Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A critical security vulnerability in Microsoft Windows Cloud Minifilter has been patched, addressing a race condition that allowed attackers to escalate privileges and create files anywhere on the system. The vulnerability, tracked as CVE-2025-55680, was discovered by security researchers at…

Read more →

A catastrophic Amazon Web Services (AWS) outage struck on October 20, 2025, bringing down major platforms like Snapchat, Amazon Prime Video, and Canva, and revealing the internet’s dangerous dependence on a single cloud provider. Starting at 12:11 a.m. PDT (12:41…

Read more →

Security researchers are tracking a high-severity malware campaign that uses weaponized PDF files to distribute the Winos 4.0 malware. The threat actors impersonate government departments to trick users into opening malicious documents that infect Microsoft Windows machines. The campaign, first…

Read more →

A new wave of spamware targeting WhatsApp Web users has emerged, as the Socket Threat Research Team revealed the discovery of 131 malicious Chrome extensions actively flooding the Chrome Web Store. These extensions are not conventional malware, but function as…

Read more →

A new proof-of-concept (PoC) has been released for a serious vulnerability tracked as CVE-2025-8941, affecting the Pluggable Authentication Modules (PAM) used across Linux distributions. The flaw, rated 7.8 (High) on the CVSS scale, allows local attackers to elevate privileges to…

Read more →

Volkswagen Group is investigating claims from the 8Base ransomware group, which asserts it has stolen sensitive company data. While the German automaker has stated that its core IT systems are secure, its response leaves open the possibility of a breach…

Read more →

Microsoft’s latest cumulative update for Windows 11, KB5066835, is causing significant disruptions for users, most notably by rendering USB keyboards and mice useless within the Windows Recovery Environment (WinRE). The patch, released on October 14, 2025, affects Windows 11 versions…

Read more →

Law enforcement authorities across Europe have dismantled a sophisticated cybercrime-as-a-service operation that enabled criminals to commit widespread fraud and other serious offenses across the continent. The coordinated action, codenamed ‘SIMCARTEL’, resulted in seven arrests, the seizure of over 40,000 active…

Read more →

Zimbra has released an emergency security patch to address a critical Server-Side Request Forgery (SSRF) vulnerability that could allow attackers to access sensitive data through the platform’s chat proxy configuration. The flaw, classified as high severity, affects Zimbra versions 10.1.5…

Read more →

Microsoft’s October 2025 Windows 11 update has introduced an unexpected connectivity issue affecting developers and IT professionals worldwide. The security patch KB5066835, released on October 14, 2025, for OS Builds 26200.6899 and 26100.6899, has disrupted localhost connections, preventing applications from…

Read more →

Cybercriminals have discovered a gap in Zendesk’s ticket submission process and are using it to bombard victims with waves of misleading support messages. When configured to accept anonymous requests, however, the service can be abused to generate email floods that…

Read more →

Attackers are exploiting TikTok’s massive reach to trick users into executing malware through seemingly innocuous videos. In one popular TikTok video (liked over 500 times), the attacker poses as a provider of a free Photoshop activation tool and urges viewers…

Read more →

A critical security vulnerability has been discovered in WatchGuard Firebox appliances that could allow remote attackers to execute arbitrary code without authentication. The flaw, identified as CVE-2025-9242, affects the IKEv2 VPN service and has been assigned a severity score of…

Read more →

A North Korean-linked group, WaterPlum’s Cluster B, has evolved its tactics by introducing OtterCandy—a Node.js–based RAT and information stealer—through the ClickFake Interview campaign, with significant enhancements observed in August 2025. This threat actor, attributed to North Korea, orchestrated two primary…

Read more →

Microsoft’s name and branding have long been associated with trust in computing, security, and innovation. Yet a newly uncovered campaign by the Cofense Phishing Defense Center demonstrates that even the most recognized logos can be hijacked by threat actors to…

Read more →

A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems. Check Point Research (CPR) uncovered the issue in January 2025 and reported it to Microsoft. The…

Read more →

ConnectWise has issued a critical security update for its Automate™ platform after uncovering vulnerabilities that could allow attackers to intercept and tamper with software updates. The flaws, present in on-premises installations configured to use unsecured communication channels, put organizations at…

Read more →

Cybercriminals are weaponizing artificial intelligence to accelerate malware development, discover vulnerabilities faster, and create more sophisticated phishing campaigns, according to Microsoft’s latest Digital Defense Report covering trends from July 2024 through June 2025. In 80% of the cyber incidents Microsoft…

Read more →

Security researchers at Sekoia.io have uncovered a sophisticated cyberattack campaign orchestrated by APT28, the notorious Russian state-sponsored threat actor, targeting Ukrainian military personnel with weaponized Office documents that deliver advanced malware frameworks including BeardShell and Covenant modules. The operation represents…

Read more →

Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and…

Read more →