Qilin ransomware–an increasingly prolific ransomware-as-a-service (RaaS) operation–has intensified its global extortion campaigns by exploiting a covert network of bulletproof hosting (BPH) providers. These rogue hosting services, often headquartered in secrecy-friendly jurisdictions and operated through labyrinthine shell-company structures, allow Qilin’s operators…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Mysterious Elephant APT Breach: Hackers Infiltrate Organization to Steal Sensitive Data
In a recently uncovered campaign, the Mysterious Elephant advanced persistent threat (APT) group has executed a sophisticated series of intrusions against government and foreign policy agencies across the Asia-Pacific region. The latest operations, active since early 2025, rely on custom-built…
Capita Fined £14 Million After Data Breach Exposes 6.6 Million Users
The UK’s Information Commissioner’s Office has imposed a £14 million penalty on Capita following a major cyber attack in March 2023 that exposed the personal information of 6.6 million people. The fine was split between Capita plc, which received £8…
Critical Samba Flaw Allows Remote Attackers to Execute Arbitrary Code
A newly disclosed vulnerability in Samba’s WINS server hook script enables unauthenticated attackers to run arbitrary commands on affected domain controllers. This critical flaw, tracked as CVE-2025-10230, carries a maximum CVSSv3.1 score of 10.0, reflecting its ease of exploitation and…
Critical Apache ActiveMQ Let Attackers Execute Arbitrary Code
An important security flaw in Apache ActiveMQ’s .NET client library has put developers at risk of remote code execution. The vulnerability, tracked as CVE-2025-54539, exists in the Apache ActiveMQ NMS AMQP Client and can be triggered when the client connects…
CISA Alerts on Adobe Experience Manager Flaw Exploited for Code Execution
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager Forms vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in the wild. The security issue, tracked as CVE-2025-54253, affects…
Windows BitLocker Flaws Allow Attackers to Bypass Encryption Protection
Two newly disclosed vulnerabilities in Microsoft’s BitLocker drive encryption feature could allow attackers to bypass encryption safeguards on Windows systems. Tracked as CVE-2025-55333 and CVE-2025-55338, these flaws involve incomplete comparison logic and configuration weaknesses that may let a local, low-privileged…
New Phishing Technique Targets Users via Basic Auth URLs
Netcraft recently uncovered a suspicious URL targeting GMO Aozora Bank, a Japanese financial institution. The URL leveraged a legacy web technique—Basic Authentication URL formatting—to visually impersonate the bank and deceive customers. This discovery prompted a broader review of phishing activity…
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified as Katz Stealer Loader for its role in deploying the Katz…
Malicious Ivanti VPN Client Sites in Google Search Deliver Malware — Users Warned
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign that exploits search engine optimization (SEO) poisoning to distribute a trojanized version of the Ivanti Pulse Secure VPN client, targeting unsuspecting users seeking legitimate software downloads. The Zscaler Threat Hunting…
NightMARE: A Python Library for Advanced Malware Analysis and Threat Intelligence Extraction
Elastic Security Labs has officially released nightMARE version 0.16, a comprehensive Python library designed to streamline malware analysis and reverse engineering workflows. The open-source tool consolidates multiple analysis capabilities into a single framework, enabling security researchers to extract configuration data…
Cisco SNMP Vulnerability Actively Exploited to Install Linux Rootkits
Cybersecurity researchers at Trend Micro have discovered an active attack campaign dubbed “Operation Zero Disco” that exploits a critical vulnerability in Cisco’s Simple Network Management Protocol (SNMP) implementation. The vulnerability, tracked as CVE-2025-20352, allows threat actors to execute remote code…
Microsoft’s October 2025 Patches Disrupt Active Directory Sync on Server 2025 Systems
Microsoft has confirmed a critical issue affecting Windows Server 2025 systems following the installation of October 2025 security updates. The problem disrupts Active Directory directory synchronization, specifically impacting organizations managing large security groups with more than 10,000 members. Directory Sync…
New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely
Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed “Maverick.” The threat has already blocked over 62,000 infection attempts in Brazil during the first 10 days of October alone,…
Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates
Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the cybercriminals had used to sign fake Microsoft Teams installation files, which…
Hackers Breach F5 and Stole BIG-IP Source Code and Undisclosed Vulnerability Data
F5 Networks confirmed that a sophisticated nation-state threat actor infiltrated its systems, exfiltrating proprietary BIG-IP source code and confidential vulnerability information. The incident, which began in August 2025, targeted F5’s product development and engineering knowledge platforms, prompting an immediate response…
BlackSuit Ransomware Breaches Corporate Network Using Single Compromised VPN Credential
A major manufacturing company fell victim to a swift and devastating ransomware attack after threat actors gained access using just one set of stolen VPN credentials. The attack, carried out by the cybercrime group Ignoble Scorpius, culminated in widespread encryption…
Windows Agere Modem Driver 0-Day Exploited in Active Privilege Escalation Attacks
A newly discovered zero-day vulnerability in the Windows Agere Modem driver has been actively exploited by threat actors to elevate privileges on affected systems. Tracked as CVE-2025-24052 and CVE-2025-24990, these flaws allow a low-privileged user to gain full system control…
CISA Alerts on Rapid7 Velociraptor Flaw Exploited in Ransomware Campaigns
The Cybersecurity and Infrastructure Security Agency has added a critical vulnerability in Rapid7 Velociraptor to its Known Exploited Vulnerabilities catalogue, warning that threat actors are actively exploiting the flaw in ransomware attacks. The vulnerability, tracked as CVE-2025-6264, was added to…
Microsoft IIS Exploit Allows Unauthenticated Attackers to Run Arbitrary Code
A serious security flaw has been discovered in Microsoft’s Internet Information Services (IIS) that lets attackers run arbitrary code without logging in. The vulnerability affects the IIS Inbox COM Objects and stems from improper handling of shared memory and objects…