Security researchers have discovered a new type of cyberattack that exploits how AI tools process legal text, successfully tricking popular language models into executing dangerous code. Cybersecurity firm Pangea has unveiled a sophisticated attack method called “LegalPwn” that embeds malicious…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Claude AI Flaws Let Attackers Execute Unauthorized Commands Using the Model Itself
Security researchers have discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to bypass security restrictions and execute unauthorized commands, with the AI assistant itself helping to facilitate these attacks. The vulnerabilities, designated CVE-2025-54794 and CVE-2025-54795, demonstrate how sophisticated…
Ransomware Hits Phone Repair & Insurance Firm, Causing Millions in Damage
Wilhelm Einhaus, a businessman from Bockum-Hövel, Germany, pioneered cell phone insurance services, establishing a robust network that integrated innovative offerings like a 24-hour repair and replacement program. His enterprise expanded rapidly, partnering with major telecommunications providers such as Deutsche Telekom…
Threat Actors Exploit AI to Scale Attacks and Target Autonomous Agents
Adversaries are using artificial intelligence (AI) to increase their operational efficiency in a fast-changing threat landscape. They are scaling attacks and focusing on autonomous AI agents that support contemporary enterprise ecosystems. According to frontline intelligence from CrowdStrike’s 2025 Threat Hunting…
CNCERT Accuses U.S. Intelligence of Cyberattacks on Chinese Military-Industrial Targets
China’s National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) has publicly accused U.S. intelligence agencies of orchestrating sophisticated cyberattacks against key military-industrial entities, building on the 2022 NSA breach at Northwestern Polytechnical University. The revelations detail two emblematic incidents…
PXA Stealer Distributed via Telegram Harvests 200K Passwords and Credit Card Data
SentinelLABS and Beazley Security have uncovered a sophisticated infostealer campaign deploying the Python-based PXA Stealer, which has rapidly evolved since late 2024 to incorporate advanced anti-analysis techniques, decoy content, and hardened command-and-control (C2) infrastructure. This operation, linked to Vietnamese-speaking cybercriminal…
Modular Malware Suite Sold by Threat Actors Through Public Storefront Domains
A threat actor operating under the moniker Cyber Products has established a public-facing storefront at cyberproducts[.]io to distribute their modular malware suite, dubbed Cyber Stealer. This development marks a shift toward overt commercialization of malicious tools, with additional promotion occurring…
New Malware Attack Uses LNK Files to Deploy REMCOS Backdoor on Windows Systems
The investigation began with the detection of two scanning IP addresses, 91.238.181[.]225 and 5.188.86[.]169 sharing a common Secure Shell (SSH) fingerprint (b5:4c:ce:68:9e:91:39:e8:24:b6:e5:1a:84:a7:a1:03). Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign that leverages malicious Windows LNK shortcut files to deploy…
Surge in Threat Actor Exploitation Attempts Serves as Early Warning of Emerging Cyber Vulnerabilities
Researchers have discovered a continuous relationship between increases in threat actor activity and the eventual disclosure of new Common Vulnerabilities and Exposures (CVEs) in corporate edge technologies, according to a groundbreaking report published by GreyNoise, Inc. The study, spanning data…
FUJIFILM Printer Flaw Allows Attackers to Trigger DoS Attacks
FUJIFILM Business Innovation has disclosed a critical vulnerability affecting multiple printer models that could allow attackers to launch denial-of-service (DoS) attacks through specially crafted network packets. The vulnerability, tracked as CVE-2025-48499, affects the Internet Printing Protocol (IPP) and Line Printer…
Mozilla Issues Warning on Phishing Campaign Targeting Add-on Developer Accounts
Mozilla has issued an urgent security warning to Firefox add-on developers following the detection of a sophisticated phishing campaign targeting accounts on the Add-ons Mozilla Organization (AMO) platform. The alert, published by Scott DeVaney from Mozilla’s Add-ons Community team on…
Hackers Leverage AI to Craft Malicious NPM Package That Drains Crypto Wallets
Security researchers at Safety have uncovered an AI-generated malicious NPM package dubbed @kodane/patch-manager, engineered as an advanced cryptocurrency wallet drainer. This package, posing as a benign “NPM Registry Cache Manager” for license validation and registry optimization, embeds sophisticated mechanisms to…
Biggest-Ever Bitcoin Hack Uncovered: $3.5B Stolen in Silent Breach
A massive cryptocurrency theft that remained hidden for over four years has been uncovered, revealing what may be the largest Bitcoin hack in history. LuBian, once one of the world’s most prominent Bitcoin mining pools, lost approximately $3.5 billion in…
Researchers Use 0-Day to Exploit Google kernelCTF and Debian 12
Security researchers have uncovered and weaponized a critical Use-After-Free vulnerability (CVE-2025-38001) in the Linux network packet scheduler’s HFSC queuing discipline, successfully compromising Google kernelCTF instances—LTS, COS, and mitigation—and fully updated Debian 12. By ingeniously combining HFSC’s real-time scheduling mode, NETEM’s…
Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Allegedly Leaked Online
Digital Rights Management (DRM) systems are essential for safeguarding premium streaming content against unauthorized access and piracy, with Microsoft’s PlayReady emerging as a cornerstone technology adopted by major platforms such as Netflix, Amazon Prime Video, and Disney+. PlayReady employs sophisticated…
ShadowSyndicate Infrastructure Used by Multiple Ransomware Groups Including Cl0p, LockBit and RansomHub
Cybersecurity researchers have uncovered significant overlaps between the attack infrastructure of ShadowSyndicate, also known as Infra Storm by Group-IB, and several prominent ransomware-as-a-service (RaaS) operations. Active since July 2022, ShadowSyndicate has been linked to high-profile RaaS brands such as AlphaV/BlackCat,…
North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections
Security researchers at Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean-linked APT37 threat group, which employs steganography to conceal malicious payloads within seemingly innocuous JPEG image files. This technique allows…
Interlock Ransomware Uses ClickFix Exploit to Execute Malicious Commands on Windows
The Interlock ransomware group was connected to several sophisticated cyber incidents that targeted firms in North America and Europe, according to a recent report published in July 2025 by eSentire’s Threat Response Unit (TRU). The group, active since September 2024,…
Vulnerabilities in Government-Linked Partner Software Allow Remote Code Attacks
Multiple serious security vulnerabilities have been discovered in Partner Software and Partner Web applications widely used by government agencies and contractors, potentially exposing sensitive systems to remote code execution attacks and data breaches. The vulnerabilities, tracked as CVE-2025-6076, CVE-2025-6077, and…
Critical Squid Flaw Allows Remote Code Execution by Attackers
A severe security vulnerability in the widely-used Squid HTTP proxy has been disclosed, potentially exposing millions of systems to remote code execution attacks. The flaw, designated as CVE-2025-54574 and SQUID-2025:1, represents a critical buffer overflow vulnerability in the software’s URN…