Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

The popular npm package ‘is’, which has about 2.8 million weekly downloads, has been taken over by threat actors in a sophisticated escalation of a phishing effort that was first disclosed last Friday. The attack began with emails spoofing npm’s…

Read more →

Cybersecurity researchers have successfully deployed artificial intelligence-powered honeypots to trick cybercriminals into revealing their attack strategies, demonstrating a promising new approach to threat intelligence gathering. The innovative technique uses large language models (LLMs) to create convincing fake systems that lure…

Read more →

Malware-as-a-service (MaaS) platforms like PhantomOS and Nebula are democratizing Android device attacks because they provide pre-built, subscription-based malware kits for as little as $300 per month, marking a fundamental shift in the cybercrime scene. These services eliminate the need for…

Read more →

The Atomic macOS Stealer (AMOS), a notorious infostealer malware targeting Apple’s macOS ecosystem, has undergone a significant upgrade by incorporating a sophisticated backdoor mechanism that facilitates persistent access and remote command execution on infected systems. This enhancement, detailed in a…

Read more →

Palo Alto Networks’ Unit 42, the cybercrime group tracked as Muddled Libra also known as Scattered Spider or UNC3944 has demonstrated remarkable resilience and adaptation in 2025, following international law enforcement disruptions in late 2024. Despite federal charges against five…

Read more →

Dutch intelligence agencies AIVD and MIVD, alongside Microsoft Threat Intelligence, have identified Laundry Bear also tracked as Void Blizzard as a sophisticated Russian state-sponsored advanced persistent threat (APT) group active since at least April 2024. This actor has focused on…

Read more →

Tea, a women-only dating safety app that allows users to review and share information about men they’ve dated anonymously, has suffered a significant data breach that exposed approximately 72,000 user images, including 13,000 sensitive selfies and photo identification documents submitted…

Read more →

Cybercriminals have reportedly claimed a successful breach of Airpay, an Indian payment gateway service, raising serious concerns about the security of financial data and customer information. The allegations surfaced on underground forums where threat actors are allegedly offering access to…

Read more →

A critical security vulnerability has been discovered in the popular Post SMTP plugin for WordPress, potentially exposing over 400,000 websites to account takeover attacks. The vulnerability, tracked as CVE-2025-24000, affects versions 3.2.0 and below of the plugin, allowing even low-privileged…

Read more →

Unidentified hackers have successfully compromised a critical intelligence website operated by the National Reconnaissance Office, marking a significant security breach affecting the CIA and multiple government agencies. The attack targeted the Acquisition Research Center website, which serves as a crucial…

Read more →

A significant data breach has exposed sensitive information about users of Leakzone, a prominent dark web forum known for trading hacking tools and compromised accounts. Security firm UpGuard discovered an unprotected Elasticsearch database containing approximately 22 million web request records,…

Read more →

A sophisticated new information stealer named SHUYAL was recently discovered by Hybrid Analysis. It has demonstrated extensive capabilities in credential extraction from 19 different web browsers, including popular ones like Google Chrome, Microsoft Edge, Opera, Brave, and Yandex, as well…

Read more →

A critical security vulnerability has been discovered in LG Innotek’s LNV5110R CCTV camera model that could allow remote attackers to gain complete administrative control over affected devices. The vulnerability, designated as CVE-2025-7742, represents a significant authentication bypass flaw that poses…

Read more →

FortiGuard Labs has identified a critical new exploit chain dubbed “ToolShell” that is actively being used by multiple threat actors to target on-premises Microsoft SharePoint servers. This sophisticated attack combines two previously patched vulnerabilities with two fresh zero-day variants to…

Read more →

Salesforce has disclosed a series of critical security vulnerabilities in its Tableau Server platform that could allow attackers to execute remote code and gain unauthorized access to production databases. The vulnerabilities, announced on June 26, 2025, affect multiple versions of…

Read more →

Salesforce has disclosed a series of critical security vulnerabilities in its Tableau Server platform that could allow attackers to execute remote code and gain unauthorized access to production databases. The vulnerabilities, announced on June 26, 2025, affect multiple versions of…

Read more →

Gaming peripheral manufacturer Endgame Gear has disclosed a security incident involving malware-infected software distributed through their official website, affecting users who downloaded the OP1w 4k v2 mouse configuration tool between June 26 and July 9, 2025. The company has issued…

Read more →

Chinese laws requiring vulnerability disclosure to the government create transparency issues and potential conflicts for international cybersecurity efforts. Microsoft is probing whether a leak from its confidential early warning system enabled Chinese state-sponsored hackers to exploit significant flaws in its…

Read more →

Christina Marie Chapman, a 50-year-old Arizona woman, has been sentenced to 102 months in prison for her role in an elaborate fraud scheme that helped North Korean IT workers pose as U.S. citizens to obtain remote positions at over 300…

Read more →

Wiz Research has uncovered an active cryptomining campaign, dubbed Soco404, that exploits misconfigurations in PostgreSQL databases and other cloud services to deploy platform-specific malware on both Linux and Windows systems. This operation, part of a broader crypto-scam infrastructure, leverages opportunistic…

Read more →