Security researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Airstalk Malware Exploits AirWatch MDM for Covert C2 Communication
Security researchers have identified a sophisticated new malware family, Airstalk, that exploits VMware’s AirWatch API—now known as Workspace ONE Unified Endpoint Management—to establish covert command-and-control channels. The discovery represents a significant threat to evolution, with both PowerShell and .NET variants…
Cisco UCCX Vulnerabilities Allow Remote Attackers to Execute Arbitrary Code
Cisco has issued a critical security advisory addressing two severe vulnerabilities in its Unified Contact Center Express (CCX) platform that could enable remote attackers to execute arbitrary commands and gain unauthorized system access. The vulnerabilities, published on November 5, 2025,…
Checkpoint Analysis: Dissecting the $128M Balancer Pool Drain in Under 30 Minutes
In the early hours of November 3, 2025, Check Point Research’s blockchain threat monitoring systems flagged a suspicious pattern on the Ethereum mainnet. The alert stemmed from Balancer V2’s Vault contract, which soon revealed one of the most devastating DeFi…
Multiple Django Flaws Could Allow SQL Injection and Denial-of-Service Attacks
The Django development team has released critical security patches addressing two significant vulnerabilities that could expose applications to denial-of-service attacks and SQL injection exploits. The security releases for Django 5.2.8, 5.1.14, and 4.2.26 were published on November 5, 2025, in…
ValleyRAT Campaign Targets Windows via WeChat and DingTalk
A sophisticated Windows remote-access trojan known as ValleyRAT has emerged as a high-confidence indicator of targeted intrusions against Chinese-language users and organizations. ValleyRAT’s operational model relies on a carefully orchestrated delivery chain comprising four distinct components: the downloader, loader, injector,…
Authorities Dismantle Large-Scale Credit Card Fraud Scheme Affecting 4.3 Million Users
Authorities across nine countries executed a coordinated crackdown on one of the largest credit card fraud networks ever dismantled. Operation Chargeback, led by German prosecutors and the Bundeskriminalamt, brought down criminal organizations responsible for defrauding over 4.3 million cardholders globally.…
EndClient RAT Leverages Compromised Code-Signing to Slip Past Antivirus
A sophisticated Remote Access Trojan (RAT) is actively targeting North Korean Human Rights Defenders (HRDs) through a campaign leveraging stolen code-signing certificates to evade antivirus detection. The newly discovered “EndClient RAT,” delivered via a malicious Microsoft Installer package disguised as…
Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks
Cybersecurity researchers at Google Threat Intelligence Group (GTIG) have identified a significant shift in how threat actors are leveraging artificial intelligence in their operations. The discovery of experimental malware called PROMPTFLUX marks a watershed moment in cyber threats, demonstrating that…
Google Issues Emergency Chrome Update to Fix Critical RCE Flaw
Google has released an emergency security update for Chrome across all platforms, rolling out version 142.0.7444.134 and 142.0.7444.135 to address five critical and medium-severity vulnerabilities. The update addresses urgent security concerns identified in the browser’s WebGPU implementation and other core…
Hyundai AutoEver Confirms Data Breach Exposing Personal Data, Including SSNs and License Info
Hyundai AutoEver America, LLC has formally confirmed a significant data breach that compromised sensitive customer information. The automotive software provider disclosed the incident through official breach notification letters sent to affected individuals, revealing that attackers gained unauthorized access to names,…
HackedGPT: New Vulnerabilities in GPT Models Allow Attackers to Launch 0-Click Attacks
Cybersecurity researchers at Tenable have uncovered a series of critical vulnerabilities in OpenAI’s ChatGPT that could allow malicious actors to steal private user data and launch attacks without any user interaction. The security flaws affect hundreds of millions of users…
Gootloader Returns with a New ZIP File Tactic to Conceal Malicious Payloads
Cybersecurity researchers have discovered a resurgent Gootloader malware campaign employing sophisticated new evasion techniques that exploit ZIP archive manipulation to evade detection and analysis. Credit for uncovering this latest threat goes to security researcher RussianPanda and the team at Huntress,…
Clop Ransomware Group Exploits New 0-Day Vulnerabilities in Active Attacks
The Clop ransomware group continues to pose a significant threat to enterprise organizations worldwide, with recent analysis revealing their exploitation of a critical zero-day vulnerability in Oracle E-Business Suite. Operating since early 2019, Clop has established itself as one of…
Microsoft Issues Alert: BitLocker Recovery Risk After October 2025 Updates
Microsoft has issued an urgent advisory for Windows users, confirming that a recent set of security updates released after October 14, 2025 may cause certain systems to boot into the BitLocker recovery screen upon restart. The issue, currently under active…
Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs
Cybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app…
Three Infamous Hacker Groups Join Forces as the ‘Scattered LAPSUS$ Hunters
The cybercriminal underground has witnessed a significant consolidation as three of the most notorious threat actors Scattered Spider, ShinyHunters, and LAPSUS$ have formally aligned to create the Scattered LAPSUS$ Hunters (SLH), a federated collective that emerged in early August 2025.…
Google Warns: AI Makes Cyber Threats Faster and Smarter by 2026
Google has released its Cybersecurity Forecast 2026 report, providing a comprehensive analysis of emerging threats and security trends anticipated throughout the coming year. Rather than relying on speculation, the report is grounded in real-world data and insights gathered from Google…
CISA Issues Alert on Gladinet CentreStack and Triofox Vulnerabilities Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Gladinet CentreStack and Triofox to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The flaw, tracked as CVE-2025-11371, exposes sensitive system files to unauthorized…
APT-C-60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the…