaign where threat actors launched over 2.5 million malicious requests against vulnerable systems during the Christmas 2025 holiday period. The campaign represents a sophisticated, multi-faceted initial access broker operation targeting Adobe ColdFusion…
Hacker Dumped MacBook in River in Attempt to Destroy Digital Evidence
A former employee of South Korean e-commerce giant Coupang attempted to destroy evidence of a massive data theft by throwing his MacBook Air into a river, investigators revealed this week. The desperate act failed spectacularly, with forensic experts recovering the…
MongoBleed Detector Launched to Identify Critical MongoDB Flaw (CVE-2025-14847)
Security researchers have released an open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting multiple MongoDB versions. The MongoBleed Detector, developed by Neo23x0, provides incident responders with an offline analysis capability…
Hacktivist Proxies and the Normalization of Cyber Pressure Campaigns
A significant shift in the cyber threat landscape has been identified in a new research report, distinguishing modern “Hacktivist Proxy Operations” from traditional digital protests or criminal schemes. The findings suggest that hacktivism has evolved into a repeatable, model-driven instrument…
Hackers Compromise Trust Wallet Chrome Extension, Users Claim Millions Stolen
Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025. The breach, which targeted desktop users exclusively, left hundreds of wallets completely drained within hours of the…