Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

China’s Cyberspace Administration, Ministry of Public Security, and Ministry of Industry and Information Technology introduced the Regulations on the Management of Network Product Security Vulnerabilities (RMSV) in July 2021, mandating that software vulnerabilities exploitable flaws in code be reported to…

Read more →

Singapore’s critical infrastructure sectors, including energy, water, telecommunications, finance, and government services, are facing an active cyberattack from UNC3886, a sophisticated China-linked advanced persistent threat (APT) group renowned for leveraging zero-day exploits and custom malware. First identified by Mandiant in…

Read more →

Raven Stealer has emerged as sophisticated, lightweight information-stealing malware crafted in Delphi and C++, targeting Windows systems with a focus on extracting sensitive data like logins, payment details, and autofill information from Chromium-based browsers such as Chrome and Edge. First…

Read more →

In 2025, the demand for sophisticated ethical hacking services has intensified, driven by the rapid evolution of digital infrastructure and increasingly cunning cyber adversaries. Organizations are moving beyond periodic checks towards continuous security validation, seeking partners who offer deep technical…

Read more →

The popular npm package ‘is’, which has about 2.8 million weekly downloads, has been taken over by threat actors in a sophisticated escalation of a phishing effort that was first disclosed last Friday. The attack began with emails spoofing npm’s…

Read more →

Cybersecurity researchers have successfully deployed artificial intelligence-powered honeypots to trick cybercriminals into revealing their attack strategies, demonstrating a promising new approach to threat intelligence gathering. The innovative technique uses large language models (LLMs) to create convincing fake systems that lure…

Read more →

Malware-as-a-service (MaaS) platforms like PhantomOS and Nebula are democratizing Android device attacks because they provide pre-built, subscription-based malware kits for as little as $300 per month, marking a fundamental shift in the cybercrime scene. These services eliminate the need for…

Read more →

The Atomic macOS Stealer (AMOS), a notorious infostealer malware targeting Apple’s macOS ecosystem, has undergone a significant upgrade by incorporating a sophisticated backdoor mechanism that facilitates persistent access and remote command execution on infected systems. This enhancement, detailed in a…

Read more →

Palo Alto Networks’ Unit 42, the cybercrime group tracked as Muddled Libra also known as Scattered Spider or UNC3944 has demonstrated remarkable resilience and adaptation in 2025, following international law enforcement disruptions in late 2024. Despite federal charges against five…

Read more →

Dutch intelligence agencies AIVD and MIVD, alongside Microsoft Threat Intelligence, have identified Laundry Bear also tracked as Void Blizzard as a sophisticated Russian state-sponsored advanced persistent threat (APT) group active since at least April 2024. This actor has focused on…

Read more →

Tea, a women-only dating safety app that allows users to review and share information about men they’ve dated anonymously, has suffered a significant data breach that exposed approximately 72,000 user images, including 13,000 sensitive selfies and photo identification documents submitted…

Read more →

Cybercriminals have reportedly claimed a successful breach of Airpay, an Indian payment gateway service, raising serious concerns about the security of financial data and customer information. The allegations surfaced on underground forums where threat actors are allegedly offering access to…

Read more →

A critical security vulnerability has been discovered in the popular Post SMTP plugin for WordPress, potentially exposing over 400,000 websites to account takeover attacks. The vulnerability, tracked as CVE-2025-24000, affects versions 3.2.0 and below of the plugin, allowing even low-privileged…

Read more →

Unidentified hackers have successfully compromised a critical intelligence website operated by the National Reconnaissance Office, marking a significant security breach affecting the CIA and multiple government agencies. The attack targeted the Acquisition Research Center website, which serves as a crucial…

Read more →

A significant data breach has exposed sensitive information about users of Leakzone, a prominent dark web forum known for trading hacking tools and compromised accounts. Security firm UpGuard discovered an unprotected Elasticsearch database containing approximately 22 million web request records,…

Read more →

A sophisticated new information stealer named SHUYAL was recently discovered by Hybrid Analysis. It has demonstrated extensive capabilities in credential extraction from 19 different web browsers, including popular ones like Google Chrome, Microsoft Edge, Opera, Brave, and Yandex, as well…

Read more →

A critical security vulnerability has been discovered in LG Innotek’s LNV5110R CCTV camera model that could allow remote attackers to gain complete administrative control over affected devices. The vulnerability, designated as CVE-2025-7742, represents a significant authentication bypass flaw that poses…

Read more →

FortiGuard Labs has identified a critical new exploit chain dubbed “ToolShell” that is actively being used by multiple threat actors to target on-premises Microsoft SharePoint servers. This sophisticated attack combines two previously patched vulnerabilities with two fresh zero-day variants to…

Read more →

Salesforce has disclosed a series of critical security vulnerabilities in its Tableau Server platform that could allow attackers to execute remote code and gain unauthorized access to production databases. The vulnerabilities, announced on June 26, 2025, affect multiple versions of…

Read more →

Salesforce has disclosed a series of critical security vulnerabilities in its Tableau Server platform that could allow attackers to execute remote code and gain unauthorized access to production databases. The vulnerabilities, announced on June 26, 2025, affect multiple versions of…

Read more →