Cybersecurity researchers have identified a sophisticated malware campaign leveraging artificial intelligence to enhance obfuscation techniques, enabling malicious applications to circumvent traditional antivirus detection systems. The threat actors behind the campaign are distributing trojanized applications impersonating a prominent Korean delivery service,…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Xillen Stealer: Advanced Features Bypass AI Detection and Steal Password Manager Data
The Python-based information-stealing tool Xillen Stealer has reached versions 4 and 5, significantly expanding its targeting capabilities and functionality across platforms. Documented initially by Cyfirma in September 2025, this cross-platform infostealer targets sensitive data, including credentials, cryptocurrency wallets, system information,…
Critical Azure Bastion Vulnerability Lets Attackers Bypass Login and Gain Higher Privileges
Microsoft disclosed a critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enabling attackers to escalate privileges to administrative levels with a single network request. The vulnerability, designated CVE-2025-49752, affects all Azure Bastion deployments and received an…
Chinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad Malware
Security researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated cyberattack campaign targeting Microsoft Windows Server Update Services (WSUS) infrastructure. The attackers are exploiting a critical remote code execution vulnerability tracked as CVE-2025-59287 to deploy ShadowPad, a notorious backdoor…
Clop Ransomware Claims Oracle Breach Using E-Business Suite 0-Day
The notorious Clop ransomware gang, also known as Graceful Spider, has listed Oracle Corporation on its dark web leak site, claiming to have successfully breached the technology giant’s internal systems. This alarming development represents a significant escalation in the group’s…
Salesforce Confirms Customer Data Was Exposed in Gainsight Breach
Salesforce has identified unusual activity involving applications published by Gainsight that are connected to the Salesforce platform. The company’s investigation revealed that this suspicious activity resulted in unauthorized access to specific customer data stored in Salesforce environments. Upon discovery, Salesforce…
Operation DreamJob Attacks on Manufacturing via WhatsApp Web
Operation DreamJob, a longstanding North Korean cyberespionage campaign, has once again demonstrated its lethal effectiveness by targeting manufacturing organizations through deceptive job-related messages delivered via WhatsApp Web. In August 2025, Orange Cyberdefense’s CyberSOC and CSIRT investigated an intrusion targeting an…
Critical Grafana Flaw Lets Attackers Escalate Privileges
Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users. The flaw, tracked as CVE-2025-41115 with a CVSS score of 10.0 (Critical), affects Grafana…
Emerging Ransomware Variants Exploit Amazon S3 Misconfigurations
Ransomware is shifting from traditional systems to cloud environments, fundamentally redefining its impact on cloud-native data. As organizations increasingly migrate to cloud platforms, threat actors are adapting their tactics moving away from traditional encryption-based malware to exploit the unique architecture…
CISA Alerts Users to Active Attacks on Chrome 0-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223, resides in Google Chromium’s V8 JavaScript…
Sturnus Malware Hijacks Signal and WhatsApp, Taking Full Device Control
MTI Security researchers have uncovered a new, particularly advanced Android banking trojan, dubbed Sturnus, that targets users’ financial and personal data with an unprecedented level of device control and operational stealth. Distinct from conventional mobile malware, Sturnus not only supports…
Samourai Wallet Founders Jailed for $237M Crypto Laundering
The co-founders of Samourai Wallet, a cryptocurrency mixing service that facilitated over $237 million in illegal transactions, have been sentenced to prison following their conviction on money laundering and conspiracy charges. Keonne Rodriguez, 37, the Chief Executive Officer, received a…
Tsundere Botnet Targets Windows, Linux & macOS via Node.js Packages
A Russian-speaking threat actor attributed to the username “koneko” has resurfaced with a sophisticated new botnet named Tsundere, discovered by Kaspersky GReAT around mid-2025. This marks a significant evolution from a previous supply chain campaign that targeted Node.js developers in…
Chinese APT Group Exploits DLL Sideloading to Breach Government and Media Targets
A China-nexus advanced persistent threat (APT) group has been conducting a sustained espionage campaign targeting government and media sectors across Southeast Asia, leveraging sophisticated DLL sideloading techniques as a primary attack vector. The threat actor, tracked as Autumn Dragon, has targeted…
Hackers Launch 2.3 Million Attacks on Palo Alto GlobalProtect VPN Portals
Security researchers at GreyNoise have uncovered a massive spike in cyberattacks targeting Palo Alto Networks GlobalProtect VPN systems. The assault began on November 14, 2025, and quickly escalated into a coordinated campaign striking millions of login portals worldwide. Massive Attack…
The Rise of Hybrid Threat Actors: Digital Meets Physical
The distinction between cyber warfare and traditional military operations is disappearing. Recent investigations by Amazon threat intelligence teams have identified a troubling trend: cyber-enabled kinetic targeting, in which nation-state actors systematically leverage cyber operations to enable and enhance physical military…
The Rise of AI-Enhanced Cyber Scams: How GenAI Empowers Criminals
Generative artificial intelligence has fundamentally transformed the landscape of cybercriminal operations by eliminating what was once a critical barrier to entry: the quality of the scam itself. Where scammers previously relied on obvious spelling mistakes, grammatically incorrect text, and amateurish…
Critical Twonky Server Flaws Let Hackers Bypass Login Protection
Twonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to steal administrator credentials and take complete control of the media server. Security researchers at Rapid7 discovered that an attacker can leak encrypted admin passwords through…
Microsoft Adds Azure Firewall With AI-Powered Security Copilot
Microsoft has integrated Azure Firewall with its AI-powered Security Copilot platform, bringing natural language threat investigation capabilities to cloud network security teams. The new integration allows security analysts to investigate malicious network traffic using conversational prompts instead of complex query…
Critical SolarWinds Serv-U Flaws Allow Remote Admin-Level Code Execution
SolarWinds has released an urgent security update for its Serv-U file transfer software, patching three critical vulnerabilities that could enable attackers with administrative access to execute remote code on affected systems. The flaws, all rated 9.1 on the CVSS severity…