A malicious Android application, Finance Simplified (package: com.someca.count), has been identified on the Google Play Store, targeting Indian users under the guise of a financial management tool. The app, which claims to offer an EMI calculator, is instead a sophisticated…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Smart Bed Security Flaw Lets Hackers Access Other Network Devices
A security researcher has uncovered critical vulnerabilities in Eight Sleep’s internet-connected smart beds, revealing exposed Amazon Web Services (AWS) credentials, remote SSH backdoors, and potential access to users’ entire home networks. The findings underscore growing concerns about IoT device security…
Apple Removes Advanced Data Protection (ADP) for UK Users
Apple has discontinued its Advanced Data Protection (ADP) feature for UK users following a legal demand from the British government to access encrypted user data. The move marks a pivotal moment in the ongoing global debate over privacy rights and…
Wireshark 4.4.4 Released – Explore the Latest Features!
The Wireshark Foundation has announced the release of Wireshark 4.4.4, the latest iteration of the world’s most widely used network protocol analyzer. This update focuses on enhancing stability, refining protocol dissectors, and addressing critical security vulnerabilities, cementing Wireshark’s position as…
Stablecoin Bank Hit by Cyberattack, Loses $49.5M to Hackers
The cryptocurrency sector faced one of its most significant security breaches this year as stablecoin banking platform @0xinfini fell victim to a sophisticated cyberattack. Hackers drained 49.5 million USD Coin ($USDC) from the platform’s reserves, triggering immediate market turbulence and…
LockBit Ransomware Strikes: Exploiting a Confluence Vulnerability
In a swift and highly coordinated attack, LockBit ransomware operators exploited a critical remote code execution vulnerability (CVE-2023-22527) in Atlassian Confluence servers, targeting an exposed Windows server. This vulnerability, rated CVSS 10.0, enabled unauthenticated attackers to execute arbitrary commands by…
GhostSocks Malware Uses SOCKS5 Proxy to Evade Detection Systems
GhostSocks, a Golang-based SOCKS5 backconnect proxy malware, has emerged as a significant threat within the cybercrime ecosystem. First identified in October 2023 on Russian-language forums, its distribution expanded to English-speaking criminal platforms by mid-2024. This malware operates as part of…
Fake ChatGPT Premium Phishing Scam Spreads to Steal User Credentials
A sophisticated phishing campaign impersonating OpenAI’s ChatGPT Premium subscription service has surged globally, targeting users with fraudulent payment requests to steal credentials. Cybersecurity firm Symantec recently identified emails spoofing ChatGPT’s branding, urging recipients to renew a fictional $24 monthly subscription.…
Parallels Desktop 0-Day Exploit Enables Root Privileges – PoC Released
A critical zero-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed after seven months of unresolved reporting, enabling attackers to escalate privileges to the root level on macOS systems. The proof-of-concept (PoC) exploit code demonstrates two distinct bypass…
Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL
A newly disclosed vulnerability in the Exim mail transfer agent (CVE-2025-26794) has sent shockwaves through the cybersecurity community, revealing a critical SQL injection flaw that enables attackers to compromise email systems and manipulate underlying databases. The vulnerability, confirmed in Exim…
Biggest Crypto Hack in History – Hackers Stolen $1.46 Billion Worth Crypto From Bybit
In what has become the largest cryptocurrency theft in history, hackers infiltrated Bybit’s Ethereum cold wallet on February 21, 2025, siphoning approximately 401,346 ETH valued at $1.46 billion. The breach, attributed to North Korea’s Lazarus Group, exploited vulnerabilities in Bybit’s…
PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability
Security researchers have disclosed critical details about CVE-2025-20029, a command injection vulnerability in F5’s BIG-IP Traffic Management Shell (TMSH) command-line interface. The flaw enables authenticated attackers with low privileges to bypass security restrictions, execute arbitrary commands, and gain root-level access to vulnerable systems.…
Google Introduces Quantum-Safe Digital Signatures in Cloud KMS
Google Cloud has unveiled a critical cybersecurity upgrade: quantum-safe digital signatures via its Key Management Service (Cloud KMS), now available in preview. This move aligns with the National Institute of Standards and Technology’s (NIST) 2024 post-quantum cryptography (PQC) standards, offering developers tools…
New Zhong Stealer Malware Exploit Zendesk to Attack Fintech and Cryptocurrency
A newly identified malware, dubbed Zhong Stealer, has emerged as a significant threat to the fintech and cryptocurrency sectors. Any.run researchers discovered zhong malware during a phishing campaign between December 20 and 24, 2024, the malware exploits customer support platforms…
SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix
In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer overflow vulnerability CVE-2025-0282 in Ivanti Connect Secure, as confirmed by JPCERT/CC. This vulnerability, disclosed in January 2025, had already been actively exploited since late December 2024,…
ACRStealer Malware Abuses Google Docs as C2 to Steal Login Credentials
The ACRStealer malware, an infostealer disguised as illegal software such as cracks and keygens, has seen a significant increase in its distribution since the beginning of 2025. Initially distributed in limited volumes in mid-2024, this malware has now gained traction,…
NSA Allegedly Hacked Northwestern Polytechnical University, China Claims
Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a cyberattack on Northwestern Polytechnical University, a prominent Chinese institution specializing in aerospace and defense research. The allegations, published by organizations such as Qihoo 360 and the…
Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key
A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing attackers to extract private keys used for signing SAML authentication requests. The flaw, tracked as CVE-2022-35202, stems from the use of a Java keystore accessible via…
Critical UniFi Protect Camera Vulnerability Enables Remote Code Execution Attacks
Ubiquiti Networks has issued an urgent security advisory (Bulletin 046) warning of multiple critical vulnerabilities in its UniFi Protect camera ecosystem, including a high-severity remote code execution (RCE) flaw that could allow attackers to hijack devices and infiltrate network infrastructure.…
Nagios XI Flaw Exposes User Details and Emails to Unauthenticated Attackers”
A security vulnerability in Nagios XI 2024R1.2.2, tracked as CVE-2024-54961, has been disclosed, allowing unauthenticated attackers to retrieve sensitive user information, including usernames and email addresses, from the network monitoring platform. This high-severity flaw (CVSSv3 score: 6.5) exposes organizations to…