Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A new wave of cyberattacks is targeting YouTube creators, leveraging fake brand collaboration offers to distribute malware. Cybersecurity firm CloudSEK has uncovered a sophisticated phishing campaign that employs the “Clickflix” technique to deceive content creators and compromise their systems. The…

Read more →

Trend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework. The vulnerability, dubbed MSC EvilTwin (CVE-2025-26633), allows attackers to execute malicious code on infected machines.…

Read more →

Both CrushFTP, a popular file transfer technology, and Next.js, a widely used React framework for building web applications, have come under scrutiny due to significant vulnerabilities. Rapid7 has highlighted these issues, emphasizing their potential impact on data security and unauthorized…

Read more →

Cloudflare experienced a significant service outage that affected several of its key offerings, including R2 object storage, Cache Reserve, Images, Log Delivery, Stream, and Vectorize. The incident, which lasted 1 hour and 7 minutes, was traced back to a faulty…

Read more →

Users of the Veeam Backup Server have encountered a significant issue following the Windows 11 24H2 update. Specifically, the update has disrupted the connection between Veeam Recovery Media and the Veeam Backup Server. This problem affects users who have created…

Read more →

Researchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab, specifically targeting industrial systems associated with ORPAK, a company involved in gas stations and oil transportation. The malware, which was uploaded to VirusTotal in January 2024 from the…

Read more →

In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and…

Read more →

A recent snag in Google’s Chrome distribution process has left Windows users unable to install the browser on their Intel and AMD systems. The issue, first reported by Windows Latest on March 25, arises when users attempt to run the ChromeSetup.exe file,…

Read more →

In a significant development, cybersecurity firm Silent Push has identified nearly 200 unique command and control (C2) domains associated with the Raspberry Robin malware. This discovery sheds new light on the infrastructure used by this sophisticated threat actor group, which…

Read more →

A critical vulnerability has been identified in NetApp’s SnapCenter Server, affecting versions before 6.0.1P1 and 6.1P1. This flaw allows an authenticated SnapCenter Server user to potentially escalate their privileges to admin on remote systems where SnapCenter plug-ins are installed. The…

Read more →

Security researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as “Black Banshee.” The group, active since at least 2012, has been observed employing advanced tactics and malicious scripts in their latest…

Read more →

A recent investigation has revealed that several Clevo-based devices are vulnerable due to a leak of Boot Guard private keys. This vulnerability was first reported on the Win-Raid forum and involves firmware updates containing sensitive Boot Guard Key Manifest (KM)…

Read more →

The cybersecurity world has been abuzz with reports of widespread reboots affecting DrayTek routers across the globe. While the exact cause of these reboots remains largely unconfirmed, GreyNoise has brought to light significant in-the-wild exploitation of several known vulnerabilities in…

Read more →

A recent analysis by Rhino Security Labs has uncovered a series of critical vulnerabilities in the Appsmith developer tool, a platform used for building internal applications such as dashboards and customer support tools. The most severe of these vulnerabilities is…

Read more →

Google has released an urgent update for its Chrome browser to patch a zero-day vulnerability known as CVE-2025-2783. This vulnerability has been actively exploited in targeted attacks, utilizing sophisticated malware to bypass Chrome’s sandbox protections.  The update, version 134.0.6998.177 for…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) released four significant Industrial Control Systems (ICS) advisories, drawing attention to potential security risks and vulnerabilities affecting various industrial control equipment. These advisories underscore the imperative for prompt action to mitigate these threats,…

Read more →

A new zero-day vulnerability has been discovered in Windows, impacting all versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into…

Read more →

The cybersecurity landscape in 2024 witnessed a significant escalation in AI-related threats, with malicious actors increasingly targeting and exploiting large language models (LLMs). According to KELA’s annual “State of Cybercrime” report, discussions about exploiting popular LLMs such as ChatGPT, Copilot,…

Read more →

In the second half of 2024, cybercriminals have increasingly leveraged legitimate Microsoft tools and browser extensions to bypass security measures and deliver malware, according to Ontinue’s latest Threat Intelligence Report. Threat actors are exploiting built-in Microsoft features like Quick Assist…

Read more →

A sophisticated phishing campaign, recently identified by LayerX Labs, has shifted its focus from Windows users to Mac users in response to enhanced security measures implemented by major browsers. Initially, this campaign targeted Windows users by masquerading as Microsoft security…

Read more →