Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users. The flaw, tracked as CVE-2025-41115 with a CVSS score of 10.0 (Critical), affects Grafana…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Emerging Ransomware Variants Exploit Amazon S3 Misconfigurations
Ransomware is shifting from traditional systems to cloud environments, fundamentally redefining its impact on cloud-native data. As organizations increasingly migrate to cloud platforms, threat actors are adapting their tactics moving away from traditional encryption-based malware to exploit the unique architecture…
CISA Alerts Users to Active Attacks on Chrome 0-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223, resides in Google Chromium’s V8 JavaScript…
Sturnus Malware Hijacks Signal and WhatsApp, Taking Full Device Control
MTI Security researchers have uncovered a new, particularly advanced Android banking trojan, dubbed Sturnus, that targets users’ financial and personal data with an unprecedented level of device control and operational stealth. Distinct from conventional mobile malware, Sturnus not only supports…
Samourai Wallet Founders Jailed for $237M Crypto Laundering
The co-founders of Samourai Wallet, a cryptocurrency mixing service that facilitated over $237 million in illegal transactions, have been sentenced to prison following their conviction on money laundering and conspiracy charges. Keonne Rodriguez, 37, the Chief Executive Officer, received a…
Tsundere Botnet Targets Windows, Linux & macOS via Node.js Packages
A Russian-speaking threat actor attributed to the username “koneko” has resurfaced with a sophisticated new botnet named Tsundere, discovered by Kaspersky GReAT around mid-2025. This marks a significant evolution from a previous supply chain campaign that targeted Node.js developers in…
Chinese APT Group Exploits DLL Sideloading to Breach Government and Media Targets
A China-nexus advanced persistent threat (APT) group has been conducting a sustained espionage campaign targeting government and media sectors across Southeast Asia, leveraging sophisticated DLL sideloading techniques as a primary attack vector. The threat actor, tracked as Autumn Dragon, has targeted…
Hackers Launch 2.3 Million Attacks on Palo Alto GlobalProtect VPN Portals
Security researchers at GreyNoise have uncovered a massive spike in cyberattacks targeting Palo Alto Networks GlobalProtect VPN systems. The assault began on November 14, 2025, and quickly escalated into a coordinated campaign striking millions of login portals worldwide. Massive Attack…
The Rise of Hybrid Threat Actors: Digital Meets Physical
The distinction between cyber warfare and traditional military operations is disappearing. Recent investigations by Amazon threat intelligence teams have identified a troubling trend: cyber-enabled kinetic targeting, in which nation-state actors systematically leverage cyber operations to enable and enhance physical military…
The Rise of AI-Enhanced Cyber Scams: How GenAI Empowers Criminals
Generative artificial intelligence has fundamentally transformed the landscape of cybercriminal operations by eliminating what was once a critical barrier to entry: the quality of the scam itself. Where scammers previously relied on obvious spelling mistakes, grammatically incorrect text, and amateurish…
Critical Twonky Server Flaws Let Hackers Bypass Login Protection
Twonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to steal administrator credentials and take complete control of the media server. Security researchers at Rapid7 discovered that an attacker can leak encrypted admin passwords through…
Microsoft Adds Azure Firewall With AI-Powered Security Copilot
Microsoft has integrated Azure Firewall with its AI-powered Security Copilot platform, bringing natural language threat investigation capabilities to cloud network security teams. The new integration allows security analysts to investigate malicious network traffic using conversational prompts instead of complex query…
Critical SolarWinds Serv-U Flaws Allow Remote Admin-Level Code Execution
SolarWinds has released an urgent security update for its Serv-U file transfer software, patching three critical vulnerabilities that could enable attackers with administrative access to execute remote code on affected systems. The flaws, all rated 9.1 on the CVSS severity…
New npm Malware Campaign Checks If Visitor Is a Victim or Researcher Before Initiating Infection
The Socket Threat Research Team has uncovered a sophisticated npm malware campaign orchestrated by the threat actor dino_reborn, who deployed 7 malicious packages designed to distinguish genuine targets from security researchers before executing their payloads. This nuanced approach represents a…
New FortiWeb 0-Day Code Execution Flaw Actively Exploited
Fortinet has disclosed a critical OS command injection vulnerability affecting multiple versions of FortiWeb that is currently being exploited in the wild. The flaw, tracked as CVE-2025-58034, allows authenticated attackers to execute unauthorized code on vulnerable systems through specially crafted…
New ShadowRay Exploit Targets Vulnerability in Ray AI Framework to Attack AI Systems
Oligo Security researchers have uncovered an active global hacking campaign that leverages artificial intelligence to attack AI infrastructure. The operation, dubbed ShadowRay 2.0, exploits a known yet disputed vulnerability in Ray an open-source framework powering numerous AI systems worldwide to…
Chrome Zero-Day Type Confusion Flaw Actively Exploited in the Wild
Google has released an urgent security update for its Chrome browser to address a critical zero-day vulnerability actively exploited by threat actors. The flaw, tracked as CVE-2025-13223, affects the V8 JavaScript engine and poses a significant risk to millions of Chrome…
Mapping Remcos RAT C2 Activity and Associated Communication Ports
Remcos, a commercial remote access tool distributed by Breaking-Security and marketed as “Remote Administration Software,” continues to pose a significant threat to organizations worldwide. Despite its administrative positioning, the tool’s capabilities are routinely weaponized for unauthorized access and data theft,…
Imunify AI-Bolit Flaw Allows Arbitrary Code Execution and Root Privilege Escalation
A critical vulnerability was discovered in the AI-Bolit component of Imunify security products, raising concerns across the web hosting and Linux server communities. This flaw could let attackers execute arbitrary code and escalate their privileges to root, risking the integrity…
Threat Actors Use Compromised RDP to Deploy Lynx Ransomware After Deleting Backups
A sophisticated threat actor has orchestrated a multi-stage ransomware attack spanning nine days, leveraging compromised Remote Desktop Protocol (RDP) credentials to infiltrate a corporate network, exfiltrate sensitive data, and deploy Lynx ransomware across critical infrastructure. The attack initiated with a…