Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A sophisticated Python-based information stealer named XillenStealer has emerged as a significant threat to Windows users, designed to harvest sensitive system data, browser credentials, and cryptocurrency wallet information. XillenStealer operates through a comprehensive builder framework called “XillenStealer Builder V3.0,” featuring…

Read more →

A sophisticated new campaign that represents the first documented real-world deployment of FileFix attacks beyond proof-of-concept demonstrations. This campaign marks a significant evolution in social engineering tactics, combining advanced steganographic techniques with multilayered obfuscation to deliver the StealC information stealer…

Read more →

A major supply chain attack dubbed “Shai-Halud” has impacted the JavaScript ecosystem by targeting over 477 NPM packages, raising serious concerns among developers and organizations relying on software from the Node Package Manager (NPM) registry. This incident reveals both the…

Read more →

A critical vulnerability nicknamed “BitPixie” in Windows Boot Manager allows attackers to bypass BitLocker drive encryption and escalate privileges, security researchers have revealed. The flaw exploits a weakness in the PXE soft reboot feature that fails to properly clear encryption…

Read more →

The cybersecurity landscape has witnessed a dramatic escalation in API-targeted attacks during the first half of 2025, with security researchers documenting over 40,000 API incidents across more than 4,000 monitored environments. This surge represents a fundamental shift in how cybercriminals approach digital…

Read more →

A critical vulnerability in the Linux kernel’s KSMBD implementation has been discovered that allows remote attackers to completely exhaust server connection resources through a simple denial-of-service attack. The flaw, tracked as CVE-2025-38501 and dubbed “KSMBDrain,” enables malicious actors to render…

Read more →

Newark, New Jersey, United States, September 16th, 2025, CyberNewsWire The OpenSSL Conference 2025 will take place on October 7 – 9 in Prague. The program will bring together lawyers, regulators, developers, and entrepreneurs to discuss security and privacy in a global context.…

Read more →

Seraphic today announced at Fal.Con 2025 that its Secure Enterprise Browser (SEB) solution is now available for purchase in the CrowdStrike Marketplace, a one-stop destination for the world-class ecosystem of CrowdStrike-compatible security products. This availability enables customers to discover, buy,…

Read more →

The rise of large language models (LLMs) has revolutionized how we interact with technology, but their true potential has always been limited by their inability to interact with the real world. LLMs are trained on vast, static datasets, meaning they…

Read more →

In today’s fast-paced software development world, where applications are released at an unprecedented rate, ensuring their security is more critical than ever. Dynamic Application Security Testing (DAST) has emerged as a fundamental practice for modern development teams. DAST tools, often…

Read more →

In an increasingly complex digital landscape, where cloud migrations, remote work, and a distributed workforce have become the norm, the traditional security perimeter has all but disappeared. The most valuable and vulnerable assets of any organization are the privileged accounts…

Read more →

RevengeHotels, also known as TA558, has escalated its long-standing cybercrime campaign by incorporating artificial intelligence into its infection chains, deploying the potent VenomRAT malware against Windows users. Active since 2015, this threat actor has traditionally targeted hotel guests and travelers,…

Read more →

AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and careless users can exploit these capabilities to inject backdoors, leak sensitive data, and produce harmful code. Indirect prompt injection attacks…

Read more →

A major data breach at American First Finance, LLC has exposed sensitive information for nearly 700,000 customers. The breach, which occurred on May 31, 2024, was discovered over a year later on June 18, 2025. An ex-employee of the financial…

Read more →

A new supply chain attack has compromised multiple npm packages maintained by the crowdstrike-publisher account, marking a worrying continuation of the so-called “Shai-Halud attack.” Developers and organizations using these packages should take immediate action to safeguard credentials and prevent unauthorized…

Read more →

Sekoia.io’s Threat Detection and Response (TDR) team has uncovered a sophisticated campaign by APT28 that weaponizes Signal Messenger to deploy two previously undocumented malware families—BeardShell and the Covenant framework. In early 2025, a trusted partner supplied samples that did not…

Read more →

A security vulnerability has been discovered in LG WebOS TV systems that allows attackers to gain complete control over affected devices by bypassing authentication mechanisms. The vulnerability, disclosed during the TyphoonPWN 2025 LG Category competition where it won first place,…

Read more →

Luxury retail giant Kering has confirmed a major data breach affecting its top fashion houses, including Gucci, Balenciaga, and Alexander McQueen. The cybercriminal group known as Shiny Hunters claims to have stolen private details tied to as many as 7.4…

Read more →

A critical vulnerability in the Case Theme User plugin for WordPress allows unauthenticated attackers to hijack any account on vulnerable sites, including administrative accounts, by exploiting the social login feature. Site owners are urged to update immediately. On May 31,…

Read more →

As more companies move their critical systems and data to Amazon Web Services (AWS), attackers are finding new ways to stay hidden inside cloud environments. AWSDoor is a tool designed to simplify and automate persistence techniques in AWS. Persistence lets…

Read more →