Famous Chollima, a DPRK-aligned threat group, has evolved its arsenal, with BeaverTail and OtterCookie increasingly merging functionalities to steal credentials and cryptocurrency via deceptive job offers. A recent campaign involved a trojanized Node.js application distributed through a malicious NPM package,…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
706,000+ BIND 9 DNS Resolvers Exposed to Cache Poisoning – PoC Released
A critical vulnerability affecting more than 706,000 BIND 9 DNS resolvers worldwide has been disclosed with proof-of-concept exploit code now publicly available. The security flaw enables attackers to perform cache poisoning attacks by injecting malicious DNS records into vulnerable resolver…
WhatsApp 0-Click Exploit Disclosed to Meta at Pwn2Own Security Event
Cybersecurity researchers from Team Z3 have withdrawn their planned demonstration of a zero-click remote code execution vulnerability in WhatsApp at the Pwn2Own Ireland 2025 hacking competition, opting instead for private coordinated disclosure to Meta. The high-stakes exploit, which stood to…
Top 10 Best Cloud Workload Protection Platforms (CWPP) in 2025
The cloud landscape in 2025 continues its unprecedented growth, with organizations of all sizes rapidly migrating critical workloads to public, private, and hybrid cloud environments. While cloud providers meticulously secure their underlying infrastructure, the onus of protecting everything within that…
Hackers Use ClickFix Technique to Deploy NetSupport RAT Loaders
Cybercriminals are increasingly using a technique known as “ClickFix” to deploy the NetSupport remote administration tool (RAT) for malicious purposes. According to a new report from eSentire’s Threat Response Unit (TRU), threat actors have shifted their primary delivery strategy from…
Hackers Exploit WordPress Arbitrary Installation Vulnerabilities in the Wild
Cybersecurity firm Wordfence has uncovered a renewed wave of mass exploitation targeting critical vulnerabilities in two popular WordPress plugins, allowing unauthenticated attackers to install malicious software and potentially seize control of websites. The flaws, first disclosed in late 2024, affect…
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Cybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on…
Top 10 Best Cloud Access Security Brokers (CASB) in 2025
The year 2025 marks a new era in enterprise cloud adoption, characterized by a complex tapestry of Software-as-a-Service (SaaS) applications, Infrastructure-as-a-Service (IaaS) platforms, and Platform-as-a-Service (PaaS) offerings. While cloud services deliver unparalleled agility and scalability, they also introduce significant security…
Top 10 Best Cloud Penetration Testing Providers in 2025
The rapid migration to cloud environments – AWS, Azure, and GCP being the dominant players continues unabated in 2025. While cloud providers offer robust underlying infrastructure security, the shared responsibility model dictates that securing everything in the cloud, from configurations…
Top 10 Best Bug Bounty Platforms in 2025
As digital attack surfaces expand with rapid innovation in cloud, AI, and Web3 technologies, organizations increasingly rely on the collective intelligence of ethical hackers to identify vulnerabilities before malicious actors can exploit them. These platforms facilitate a structured, incentivized approach…
Top 10 Best Cloud Security Companies For AWS, Azure And GCP in 2025
Organizations are not just adopting cloud; they are embracing multi-cloud and hybrid strategies as the new norm, distributing workloads across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) to optimize for cost, performance, and resilience. While the…
Top 10 Best Breach And Attack Simulation (BAS) Vendors in 2025
In the rapidly escalating cyber threat landscape of 2025, where attackers are more sophisticated and persistent than ever, a reactive security posture is no longer sufficient. Organizations worldwide are grappling with an expanding attack surface, the proliferation of advanced persistent…
Top 10 Best Digital Forensics And Incident Response (DFIR) Firms in 2025
In 2025, the complexity of cyberattacks demands more than just a quick fix; it requires a deep dive into the digital footprint left by adversaries and a methodical approach to recovery. For organizations facing such threats, partnering with the Best…
Top 10 Best Cyber Threat Intelligence Companies in 2025
Organizations face a relentless onslaught of highly targeted, evasive, and economically motivated cyber threats. To combat this, they are increasingly relying on Cyber Threat Intelligence Companies. To effectively combat this dynamic landscape, simply reacting to incidents is no longer sufficient.…
Top 10 Best Security Operations Center (SOC) as a Service Providers in 2025
In 2025, the digital landscape is more complex and perilous than ever. Organizations face an unrelenting barrage of sophisticated cyber threats, from advanced ransomware campaigns to nation-state-backed attacks. As a result, many are turning to SOC as a Service Providers…
Telegram Messenger Abused by Android Malware to Seize Full Device Control
Security researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X that grants cybercriminals complete control over victims’ accounts and devices. The malware, identified as Android.Backdoor.Baohuo.1.origin, has already infected more than 58,000 devices worldwide, with approximately…
Vault Viper Exploits Online Gambling Websites Using Custom Browser to Install Malicious Program
A major cybersecurity investigation has uncovered a sophisticated criminal operation called Vault Viper that exploits online gambling platforms to distribute a malicious custom browser with remote access capabilities. The threat actor, linked to the Baoying Group and connected to the…
Google Warns of Cybercriminals Using Fake Job Postings to Spread Malware and Steal Credentials
Google’s Threat Intelligence Group (GTIG) has uncovered a sophisticated social engineering campaign orchestrated by financially motivated threat actors based in Vietnam. The ultimate objective is to compromise corporate advertising accounts and steal valuable credentials for resale or direct monetization. The…
New RedTiger Tool Targets Gamers and Discord Accounts in the Wild
Gamers face a growing threat from cybercriminals exploiting popular gaming and communication platforms. A dangerous infostealer called RedTiger is now actively circulating in the wild, specifically designed to steal Discord credentials, gaming accounts, and sensitive financial information from unsuspecting players…
New PDF Tool Detects Malicious Files Using PDF Object Hashing
Proofpoint has released a new open-source tool called PDF Object Hashing that helps security teams detect and track malicious files distributed as PDFs. The tool is now available on GitHub and represents a significant advancement in identifying suspicious documents used…