The scam industry has undergone massive transformations over the past decade. The cliché image of the once-iconic Nigerian prince duping Westerners from a local cybercafé is now obsolete. One of the key drivers fueling the ongoing sha zhu pan (pig…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Google Integrates Gemini Into Gmail, Rolling Out New Capabilities
Google has announced a major upgrade to Gmail, bringing its advanced Gemini AI directly into the email platform. The integration transforms Gmail into a personal, proactive inbox assistant designed to help users manage the ever-increasing volume of emails more efficiently.…
India Remains Top Target for Mobile Attacks as Threats Surge 38%
New Delhi, January 12, 2026 – India has emerged as the world’s top target for mobile attacks yet again, recording a steep 38% year-over-year increase in mobile threats, according to the India findings of the Zscaler ThreatLabz 2025 Mobile, IoT,…
Instagram Confirms No System Breach After External Password Reset Problem
Instagram has dismissed security breach concerns, clarifying that recent unexpected password reset emails were caused by an external party exploiting a now-patched vulnerability rather than a complete system compromise. The social media giant confirmed that a flaw in its systems…
Web3 Dev Environments Hit by Fake Interview Software Scam
Web3 and cryptocurrency developers are facing a new wave of targeted attacks driven not by cold outreach, but by carefully engineered “inbound” traps. Instead of chasing victims through phishing emails or unsolicited Telegram messages, threat actors are now building fake…
Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive Data
A newly disclosed vulnerability in Apache Struts 2’s XWork component could expose sensitive data and open the door to denial‑of‑service and server‑side request forgery (SSRF) attacks if left unpatched. The flaw, tracked as CVE-2025-68493, is rated Important and affects a wide range of…
Cybercriminal Crypto Transactions Surge to 2025 High
Illicit cryptocurrency transactions reached unprecedented levels in 2025 as nation-states weaponized digital assets to evade sanctions, transforming the cybercrime landscape into a geopolitical battleground with record-breaking financial volumes. According to blockchain analysis data, illicit cryptocurrency addresses received at least $154 billion in…
Critical React Router Flaws Could Let Attackers Access or Modify Server Files
A critical vulnerability has been discovered in React Router and Remix that could allow attackers to access or modify sensitive files on web servers. The flaw affects multiple packages and has received a severity rating of Critical with a CVSS score of 8.8/10. Field Details…
ValleyRAT_S2: Stealth Intrusions Aimed at Financial Data Exfiltration
A sophisticated second-stage malware payload known as ValleyRAT_S2 has emerged as a critical threat to organizations across Chinese-speaking regions, including mainland China, Hong Kong, Taiwan, and Southeast Asia. This Remote Access Trojan (RAT), written in C++, is a modular, highly…
Fake Employee Performance Reports Deliver Guloader Malware
Organizations are being warned about a new phishing campaign that weaponizes fake employee performance reports to deploy the Guloader malware and ultimately install Remcos RAT on compromised systems. In the observed cases, threat actors send phishing emails that purport to…
Hacking Group “Everest” Allegedly Claims Nissan Motor Breach
The Everest hacking group has allegedly claimed responsibility for a major cyberattack on Nissan Motor Co., Ltd., one of Japan’s leading automotive manufacturers. According to threat intelligence reports observed on January 10, 2026, the cybercriminal organization claims to have exfiltrated…
Critical InputPlumber Flaw Enables UI Input Injection and Denial-of-Service
Security researchers have discovered critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, that could allow attackers to inject keystrokes, leak sensitive information, and cause denial-of-service conditions. The flaws, tracked as CVE-2025-66005 and CVE-2025-14338, affect InputPlumber versions…
Researchers Uncover 28 Unique IPs and 85 Domains Hosting Carding Markets
Between July and December 2025, cybersecurity firm Team Cymru conducted an extensive analysis of carding infrastructure, revealing a sophisticated network comprising 28 unique IP addresses and 85 domains that actively host illicit carding markets and forums. The research employed technical…
EDRStartupHinder: Blocks Antivirus & EDR at Windows 11 25H2 Startup (Defender Included)
A cybersecurity researcher has unveiled EDRStartupHinder, a proof-of-concept tool that prevents antivirus and endpoint detection and response (EDR) solutions from launching during Windows startup, including Microsoft Defender on Windows 11 25H2. The technique exploits Windows Bindlink API functionality through the bindflt.sys…
Critical zlib Flaw Let Attackers Can Trigger a Buffer Overflow via untgz
A severe buffer overflow vulnerability has been discovered in the zlib untgz utility, affecting version 1.3.1.2, allowing attackers to trigger memory corruption via maliciously crafted command-line arguments. The vulnerability resides in the TGZfname() function, where an unbounded strcpy() call copies…
New “Penguin” Platform Sells Pig-Butchering Kits, PII, and Stolen Accounts
The industrialization of pig butchering scams has reached a critical tipping point. A sprawling Pig Butchering-as-a-Service (PBaaS) economy has emerged across Southeast Asia, offering turnkey scam platforms, stolen identities, pre-registered SIM cards, mobile applications, payment infrastructure, and shell company formation services.…
Massive Instagram Data Breach Exposes Personal Details of 17.5 Million Users
A staggering cybersecurity incident has come to light, with 17.5 million Instagram users’ personal information exposed in a data breach advertised on dark web marketplaces. Cybersecurity firm Malwarebytes first alerted the public via X (formerly Twitter), confirming the leak’s severity…
Cybercriminals Exploit Maduro Arrest News to Spread Backdoor Malware
Cybercriminals are leveraging reports of Venezuelan President Nicolás Maduro’s arrest on January 3, 2025, to distribute backdoor malware through a sophisticated social engineering campaign. Security researchers at Darktrace have uncovered a malicious operation that exploits this high-profile geopolitical event to…
OWASP CRS Vulnerability Enables Charset Validation Bypass
A newly disclosed vulnerability in the OWASP Core Rule Set (CRS) allows attackers to bypass charset validation in web application firewalls (WAFs), enabling dangerous payloads to reach backend applications. Tracked as CVE-2026-21876, the flaw affects CRS rule 922110 and can expose applications to cross-site scripting (XSS) and other…
Best Ways to Learn Everything About Investing in Bitcoin
Bitcoin is a digital asset and a payment system invented by Satoshi Nakamoto. Transactions are verified by network nodes through cryptography and recorded in a public dispersed ledger called a blockchain. Bitcoin is unique in that there is a finite…