Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

In 2024, as the Russia-Ukraine war prolongs and military and economic cooperation between North Korea and Russia deepens, cyberspace has emerged as a central battleground for international conflict. Russia is increasingly using cyber-attacks as a strategic tool to alleviate economic…

Read more →

A permissions issue in IBM QRadar SIEM could enable local privileged users to modify configuration files without proper authorization. Tracked as CVE-2025-0164, this flaw stems from incorrect permission assignment for a critical resource, potentially compromising the integrity of a deployed…

Read more →

The Kimsuky APT group has begun leveraging generative AI ChatGPT to craft deepfake South Korean military agency ID cards. Phishing lures deliver batch files and AutoIt scripts designed to evade anti-virus scanning through sophisticated obfuscation. Organizations must deploy endpoint detection…

Read more →

The Federal Bureau of Investigation (FBI) has released a detailed flash advisory disclosing indicators of compromise (IOCs) and tactics used by two cybercrime groups—UNC6040 and UNC6395—to breach Salesforce customer environments and siphon sensitive data. Coordinated with the Department of Homeland…

Read more →

A recently discovered flaw in LangChainGo, the Go implementation of the LangChain framework for large language models, permits attackers to read arbitrary files on a server by injecting malicious prompt templates. Tracked as CVE-2025-9556, this vulnerability arises from the use…

Read more →

Countries with most cyberattacks stopped highlighting global cyber defense efforts, including key regions in Asia-Pacific and North America.  BlackNevas has released a comprehensive attack strategy spanning three major regions, with the Asia-Pacific area bearing the heaviest burden of attacks at 50%…

Read more →

Analysis reveals that the developers behind the AppSuite-PDF and PDF Editor campaigns have abused at least 26 distinct code-signing certificates over the past seven years to lend legitimacy to their malware, collectively tracked as BaoLoader. Previously classified as potentially unwanted…

Read more →

As per a recent Sophos report from July 2025, 53% of Indian organizations impacted by ransomware paid the ransom, though the median payment saw a significant drop to around $481,636 (approximately ₹4 crore). However, the average recovery cost, excluding ransom,…

Read more →

August 2025 saw a dramatic surge in targeted attacks by the DarkCloud Stealer against financial institutions worldwide. CyberProof’s MDR analysts and threat hunters identified a wave of phishing emails bearing malicious RAR archives designed to prey on Windows users. Once…

Read more →

Microsoft has issued an urgent reminder to enterprise and educational institutions worldwide about the impending end of support for Windows 11 version 22H2. With just 60 days remaining, organizations must prepare for the October 14, 2025, deadline when critical security…

Read more →

A newly discovered ransomware group called Yurei has emerged with sophisticated encryption capabilities, targeting organizations through double-extortion tactics while leveraging open-source code to rapidly scale operations. First observed on September 5, 2025, this Go-based ransomware employs the ChaCha20 encryption algorithm…

Read more →

A massive data breach has exposed the inner workings of China’s internet censorship system, with over 500GB of sensitive documents from the Great Firewall of China (GFW) leaked online on September 11, 2025. This represents the largest leak of internal…

Read more →

In 2025, web applications are no longer just static websites; they are dynamic, complex ecosystems that serve as the primary interface between businesses and their customers. This makes them a prime target for cybercriminals. Traditional network firewalls and intrusion prevention…

Read more →

A critical vulnerability in FlowiseAI has been discovered that allows attackers to take over user accounts with minimal effort. The flaw, tracked as CVE-2025-58434, affects both cloud-hosted and self-hosted FlowiseAI deployments, posing significant risks to organizations using this AI workflow automation platform. CVE…

Read more →

Two critical security vulnerabilities have been discovered in the Common Unix Printing System (CUPS), a widely used printing subsystem for Unix-like operating systems. The flaws, designated as CVE-2025-58364 and CVE-2025-58060, expose Linux systems to remote denial-of-service attacks and authentication bypass,…

Read more →

Phishing-as-a-Service operation called VoidProxy that uses advanced adversary-in-the-middle techniques to bypass traditional multi-factor authentication and steal session tokens from Microsoft 365 and Google accounts. The five steps of a SIM-swap attack illustrating how fraudsters bypass multi-factor authentication to compromise accounts …

Read more →

IBM X-Force researchers have uncovered sophisticated new malware campaigns orchestrated by the China-aligned threat actor Hive0154, also known as Mustang Panda. The discovery includes an advanced Toneshell backdoor variant that evades detection systems and a novel USB worm called SnakeDisk…

Read more →

Security researchers at Straiker’s AI Research (STAR) team have uncovered Villager, an AI-native penetration testing framework developed by Chinese-based group Cyberspike that has already accumulated over 10,000 downloads within two months of its release on the official Python Package Index…

Read more →

ESET Research has uncovered a sophisticated new ransomware variant called HybridPetya, discovered on the VirusTotal sample sharing platform. This malware represents a dangerous evolution of the infamous Petya/NotPetya ransomware family, incorporating advanced capabilities to compromise UEFI-based systems and exploit CVE-2024-7344…

Read more →

EvilAI, a new malware family tracked by Trend™ Research, has emerged in recent weeks disguised as legitimate AI-driven utilities. These trojans sport professional user interfaces, valid code signatures, and functional features, allowing them to slip past both corporate and personal…

Read more →