Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A significant vulnerability has been identified in the Laravel framework, specifically affecting versions between 11.9.0 and 11.35.1. The issue revolves around improper encoding of request parameters on the error page when the application is running in debug mode, leading to…

Read more →

A critical vulnerability identified as CVE-2024-12297 has been discovered in Moxa’s PT series of network switches, affecting multiple models across different product lines. This security flaw involves an authorization logic disclosure that can be exploited to bypass authentication mechanisms, allowing…

Read more →

A collaborative initiative involving Microsoft’s Digital Crimes Unit (DCU), Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) has reported a major drop in the use of unauthorized versions of the cyber tool Cobalt Strike by hackers. Since the…

Read more →

In a stunning case of corporate sabotage, a former software developer for Eaton Corp., Davis Lu, 55, of Houston, has been found guilty by a jury of intentionally damaging the company’s internal computer systems. This malicious act occurred after his…

Read more →

Microsoft recently disclosed a critical vulnerability impacting its debugging tool, WinDbg, and associated .NET packages. Tracked CVE-2025-24043, this flaw allows remote code execution (RCE) due to improper cryptographic signature verification in the SOS debugging extension. According to Github’s Post, Developers…

Read more →

A series of significant security vulnerabilities have been discovered in the Thinkware Dashcam, specifically the F800 Pro model, which could pose serious risks to users’ privacy and security. These issues include unauthorized access to sensitive data, denial of service, and…

Read more →

The Apache Software Foundation has disclosed several vulnerabilities affecting its Traffic Server software. These vulnerabilities allow malicious actors to exploit malformed requests and access control list (ACL) issues, posing serious security risks to users. The vulnerabilities, identified by CVE numbers CVE-2024-38311, CVE-2024-56195, CVE-2024-56196,…

Read more →

A significant vulnerability has been uncovered in the Python JSON Logger package (python-json-logger), affecting versions 3.2.0 and 3.2.1. This flaw, CVE-2025-27607 allows for remote code execution (RCE) due to misusing a missing dependency known as msgspec-python313-pre. The issue gained widespread attention…

Read more →

Commvault has revealed a major vulnerability in its software that could allow malicious actors to gain full control of its webservers. The issue, identified as CV_2025_03_1, has been categorized as a high-severity flaw and impacts multiple versions of the Commvault platform…

Read more →

Penetration testing companies play a vital role in strengthening the cybersecurity defenses of organizations by identifying vulnerabilities in their systems, applications, and networks. These firms simulate real-world cyberattacks to uncover weaknesses that could be exploited by malicious actors, helping businesses…

Read more →

Penetration Testing Companies are pillars of information security; nothing is more important than ensuring your systems and data are safe from unauthorized access. Many organizations have a flawed security culture, with employees motivated to protect their information rather than the…

Read more →

Cybersecurity researchers continue to track sophisticated “Click Fix” style distribution campaigns that deliver the notorious Lumma Stealer malware to unsuspecting victims. These increasingly sophisticated tactics, initially documented by Unit42 researchers Billy Melicher and Nabeel Mohamed, utilize social engineering techniques that…

Read more →

A recent cybersecurity threat has emerged where unknown attackers are exploiting a critical remote code execution (RCE) vulnerability in PHP-CGI on Windows systems. This vulnerability, identified as CVE-2024-4577, allows attackers to execute arbitrary PHP code on servers using Apache with…

Read more →

A recent discovery by the Socket Research Team has unveiled a malicious PyPI package named set-utils, designed to steal Ethereum private keys by exploiting commonly used account creation functions. This package masquerades as a utility for Python sets, mimicking popular…

Read more →

The cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware, a sophisticated infostealer designed to target specific email clients, notably Microsoft Outlook and Mozilla Thunderbird. This malware has been active since late 2022 and has…

Read more →

In a novel and concerning development, multiple U.S. organizations have reported receiving suspicious physical letters claiming to be from the BianLian ransomware group. These letters, sent via U.S. postal services, threaten recipients with data leaks unless substantial ransoms are paid…

Read more →

In a recent alert, Microsoft revealed a large-scale malvertising campaign that has compromised nearly one million devices worldwide. This campaign, which began in early December 2024, leverages malicious redirects from illegal streaming websites to deliver malware hosted on platforms like…

Read more →

In a recent development, Microsoft has identified a new North Korean threat actor known as Moonstone Sleet, which has been employing a combination of traditional and innovative tactics to achieve its financial and cyberespionage objectives. Moonstone Sleet, formerly tracked as…

Read more →

In a recent cybersecurity incident, the Akira ransomware group demonstrated its evolving tactics by exploiting an unsecured webcam to bypass Endpoint Detection and Response (EDR) tools. This novel approach highlights the group’s ability to adapt and evade traditional security measures,…

Read more →

Tax season has become a breeding ground for sophisticated AI-powered scams, with nearly half of Americans reporting fraudulent IRS-related communications, according to McAfee’s 2025 survey. Cybercriminals are leveraging deepfake audio, phishing emails, and spoofed websites to steal identities and funds,…

Read more →