Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

OpenAI has announced major updates to its cybersecurity initiatives. The company is expanding its Security Bug Bounty Program, increasing the maximum reward for critical vulnerability reports to $100,000, up from $20,000 previously. This enhanced program aims to attract top security…

Read more →

A significant security threat has been uncovered in Exim, a popular open-source mail transfer agent (MTA) widely used in Linux distributions. Identified as CVE-2025-30232, this vulnerability allows for a potentially severe form of exploitation known as a use-after-free (UAF). This…

Read more →

Law enforcement agencies have successfully dismantled a clandestine communication platform known as “Ghost,” which was used by cybercriminals to coordinate illicit activities. This significant crackdown resulted in the arrest of 12 key suspects, marking a major victory in the fight…

Read more →

A severe vulnerability in Splunk Enterprise and Splunk Cloud Platform has been identified, allowing for Remote Code Execution (RCE) via file uploads. This exploit can be triggered by a low-privileged user, highlighting significant security risks for affected organizations. Vulnerability Overview:…

Read more →

A Pakistan-based Advanced Persistent Threat (APT) group, likely APT36, has launched a multi-platform cyberattack campaign targeting Indian users through a fraudulent website impersonating the Indian Post Office. The attack, discovered by CYFIRMA researchers, exploits both Windows and Android vulnerabilities, demonstrating…

Read more →

In a significant escalation of illicit activities, B1ack’s Stash, a notorious dark web carding marketplace, has announced plans to release an additional 4 million stolen credit card records for free. This move is part of a broader strategy to attract…

Read more →

Security researchers Dylan Tran and Jimmy Bayne have unveiled a new fileless lateral movement technique that exploits trapped Component Object Model (COM) objects in Windows systems. This method, based on research by James Forshaw of Google Project Zero, allows attackers…

Read more →

In a concerning development for cybersecurity professionals, threat actors are increasingly utilizing a powerful tool called Atlantis AIO to automate and scale credential stuffing attacks across more than 140 platforms. This multi-checker tool, designed to exploit stolen user credentials, has…

Read more →

A new malware strain called IOCONTROL has emerged, posing a significant threat to Internet of Things (IoT) devices and operational technology (OT) systems, particularly those in critical infrastructure. First observed in December 2024, IOCONTROL is allegedly created by the anti-Israeli…

Read more →

Nozomi Networks Labs has uncovered four severe vulnerabilities in the Inaba Denki Sangyo Co., Ltd. IB-MCT001, a camera widely used in Japanese production plants for recording production stoppages. These security flaws, which remain unpatched, pose significant risks to industrial environments,…

Read more →

A new wave of cyberattacks is targeting YouTube creators, leveraging fake brand collaboration offers to distribute malware. Cybersecurity firm CloudSEK has uncovered a sophisticated phishing campaign that employs the “Clickflix” technique to deceive content creators and compromise their systems. The…

Read more →

Trend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework. The vulnerability, dubbed MSC EvilTwin (CVE-2025-26633), allows attackers to execute malicious code on infected machines.…

Read more →

Both CrushFTP, a popular file transfer technology, and Next.js, a widely used React framework for building web applications, have come under scrutiny due to significant vulnerabilities. Rapid7 has highlighted these issues, emphasizing their potential impact on data security and unauthorized…

Read more →

Cloudflare experienced a significant service outage that affected several of its key offerings, including R2 object storage, Cache Reserve, Images, Log Delivery, Stream, and Vectorize. The incident, which lasted 1 hour and 7 minutes, was traced back to a faulty…

Read more →

Users of the Veeam Backup Server have encountered a significant issue following the Windows 11 24H2 update. Specifically, the update has disrupted the connection between Veeam Recovery Media and the Veeam Backup Server. This problem affects users who have created…

Read more →

Researchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab, specifically targeting industrial systems associated with ORPAK, a company involved in gas stations and oil transportation. The malware, which was uploaded to VirusTotal in January 2024 from the…

Read more →

In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and…

Read more →

A recent snag in Google’s Chrome distribution process has left Windows users unable to install the browser on their Intel and AMD systems. The issue, first reported by Windows Latest on March 25, arises when users attempt to run the ChromeSetup.exe file,…

Read more →

In a significant development, cybersecurity firm Silent Push has identified nearly 200 unique command and control (C2) domains associated with the Raspberry Robin malware. This discovery sheds new light on the infrastructure used by this sophisticated threat actor group, which…

Read more →

A critical vulnerability has been identified in NetApp’s SnapCenter Server, affecting versions before 6.0.1P1 and 6.1P1. This flaw allows an authenticated SnapCenter Server user to potentially escalate their privileges to admin on remote systems where SnapCenter plug-ins are installed. The…

Read more →