Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code on victims’ computers. The flaw, tracked as CVE-2025-11756, affects Chrome’s Safe Browsing feature and has…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code
Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws could allow authenticated domain users to run malicious code on backup servers and infrastructure hosts.…
FortiOS CLI Bypass Flaw Lets Attackers Run Arbitrary System Commands
Fortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing command line interface restrictions. The flaw, tracked as CVE-2025-58325, was discovered internally by Fortinet’s PSIRT…
TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions
Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, and 498-00), this sophisticated campaign deploys extensions that steal source code, mine cryptocurrency, and establish…
FortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass Authentication
Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks. The vulnerability, tracked as CVE-2025-49201, was internally discovered by Gwendal Guégniaud of the Fortinet Product Security team…
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors—WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites—to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection…
Chinese Hackers Use Geo-Mapping Tool for Year-Long Persistence
The China-backed advanced persistent threat group Flax Typhoon maintained year-long access to an ArcGIS system by turning trusted software into a persistent backdoor—an attack so unique it prompted the vendor to update its documentation. The attackers repurposed a legitimate Java…
End of Support for Windows 10 Sparks Security Fears Among Millions of Users
Microsoft officially ended support for Windows 10 on October 14, 2025, leaving millions of users worldwide facing critical security concerns. The decision marks the end of regular technical assistance, feature updates, and security patches for one of the most widely…
Hackers Exploit Windows Remote Access Connection Manager 0-Day in Ongoing Attacks
Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October 14, 2025, allows attackers with limited system access to escalate their privileges to the…
Pixnapping Attack Hijacks Google Authenticator 2FA Codes in Under 30 Seconds
Security researchers have unveiled a sophisticated new attack technique dubbed “Pixnapping” that can extract two-factor authentication codes from Google Authenticator and other sensitive mobile applications in under 30 seconds. Pixnapping leverages fundamental features of Android’s graphics rendering system to create…
UEFI Shell Flaws Let Hackers Disable Secure Boot on Over 200,000 Laptops
Security researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and desktops. These flaws expose a fundamental weakness in firmware security that could enable persistent, undetectable…
Telegram Becomes the Nerve Center for Modern Hacktivist Operations
Telegram has solidified its position as the primary coordination hub for modern hacktivist operations, according to comprehensive research analyzing over 11,000 posts from more than 120 politically motivated threat actor groups. Contrary to assumptions that such activities remain hidden in…
NCSC Issues Warning as UK Sees Four Cyber Attacks a Week
British organisations are facing an unprecedented cyber security crisis as the National Cyber Security Centre reveals a dramatic surge in attacks threatening the nation’s digital infrastructure. This alarming escalation translates to an average of four major cyber attacks targeting UK…
Pro-Russian Hacktivists Target Government, Finance and E-Commerce Sites
The pro-Russian hacktivist collective NoName057(16) has emerged as a notable participant in a coordinated wave of cyberattacks targeting Israeli infrastructure during the October 7 anniversary period. The group claimed responsibility for multiple distributed denial-of-service (DDoS) attacks against government portals, financial…
Microsoft Patch Tuesday October 2025 – 172 Vulnerabilities Fixed Along with 4 Zero-days
In its October 2025 Patch Tuesday release, Microsoft addressed a staggering 172 security vulnerabilities across its vast ecosystem, with four zero-day flaws stealing the spotlight, two of which are already being exploited in the wild. This massive security update targets…
PolarEdge C2 Communication via Custom Binary Protocol with Custom TLS Server
In early 2025, security researchers unveiled a sophisticated botnet implant named PolarEdge, which relies on a bespoke TLS server and a proprietary binary protocol to carry out unauthenticated command-and-control operations. PolarEdge first emerged in January 2025 when honeypots monitoring Cisco…
Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware
A novel phishing campaign has emerged targeting Colombian users by abusing judicial notifications and weaponizing Scalable Vector Graphics (SVG) files. This sophisticated attack begins with a carefully crafted Spanish-language email impersonating the “17th Municipal Civil Court of the Bogotá Circuit,”…
Discord Weaponized as C2 Server Across Popular Open-Source Package Repositories
Malicious packages on popular registries are abusing Discord webhooks to exfiltrate sensitive files and host telemetry, bypassing traditional C2 infrastructure and blending into legitimate HTTPS traffic. Discord webhooks are simple HTTPS URLs that accept POST requests; they require no credentials…
Malicious NPM Packages Used in Sophisticated Developer Cyberattack
In October 2025, security researchers uncovered an unprecedented phishing campaign that weaponizes the npm ecosystem—not by infecting developers during package installation, but by abusing the unpkg.com CDN as a disposable hosting platform for malicious JavaScript. By seeding over 175 throwaway…
SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP Logon or SAP Assertion Tickets. Rated Medium severity with a 5.3 CVSS 3.1 score, the flaw stems from a NULL…