Security researchers at Citizen Lab have uncovered the first forensic evidence linking Paragon’s Graphite mercenary spyware to zero-click attacks on journalists’ iPhones. The campaigns exploited a now-patched iMessage vulnerability (CVE-2025-43200) to compromise devices running iOS 18.2.1, highlighting the persistent threat…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
JSFireTruck Obfuscation Helps Cybercriminals Hijack Trusted Sites with Malicious JavaScript
A sophisticated and extensive cyber attack campaign has been uncovered, in which threat actors are compromising legitimate websites to inject highly obfuscated JavaScript code. Dubbed “JSFireTruck,” this obfuscation technique enables cybercriminals to quietly redirect unsuspecting visitors to malicious sites capable…
PoC Exploit Unveiled for Windows Disk Cleanup Elevation Vulnerability
Microsoft addressed a high-severity elevation of privilege vulnerability (CVE-2025-21420) in its Windows Disk Cleanup Utility (cleanmgr.exe) during February 2025’s Patch Tuesday. The flaw, scoring 7.8 on the CVSS scale, enabled attackers to execute malicious code with SYSTEM privileges through DLL…
Major Outage Hits Google Cloud and Linked Cloudflare Services, Thousands Affected
On June 12, 2025, concurrent infrastructure failures at Cloudflare and Google caused widespread service disruptions, highlighting vulnerabilities in modern cloud dependencies. The outages impacted critical services ranging from authentication systems to AI platforms, underscoring the fragility of interconnected internet ecosystems.…
WebDAV Remote Code Execution 0-Day Actively Exploited — PoC Released
A critical zero-day vulnerability in Microsoft’s Web Distributed Authoring and Versioning (WebDAV) protocol, tracked as CVE-2025-33053, has been actively exploited by the advanced persistent threat (APT) group Stealth Falcon since March 2025. The flaw, patched in June’s Patch Tuesday, enables…
TokenBreak Exploit Tricks AI Models Using Minimal Input Changes
HiddenLayer’s security research team has uncovered TokenBreak, a novel attack technique that bypasses AI text classification models by exploiting tokenization strategies. This vulnerability affects models designed to detect malicious inputs like prompt injection, spam, and toxic content, leaving protected systems…
Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware
Security researchers have uncovered a sophisticated malware campaign exploiting a little-known flaw in Discord’s invitation system, enabling cybercriminals to hijack expired or deleted invite links and redirect unsuspecting users to malicious servers. This attack chain, discovered by Check Point Research,…
Threat Actors Exploit DeepSeek-R1 Popularity to Target Windows Device Users
A new, highly sophisticated cyberattack campaign is targeting users seeking to download the popular language model DeepSeek-R1, exploiting global interest in large language models (LLMs). Kaspersky researchers have uncovered that threat actors are utilizing malvertising and phishing tactics to distribute…
OpenPGP.js Vulnerability Allows Attackers to Bypass Message Signature Verification
A critical vulnerability in OpenPGP.js, a widely used JavaScript library for encrypted messaging and digital signatures, has been patched after researchers discovered it allowed attackers to spoof message signatures, potentially undermining the trust model of public key cryptography. The flaw,…
Windows Defender Bypass Using PowerShell and Registry Edits in CyberEYE RAT
A newly discovered remote access trojan (RAT) named CyberEye is making waves in the cybersecurity community for its sophisticated capabilities and its reliance on Telegram, the popular messaging platform, as its command-and-control (C2) infrastructure. First detected in the wild in May 2025,…
AitM Phishing Attacks on Microsoft 365 and Google Aimed at Stealing Login Credentials
A dramatic escalation in phishing attacks leveraging Adversary-in-the-Middle (AiTM) techniques has swept across organizations worldwide in early 2025, fueled by the rapid evolution and proliferation of Phishing-as-a-Service (PhaaS) platforms. Sekoia researchers and threat intelligence teams are sounding the alarm as…
OneLogin AD Connector Vulnerabilities Expose Authentication Credentials
A critical security vulnerability in OneLogin’s Active Directory (AD) Connector service has exposed enterprise authentication systems to significant risk The flaw, now reportedly fixed, uncovered by SpecterOps allowed malicious actors to obtain authentication credentials, impersonate users, and access sensitive applications…
Threat Actors Using Bat Files to Deploy Quasar RAT
Remote Access Trojans (RATs) like Quasar have been a persistent threat for years, enabling attackers to control infected systems remotely. Recent SANS research has uncovered a new and particularly stealthy Quasar campaign, characterized by strong obfuscation and an innovative anti-sandbox technique.…
137,000 SoftBank Customers Affected by Data Leak from Third-Party Vendor
SoftBank has previously experienced significant data breaches. In 2004, the company confirmed that personal information on 4,517,039 customers had been leaked through two separate cases involving suspects Yuasa and Kimata. This historical incident demonstrates the scale of data security challenges…
Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks
GitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity vulnerabilities that could allow attackers to take over user accounts, inject malicious code, and disrupt services. The new versions—18.0.2, 17.11.4, and 17.10.8 for both Community Edition…
Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity
Microsoft has addressed multiple critical issues affecting Windows Server 2025 domain controllers through its June 2025 Patch Tuesday updates, resolving authentication failures and network connectivity problems that have plagued administrators since April. The fixes come as part of update KB5060842,…
Privilege Escalation in PAN-OS Web Interface Allows Admin Users to Perform Root Actions
Palo Alto Networks disclosed a medium-severity command injection vulnerability on June 11, 2025, designated as CVE-2025-4231, affecting the management web interface of its PAN-OS operating system. The vulnerability enables authenticated administrative users to escalate privileges and execute commands as the…
Command Injection Flaw in Palo Alto PAN-OS Allows Root-Level Code Execution
A newly disclosed command injection vulnerability (CVE-2025-4230) in Palo Alto Networks PAN-OS software enables authenticated administrators to bypass restrictions and execute arbitrary commands with root privileges. With a CVSS v4.0 score of 5.7 (Medium severity), this flaw highlights risks in…
Trend Micro Apex One Zero-Day Vulnerability Enables Attackers to Inject Malicious Code
Trend Micro has issued an urgent security bulletin addressing five critical vulnerabilities in its Apex One endpoint security platform that could allow attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities, assigned CVE identifiers CVE-2025-49154 through…
Cybercriminals Advertise Advanced MaaS Botnet with Blockchain C2 on Hacking Forums
Cybersecurity researchers have uncovered the alleged sale of a sophisticated Malware-as-a-Service (MaaS) botnet that combines legitimate development frameworks with cutting-edge evasion techniques. The threat actor is reportedly offering the complete source code of a botnet that leverages Node.js runtime, blockchain-based…