In its October 2025 Patch Tuesday release, Microsoft addressed a staggering 172 security vulnerabilities across its vast ecosystem, with four zero-day flaws stealing the spotlight, two of which are already being exploited in the wild. This massive security update targets…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
PolarEdge C2 Communication via Custom Binary Protocol with Custom TLS Server
In early 2025, security researchers unveiled a sophisticated botnet implant named PolarEdge, which relies on a bespoke TLS server and a proprietary binary protocol to carry out unauthenticated command-and-control operations. PolarEdge first emerged in January 2025 when honeypots monitoring Cisco…
Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware
A novel phishing campaign has emerged targeting Colombian users by abusing judicial notifications and weaponizing Scalable Vector Graphics (SVG) files. This sophisticated attack begins with a carefully crafted Spanish-language email impersonating the “17th Municipal Civil Court of the Bogotá Circuit,”…
Discord Weaponized as C2 Server Across Popular Open-Source Package Repositories
Malicious packages on popular registries are abusing Discord webhooks to exfiltrate sensitive files and host telemetry, bypassing traditional C2 infrastructure and blending into legitimate HTTPS traffic. Discord webhooks are simple HTTPS URLs that accept POST requests; they require no credentials…
Malicious NPM Packages Used in Sophisticated Developer Cyberattack
In October 2025, security researchers uncovered an unprecedented phishing campaign that weaponizes the npm ecosystem—not by infecting developers during package installation, but by abusing the unpkg.com CDN as a disposable hosting platform for malicious JavaScript. By seeding over 175 throwaway…
SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP Logon or SAP Assertion Tickets. Rated Medium severity with a 5.3 CVSS 3.1 score, the flaw stems from a NULL…
Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials
Hackers have launched a sophisticated phishing campaign impersonating both OpenAI and the recently released Sora 2 AI service. By cloning legitimate-looking landing pages, these actors are duping users into submitting their login credentials, participating in faux “gift” surveys, and even…
SimonMed Data Breach Exposes Sensitive Information of 1.2 Million Patients
SimonMed Imaging has confirmed that an external hacking incident compromised the personal data of 1,275,669 patients, making it one of the largest healthcare breaches of the year. The breach, which occurred on January 21, 2025, but was not discovered until…
North Korean IT Workers Use VPNs and Laptop Farms to Evade Identity Verification
In a sprawling network of covert remote labor, more than 10,000 North Korean IT professionals have infiltrated global technology and freelance marketplaces by exploiting VPNs, virtual private servers (VPS), and so-called “laptop farms” to conceal their true origins. State-backed cyber…
PoC Released for Sudo chroot Flaw Allowing Local Privilege Escalation
A new proof-of-concept (PoC) exploit has been published for a critical flaw in the widely used sudo utility. This vulnerability enables any local user to escape a chroot jail and execute commands with root privileges. Organizations relying on sudo are urged to audit and…
Threat Actors Exploit ScreenConnect to Gain Unauthorized Remote Access
A recent surge in threat actors leveraging remote management and monitoring (RMM) tools for initial access has intensified scrutiny of platforms once reserved for legitimate IT administration. While AnyDesk has waned in popularity among adversaries due to improved detection, ConnectWise…
Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
Ivanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven medium-severity SQL injection flaws. While there is no evidence of in-the-wild exploitation, Ivanti urges customers…
TA585 Deploys Novel Web-Injection to Deliver MonsterV2 Malware on Windows
As cybercrime continues to evolve, new adversaries and innovative tactics challenge defenders daily. The recently emerged threat group TA585 exemplifies this shift, deploying sophisticated malware campaigns that highlight the changing nature of the cybercrime landscape. TA585’s operational strategy, infrastructure control,…
178,000+ Invoices Expose Customer Data from Invoicely Platform
A significant data exposure incident has affected the cloud-based invoicing platform Invoicely, potentially compromising sensitive information belonging to customers worldwide. The exposed database contained 178,519 files in various formats including Excel spreadsheets, CSV files, PDFs, and images. Most concerning was…
Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 and rated CVSS 9.1…
Simple Prompt Injection Lets Hackers Bypass OpenAI Guardrails Framework
Security researchers have discovered a fundamental vulnerability in OpenAI’s newly released Guardrails framework that can be exploited using basic prompt injection techniques. The vulnerability enables attackers to circumvent the system’s safety mechanisms and generate malicious content without triggering any security…
Clevo UEFI Leak Allows Signing of Malicious Firmware with BootGuard Keys
Clevo accidentally exposed private keys used in its Intel Boot Guard implementation, allowing attackers to sign malicious firmware that would be trusted during the earliest boot stages. The issue is tracked as Vulnerability Note VU#538470 and was published on October…
Russian Cybercrime Marketplace Shifting from RDP Access to Malware Stealer Log Exploits
The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs. Stolen user credentials are traded daily, and each compromised login represents a…
Hackers Target macOS Users with Fake Homebrew Websites to Deliver Malicious Payloads
In September 2025, Kandji’s security researchers uncovered a sophisticated campaign in which attackers deployed multiple spoofed Homebrew installer sites that perfectly mimic the official brew.sh page. These counterfeit domains served a hidden malicious payload under the guise of the standard…
Pro-Russian Hacktivist Targets OT/ICS Systems to Harvest Credentials
In September, a nascent pro-Russian hacktivist group known as TwoNet staged its first operational technology and industrial control systems (OT/ICS) intrusion against our water treatment utility honeypot. By exploiting default credentials and SQL-based schema extraction, the adversary ultimately created backdoor…