The Australian Cyber Security Centre (ACSC) has issued an urgent warning about a critical vulnerability in SonicWall firewall devices that is being actively exploited by threat actors. The flaw, tracked as CVE-2024-40766, affects SonicOS management access and SSLVPN functionality across…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Chrome Extension Scam Exposed: Hackers Stealing Meta Accounts
A sophisticated campaign targeting Meta advertisers through fake AI-powered ad optimization tools has been uncovered, with cybercriminals deploying malicious Chrome extensions to steal credentials and hijack business accounts. Cybereason Security Services has identified an evolving malicious Chrome extension campaign that…
Hackers Reap Minimal Gains from Massive npm Supply Chain Breach
On September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to compromise the account of well-known npm developer Qix, subsequently publishing malicious releases for several widely-used…
Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using Safari
A recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could only be exploited on the Safari browser.…
Dell PowerProtect Data Manager Flaw Allows System Compromise by Attackers
Dell has released a critical security update for its PowerProtect Data Manager (PPDM) platform, addressing multiple vulnerabilities that could allow attackers to compromise systems and execute arbitrary commands. The security advisory DSA-2025-326 reveals several high-severity flaws affecting versions 19.19 and…
CyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research Institutions
CyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom. Operating with pro-Russian leanings, CyberVolk specifically targets states perceived as hostile to Russian…
Multiple Vulnerabilities in GitLab Patched, Blocking DoS and SSRF Attack Vectors
GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure. The company released versions 18.3.2, 18.2.6, and 18.1.6 for both Community Edition and Enterprise Edition,…
AsyncRAT Leverages Fileless Techniques to Bypass Detection
Fileless malware has become a formidable adversary for security teams, operating entirely in memory and evading disk-based detection. A recent incident demonstrates how attackers leveraged a multi-stage fileless loader to deploy AsyncRAT, a powerful Remote Access Trojan (RAT), through legitimate…
Meta Verified Scam Ads on Facebook Steal User Account Details
Content creators and small businesses are facing a sophisticated new threat targeting their Facebook accounts through deceptive advertisements promising free Meta verification badges. A new malvertising campaign is targeting Facebook users with malicious ads that promise to unlock Meta’s coveted…
Kikimora Announces Launch of Kikimora Agent: Accessible AI-Powered Cybersecurity Platform for SME Security
Sofia, Bulgaria, September 10th, 2025, CyberNewsWire Kikimora, a cybersecurity specialist and a product developer, has announced the launch of Kikimora Agent, a new AI-powered platform providing accessible cybersecurity management, vulnerability detection, and asset monitoring for businesses, individuals, and students. Kikimora…
Apple CarPlay Vulnerability Allows Remote Code Execution to Gain Root Access
A newly disclosed vulnerability in Apple’s CarPlay ecosystem enables remote code execution with root privileges, posing a serious risk to connected vehicles. Discovered by the Oligo Security Research team and tracked as CVE-2025-24132, the flaw resides within the AirPlay protocol implementation used…
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics…
Google Drive Desktop for Windows Flaw Lets Users Gain Full Access to Others’ Drives
Millions of people and businesses trust Google Drive every day to store important files like contracts, reports, photos, and research papers. The desktop app for Windows promises secure and seamless syncing of files between local folders and the cloud. Yet…
Amp’ed RF BT-AP 111 Bluetooth Access Point Vulnerability Enables Admin Takeover
The Amp’ed RF BT-AP 111 Bluetooth Access Point has been discovered to expose its HTTP-based administrative interface entirely without authentication controls, enabling unauthenticated attackers with network access to seize full administrative privileges. This critical security oversight undermines fundamental defensive measures…
Critical Flaws in Microsoft Office Enable Remote Code Execution by Attackers
Microsoft has disclosed two serious security vulnerabilities in its Office suite that allow attackers to execute arbitrary code on affected systems. Both flaws were publicly released on September 9, 2025, and have been assigned CVE identifiers CVE-2025-54910 and CVE-2025-54906. These…
HackerOne Data Breach, Hackers Illegally Access Salesforce Environment
HackerOne, a leading vulnerability coordination platform, has confirmed that its Salesforce environment was compromised in a recent third-party data breach. The incident stemmed from an attack on the Drift application provided by Salesloft, which allowed unauthorized actors to gain entry…
Threat Actor’s Self-Deployment of EDR Exposes Their Tools and Workflows
In a twist of fate that underscores both the power and inherent transparency of endpoint detection and response (EDR) solutions. By investigating alerts generated through this deployment, the Huntress Security Operations Center (SOC) gained unprecedented insight into the adversary’s day-to-day…
Hackers Impersonate Google AppSheet in Latest Phishing Campaign
The cybersecurity landscape has witnessed a novel phishing campaign that weaponizes Google’s no-code platform, AppSheet, to harvest user credentials. By abusing AppSheet’s trusted email infrastructure, attackers are bypassing traditional security controls and delivering malicious content from legitimate domains. This development…
Windows BitLocker Flaw Allows Privilege Escalation by Attackers
Microsoft has released a warning about two serious security flaws in Windows BitLocker that could allow attackers to gain elevated privileges on affected machines. These vulnerabilities, tracked as CVE-2025-54911 and CVE-2025-54912, were publicly disclosed on September 9, 2025. Both issues…
GONEPOSTAL Malware Exploits Outlook for Stealthy Command-and-Control
A sophisticated espionage campaign leveraging a previously unknown malware strain dubbed GONEPOSTAL, attributed to the notorious Russian state-sponsored group KTA007, better known as Fancy Bear or APT28. The malware transforms Microsoft Outlook into a covert command and control channel, representing…