Splunk has published a critical security advisory revealing that its Security Orchestration, Automation and Response (SOAR) platform was shipping vulnerable versions of more than a dozen popular open-source packages—some with publicly available exploits. Advisory SVD-2025-0712 confirms that Splunk SOAR versions…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Windows BitLocker Vulnerability Lets Attackers Bypass Security Protections
Microsoft has disclosed a significant security vulnerability in Windows BitLocker that allows attackers to bypass critical security protections through a physical attack vector. The vulnerability, designated as CVE-2025-48818, was officially released on July 8, 2025, and affects the disk encryption…
Anatsa Android Banking Malware Targets Users in the U.S. and Canada via Google Play
A sophisticated new campaign involving the Anatsa Android banking trojan, marking its third major offensive against mobile banking customers in the United States and Canada. This latest operation demonstrates the malware’s evolving threat landscape and its operators’ persistent focus on…
International Criminal Court Hacked via Sophisticated Cyber Campaign
The International Criminal Court (ICC), the global tribunal responsible for prosecuting serious international crimes, has been targeted by a sophisticated and highly focused cyberattack late last week. The Court confirmed that the incident, which marks the second such breach in…
DCRat Targets Windows Systems for Remote Control, Keylogging, Screen Capture, and Data Theft
A sophisticated email-based attack distributing a Remote Access Trojan (RAT) known as DCRat has been recently identified by the FortiMail IR team, specifically targeting organizations in Colombia. The campaign, impersonating a Colombian government entity, leverages advanced evasion techniques to compromise…
CISA Issues Alert on TeleMessage TM SGNL Flaws Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert after adding two newly discovered vulnerabilities in the TeleMessage TM SGNL messaging platform to its Known Exploited Vulnerabilities (KEV) Catalog. These flaws CVE-2025-48927 and CVE-2025-48928, are confirmed…
Bots Now Account for 30% of Global Web Traffic, Surpassing Human Activity in Some Regions
The Internet, once dominated by human interaction, is undergoing a seismic shift as bots now constitute approximately 30% of global web traffic, according to recent Cloudflare Radar data. In certain regions, automated traffic even outpaces human activity, signaling a transformative…
FileFix Attack Exploits Windows Browser Loophole to Evade Mark-of-the-Web Security
A newly identified attack vector, dubbed the “FileFix Attack,” has surfaced, exploiting a subtle yet critical loophole in how modern browsers like Google Chrome and Microsoft Edge handle saved web content. This technique cunningly sidesteps the Windows Mark-of-the-Web (MOTW) security…
Australian Airline Qantas Hacked – Attackers Gained Access to Customers Personal Data
Qantas Airways, Australia’s flagship carrier, has confirmed a major cyberattack that compromised the personal data of up to six million customers, marking one of the largest data breaches in the country’s aviation history. The breach, discovered earlier this week, targeted…
Chinese Houken Group Exploits Ivanti CSA Zero-Days to Install Linux Rootkits
The French National Agency for the Security of Information Systems (ANSSI) has uncovered a sophisticated cyberattack campaign orchestrated by a threat group dubbed “Houken.” This group, suspected to be linked to the Chinese intrusion set UNC5174, exploited multiple zero-day vulnerabilities…
Nessus Vulnerabilities on Windows Enables Arbitrary System File Overwrites
A critical security vulnerability has been discovered and patched in Tenable’s Nessus vulnerability scanner for Windows, potentially allowing non-administrative users to overwrite any system file with SYSTEM-level privileges. This flaw, tracked as CVE-2025-36630, impacts all Nessus versions prior to 10.8.5…
Microsoft Intune Update Wipes Custom Security Baseline Tweaks – Admins Alerted
Microsoft has confirmed a significant issue affecting its Intune security baseline update process, causing concern among IT administrators worldwide. The problem, acknowledged by Microsoft in late June, results in custom security baseline configurations being lost when updating to a newer…
U.S. Treasury Sanctions Bulletproof Hosting Firm Fueling Ransomware Campaigns
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sweeping sanctions on Aeza Group, a Russia-based bulletproof hosting (BPH) provider, for its pivotal role in enabling global cybercrime, including ransomware attacks, data theft, and illicit drug…
Over 600K WordPress Sites at Risk Due to Critical Plugin Vulnerability
A critical security flaw in the popular Forminator WordPress plugin has put more than 600,000 websites worldwide at risk of remote takeover, according to recent disclosures from security firm Wordfence and independent researchers. The vulnerability, tracked as CVE-2025-6463 and rated 8.8 (High) on the…
Anthropic MCP Inspector Vulnerability Lets Hackers Run Arbitrary Code Remotely
A newly disclosed vulnerability in Anthropic’s Model Context Protocol (MCP) Inspector tool has sent shockwaves through the AI development community, exposing a critical attack vector that could allow hackers to execute arbitrary code on developers’ machines—simply by luring them to…
TA829 Hackers Use New TTPs and Enhanced RomCom Backdoor to Evade Detection
The cybercriminal group TA829, also tracked under aliases like RomCom, Void Rabisu, and Tropical Scorpius, has been observed deploying sophisticated tactics, techniques, and procedures (TTPs) alongside an updated version of its infamous RomCom backdoor, now dubbed SingleCamper (aka SnipBot). This…
New DEVMAN Ransomware by DragonForce Targets Windows 10 and 11 Users
A new ransomware variant, dubbed DEVMAN, has surfaced in the cyberthreat landscape, showcasing a complex lineage tied to the notorious DragonForce family. Built on a foundation of DragonForce and Conti codebases, DEVMAN introduces unique identifiers such as the .DEVMAN file…
Kimusky Hackers Employ ClickFix Technique to Run Malicious Scripts on Victim Devices
The North Korean state-sponsored hacker collective Kimsuky has been found to use a dishonest technique called “ClickFix” to compromise victim machines in a number of concerning cyberattacks. First documented by Proofpoint in April 2024, ClickFix manipulates users into executing malicious…
Hacktivist Group Launches Attacks on 20+ Critical Sectors Amid Iran–Israel Conflict
A series of sophisticated cyberattacks targeting over 20 vital sectors in Israel and its allies has been launched by more than 80 hacktivist groups in a major escalation of cyberwarfare that parallels the ongoing Iran-Israel confrontation. Following Israel’s recent airstrikes…
Snake Keyloggers Exploit Java Utilities to Evade Detection by Security Tools
The S2 Group Intelligence team has uncovered a Russian-origin malware known as Snake Keylogger, a stealer coded in .NET, leveraging legitimate Java utilities to bypass security tools. This operation, distributed via a Malware as a Service (MaaS) model, targets diverse…