The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly disclosed on October 22, 2025, affecting DNS resolvers and potentially impacting millions of users worldwide.…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Critical Argument Injection Flaw in AI Agents Enables Remote Code Execution
AI-powered agents are increasingly relied upon to execute tasks like code analysis, file management, and automating workflows. However, a newly highlighted vulnerability argument injection shows how attackers can use these very capabilities to achieve remote code execution (RCE), even when…
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual…
Critical MCP Server Flaw Exposes Over 3,000 Servers and Thousands of API Keys
A critical vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service, exposed over 3,000 AI servers and thousands of API keys to potential attackers. Security researchers discovered a simple path traversal flaw that enabled unauthorized access to…
Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters
Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny. In 2025, attackers are noted tried-and-true approaches—like password-protected attachments and calendar invites—with new twists such as…
Fileless Remcos Attacks: Injecting Malicious Code into RMClient to Evade EDR
CyberProof researchers detected a significant surge in Remcos (Remote Control & Surveillance Software) campaigns throughout September and October 2025, exploiting sophisticated fileless techniques to evade endpoint detection and response (EDR) solutions. By leveraging highly obfuscated PowerShell scripts and process hollowing…
Threat Actors Exploiting Azure Blob Storage to Breach Organizational Repositories
Threat actors are increasingly targeting Azure Blob Storage, Microsoft’s flagship object storage solution, to infiltrate organizational repositories and disrupt critical workloads. With its capacity to handle exabytes of unstructured data for AI, high performance computing, analytics, media streaming, enterprise backup,…
SharkStealer Adopts EtherHiding Technique for C2 Communication Evasion
SharkStealer, a Golang-based information stealer, has been observed leveraging the Binance Smart Chain (BSC) Testnet as a covert dead-drop mechanism for command-and-control (C2) communications. By adopting an “EtherHiding” pattern, the malware retrieves encrypted C2 details from smart contracts through Ethereum…
Hackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal Data
Cybercriminals are increasingly exploiting a legitimate Microsoft 365 feature designed for enterprise convenience, turning Exchange Online’s Direct Send into a dangerous vector for phishing campaigns and business email compromise attacks. Security researchers across the industry are sounding the alarm as…
Hackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious Extensions
In September 2025, Texas A&M University System (TAMUS) Cybersecurity, a managed detection and response provider, in collaboration with Elastic Security Labs, uncovered a sophisticated post-exploitation campaign by a Chinese-speaking threat actor. Using this method, the attackers installed a malicious IIS…
Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data
In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin Threat…
Vidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser Credentials
On October 6, 2025, the cybercriminal developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums, introducing a sophisticated information-stealing malware that employs direct memory injection to bypass modern browser security protections. This new version represents…
Millions of Credentials Stolen Each Day by Stealer Malware
The cybercrime ecosystem surrounding stealer malware has reached unprecedented scale, with threat actors now processing millions of stolen credentials daily through sophisticated distribution networks. Security researchers have been monitoring these operations for nearly a year, revealing an alarming infrastructure that…
New Rust Malware “ChaosBot” Hides Command-and-Control Inside Discord
A sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations. This isn’t your average botnet; it’s a new generation of threat that hides its malicious traffic by communicating over the…
New Salt Typhoon Attacks Leverage Zero-Days and DLL Sideloading
Salt Typhoon represents one of the most persistent and sophisticated cyber threats targeting global critical infrastructure today. Believed to be linked to state-sponsored actors from the People’s Republic of China, this advanced persistent threat group has executed a series of…
Hackers Exploit OAuth Apps to Keep Cloud Access Even After Password Resets
Cloud account takeover attacks have evolved beyond simple credential theft. Cybercriminals are now exploiting OAuth applications to maintain persistent access to compromised environments, bypassing traditional security measures like password resets and multifactor authentication. Cloud account takeover (ATO) attacks have become…
Microsoft 365 Copilot Flaw Lets Hackers Steal Sensitive Data via Indirect Prompt Injection
A vulnerability in Microsoft 365 Copilot allowed attackers to trick the AI assistant into fetching and exfiltrating sensitive tenant data by hiding instructions in a document. The AI then encoded the data into a malicious Mermaid diagram that, when clicked,…
PassiveNeuron Targets High-Profile Servers to Deploy Malware
A sophisticated cyberespionage campaign dubbed PassiveNeuron has emerged from the shadows after months of dormancy, with security researchers uncovering fresh details about its operations and attack methods. The campaign, first detected in June 2024, has resurfaced with renewed vigor, targeting…
New Luma Infostealer Malware Steals Browser Data, Cryptocurrency, and Remote Access Accounts
Luma Infostealer, a malware-as-a-service (MaaS) offering, has emerged as a potent threat targeting high-value credentials such as web browser cookies, cryptocurrency wallets, and VPN/RDP account information. Beyond isolated theft, threat actors are employing Luma in the initial infiltration stages of…
Apache Syncope Groovy Flaw Allows Remote Code Injection
Apache Syncope, has disclosed a critical security vulnerability that allows authenticated administrators to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-57738, impacts all Apache Syncope versions 3.x before 3.0.14 and 4.x before 4.0.2, exposing organisations to potential…