Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and…

Read more →

Socket’s Threat Research Team has uncovered a sprawling phishing campaign—dubbed “Beamglea”—leveraging 175 malicious npm packages that have amassed over 26,000 downloads. These packages serve solely as hosting infrastructure, redirecting victims to credential-harvesting pages. Though randomly named packages make accidental developer…

Read more →

LLM-enabled malware poses new challenges for detection and threat hunting as malicious logic can be generated at runtime rather than embedded in code. Our research discovered hitherto unknown samples, and what may be the earliest example known to date of…

Read more →

A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in…

Read more →

The RondoDox campaign’s “exploit shotgun” method leverages over 50 vulnerabilities across more than 30 vendors to infiltrate network devices, highlighting the urgent need for rapid patching and continuous monitoring. The first detected RondoDox intrusion on June 15, 2025, reused a…

Read more →

Gladinet CentreStack and Triofox have come under active attack as threat actors exploit an unauthenticated local file inclusion flaw (CVE-2025-11371). The flaw lets attackers read sensitive files without logging in. Once they grab the machine key, they can trigger a…

Read more →

ClayRat, a rapidly evolving Android spyware campaign, has surged in activity over the past three months, with zLabs researchers observing more than 600 unique samples and 50 distinct droppers. Primarily targeting Russian users, the malware masquerades as popular applications such…

Read more →

A newly observed information‐stealing campaign is deploying a stealthy variant of the SnakeKeylogger malware via weaponized e-mails that masquerade as legitimate remittance advice from CPA Global and Clarivate. Researchers first identified the infection vector on October 7, 2025, when recipients…

Read more →

Microsoft Threat Intelligence is sounding the alarm on a surge of sophisticated “payroll pirate” attacks, in which financially motivated adversaries hijack employee accounts to reroute salary payments to attacker-controlled bank accounts. In the first half of 2025, Storm-2657 launched a…

Read more →

In a coordinated effort, international law enforcement agencies seized the clearnet domain breachforums[.]hn, shutting down yet another incarnation of the notorious cybercrime marketplace BreachForums. The domain now displays a joint seizure notice from the U.S. Department of Justice (DOJ) and…

Read more →

Organizations using Oracle E-Business Suite must apply the October 4 emergency patches immediately to mitigate active, in-the-wild exploitation by CL0P extortion actors and hunt for malicious templates in their databases. Beginning September 29, 2025, Google Threat Intelligence Group (GTIG) and…

Read more →

A security researcher has uncovered a significant vulnerability in a widely used payment terminal that could enable attackers to gain full control of the device in under a minute. The affected model, the Worldline Yomani XR, is found in grocery…

Read more →

A threat actor is claiming responsibility for a data breach at KFC’s Venezuela operations, offering for sale a database containing the personal and order information of more than one million customers. The sale was advertised on a dark web forum…

Read more →

Two critical vulnerabilities in 7-Zip’s handling of ZIP archives have emerged, enabling remote attackers to execute arbitrary code by exploiting directory traversal flaws. Both issues stem from improper processing of symbolic links within ZIP files, allowing crafted archives to force…

Read more →

SonicWall, together with leading incident response firm Mandiant, has completed a thorough review of a recent cloud backup security incident. The investigation confirmed that an unknown party gained access to all firewall configuration backup files for customers using the MySonicWall…

Read more →

Microsoft Azure suffered a significant service interruption that left many customers unable to reach cloud resources. The incident began at roughly 07:40 UTC, when Azure Front Door, the platform’s native content delivery network (CDN), lost about 30 percent of its…

Read more →

A critical authentication bypass in the Service Finder Bookings plugin has enabled unauthenticated attackers to assume administrator privileges on thousands of WordPress sites. Exploitation began within 24 hours of public disclosure, and over 13,800 exploit attempts have been blocked by…

Read more →

Security researcher Norbert Szetei published the final installment of his deep-dive into the ksmbd filesystem module, culminating in a working proof-of-concept exploit targeting CVE-2025-37947. Unlike earlier use-after-free candidates that required complex race conditions or depended on external factors, this vulnerability…

Read more →

Cybersecurity researchers have discovered a sophisticated evolution of the ClickFix attack technique that leverages browser cache smuggling to covertly place malicious files on target systems without traditional file downloads. This advanced social engineering campaign specifically targets enterprise users through fake…

Read more →

GitLab has issued a critical security update to address several denial-of-service (DoS) vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Self-managed installations should upgrade immediately to versions 18.4.2, 18.3.4, or 18.2.8. GitLab.com already runs the patched versions, and…

Read more →