Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

The holiday season has always been a magnet for increased online activity, but 2025 marks a new high-water mark in cybercrime intensity. FortiGuard Labs’ latest research spotlights a dramatic surge in the volume and sophistication of attacks targeting retailers, e-commerce…

Read more →

Black Friday is supposed to be chaotic, sure, but not this chaotic. Amid genuine doorbusters and flash sales, a large-scale, highly polished scam campaign is hijacking web traffic and pushing shoppers to fake “survey reward” pages impersonating dozens of major…

Read more →

A new open-source tool called KawaiiGPT has surfaced on GitHub, positioning itself as a “cute” but unrestricted version of artificial intelligence. Developed by a user known as MrSanZz (along with contributors Shoukaku07 and FlamabyX5), the project is attracting attention for offering a…

Read more →

The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham Council confirmed they were targeted in the incident that began on Monday, November 24. The attack has forced officials to shut down systems as a…

Read more →

Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from running during user logins. The update is designed to stop unauthorized or injected code from executing on the login page.…

Read more →

ReliaQuest’s Threat Research team has uncovered a significant new campaign from the notorious threat collective “Scattered Lapsus$ Hunters,” this time targeting users and organizations that leverage the widely adopted customer support platform Zendesk. The investigation revealed more than 40 typosquatted…

Read more →

GitLab’s security team has discovered a severe, ongoing attack spreading dangerous malware through npm, the world’s most extensive code library. The malware uses an alarming “dead man’s switch,” a self-destruct trigger that threatens to erase user data if the attack…

Read more →

A sophisticated cyber intimidation campaign by the Handala hacker group has targeted Israeli high-tech and aerospace professionals, publishing their personal information alongside aggressive, misleading descriptions that falsely label them as criminals. Security researchers monitoring dark web activity discovered the publication,…

Read more →

A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affects all versions of SkyWalking up to 10.2.0. CVE…

Read more →

OpenAI has publicly disclosed a security incident involving a data breach at Mixpanel, a third-party analytics provider previously used by the company for monitoring usage on its API platform. The breach exposed limited but sensitive user information, including names, email…

Read more →

Security researchers at Socket have uncovered a deceptive Chrome extension called Crypto Copilot that masquerades as a legitimate Solana trading tool while secretly siphoning SOL from users’ swap transactions. The malicious extension, published on June 18, 2024, extracts undisclosed fees…

Read more →

The telecommunications & media sector stands at the epicenter of a relentless cyber onslaught, as evidenced by CYFIRMA’s latest quarterly industry report. Leveraging telemetry-driven intelligence and deep-dive threat research. The report unveils alarming trends in advanced attack campaigns, surging underground…

Read more →

In a significant escalation of cyber threats, Arctic Wolf Labs has identified a coordinated campaign in which the Russian-aligned RomCom threat group leverages the SocGholish malware to target a U.S.-based engineering firm with suspected ties to Ukraine. This marks the…

Read more →

A cybercriminal operating under the alias ByteToBreach has emerged as a prominent figure in the underground data trade, orchestrating a series of high-profile breaches targeting critical sectors worldwide. Active since at least June 2025, ByteToBreach has leveraged a blend of…

Read more →

Security researchers at watchTowr Labs uncovered a massive leak of sensitive credentials after scanning popular online JSON formatting tools. Developers and administrators have been pasting passwords, API keys, database credentials, and personally identifiable information (PII) into sites like jsonformatter.org and…

Read more →

The Tor Project has begun replacing its legacy relay encryption system, known as tor1, with a modern design called Counter Galois Onion (CGO). This upgrade targets key weaknesses in Tor’s circuit traffic protection, enhancing anonymity for users worldwide.​ Tor routes…

Read more →

North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview…

Read more →

The global gaming community is reeling after Bitdefender Labs revealed widespread malware operations exploiting the blockbuster launch of Electronic Arts’ Battlefield 6, a first-person shooter developed by DICE and released in October. As one of the year’s most anticipated titles,…

Read more →

Security researchers at Cato CTRL have uncovered HashJack. This innovative indirect prompt-injection attack hides harmful commands in the fragment portion of URLs after the “#” symbol. This technique turns trusted websites into weapons against AI browser assistants like Perplexity’s Comet,…

Read more →

Water Gamayun, a Russia‑aligned advanced persistent threat (APT) group, has launched a new multi‑stage intrusion campaign that weaponizes the recently disclosed MSC EvilTwin vulnerability in Windows Microsoft Management Console (MMC). Leveraging a blend of compromised infrastructure, social engineering, and heavily…

Read more →