The Everest hacking group has allegedly claimed responsibility for a major cyberattack on Nissan Motor Co., Ltd., one of Japan’s leading automotive manufacturers. According to threat intelligence reports observed on January 10, 2026, the cybercriminal organization claims to have exfiltrated…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Critical InputPlumber Flaw Enables UI Input Injection and Denial-of-Service
Security researchers have discovered critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, that could allow attackers to inject keystrokes, leak sensitive information, and cause denial-of-service conditions. The flaws, tracked as CVE-2025-66005 and CVE-2025-14338, affect InputPlumber versions…
Researchers Uncover 28 Unique IPs and 85 Domains Hosting Carding Markets
Between July and December 2025, cybersecurity firm Team Cymru conducted an extensive analysis of carding infrastructure, revealing a sophisticated network comprising 28 unique IP addresses and 85 domains that actively host illicit carding markets and forums. The research employed technical…
EDRStartupHinder: Blocks Antivirus & EDR at Windows 11 25H2 Startup (Defender Included)
A cybersecurity researcher has unveiled EDRStartupHinder, a proof-of-concept tool that prevents antivirus and endpoint detection and response (EDR) solutions from launching during Windows startup, including Microsoft Defender on Windows 11 25H2. The technique exploits Windows Bindlink API functionality through the bindflt.sys…
Critical zlib Flaw Let Attackers Can Trigger a Buffer Overflow via untgz
A severe buffer overflow vulnerability has been discovered in the zlib untgz utility, affecting version 1.3.1.2, allowing attackers to trigger memory corruption via maliciously crafted command-line arguments. The vulnerability resides in the TGZfname() function, where an unbounded strcpy() call copies…
New “Penguin” Platform Sells Pig-Butchering Kits, PII, and Stolen Accounts
The industrialization of pig butchering scams has reached a critical tipping point. A sprawling Pig Butchering-as-a-Service (PBaaS) economy has emerged across Southeast Asia, offering turnkey scam platforms, stolen identities, pre-registered SIM cards, mobile applications, payment infrastructure, and shell company formation services.…
Massive Instagram Data Breach Exposes Personal Details of 17.5 Million Users
A staggering cybersecurity incident has come to light, with 17.5 million Instagram users’ personal information exposed in a data breach advertised on dark web marketplaces. Cybersecurity firm Malwarebytes first alerted the public via X (formerly Twitter), confirming the leak’s severity…
Cybercriminals Exploit Maduro Arrest News to Spread Backdoor Malware
Cybercriminals are leveraging reports of Venezuelan President Nicolás Maduro’s arrest on January 3, 2025, to distribute backdoor malware through a sophisticated social engineering campaign. Security researchers at Darktrace have uncovered a malicious operation that exploits this high-profile geopolitical event to…
OWASP CRS Vulnerability Enables Charset Validation Bypass
A newly disclosed vulnerability in the OWASP Core Rule Set (CRS) allows attackers to bypass charset validation in web application firewalls (WAFs), enabling dangerous payloads to reach backend applications. Tracked as CVE-2026-21876, the flaw affects CRS rule 922110 and can expose applications to cross-site scripting (XSS) and other…
Best Ways to Learn Everything About Investing in Bitcoin
Bitcoin is a digital asset and a payment system invented by Satoshi Nakamoto. Transactions are verified by network nodes through cryptography and recorded in a public dispersed ledger called a blockchain. Bitcoin is unique in that there is a finite…
xRAT Malware Targets Windows Users via Fake Adult Game
AhnLab Security Intelligence Center (ASEC) has uncovered a dangerous distribution campaign targeting Windows users through Korean web hard services. Threat actors are leveraging xRAT (QuasarRAT) malware, disguising it as legitimate adult game content to deceive unsuspecting users into downloading and…
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials
Arctic Wolf Labs has uncovered a new ransomware variant dubbed “Fog” striking US organizations, primarily in education and recreation, through hijacked VPN access. First spotted on May 2, 2024, the attacks highlight vulnerabilities in remote access tools and the rapid…
Microsoft Introduces Teams External Collaboration Administrator Role
Microsoft is expanding its administrative capabilities in Teams by introducing a new built-in role called Teams External Collaboration Administrator. This specialized RBAC role enables organizations to delegate external collaboration management without granting full Teams admin permissions. Rollout Timeline The new role will begin rolling…
Microsoft Mandates MFA for Microsoft 365 Admin Center Access
Microsoft is tightening security for its cloud customers by making multi-factor authentication mandatory for anyone accessing the Microsoft 365 admin center, effectively ending password-only logins for high-privilege admin portals. The enforcement will fully kick in on February 9, 2026, following a phased rollout that…
New “Ghost Tap” Attack Hijacks Android Phones to Drain Bank Accounts
Chinese threat actors are weaponizing NFC technology to steal funds from victims’ bank remotely accounts through sophisticated Android malware campaigns, with security researchers identifying at least $355,000 in fraudulent transactions from a single operation. Group-IB researchers have uncovered a sprawling…
ChatGPT Health: A New Secure Space for Trusted Health and Medical Conversations
ChatGPT Health is launching as a dedicated health-focused version of ChatGPT that combines personalized health data with stronger privacy and security controls to support not replace conversations with clinicians. The new experience isolates health chats, encrypts data with additional protections, and allows users to securely connect medical…
Cisco ISE Vulnerability Enables Access to Sensitive Data
Cisco has disclosed a new XML External Entity (XXE) vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could allow authenticated attackers with administrative access to read sensitive data from the underlying operating system.…
Trump Signals Possible Cyber Involvement in Caracas Power Loss During Maduro Extraction
President Donald Trump has strongly hinted that the United States used offensive cyber capabilities to help plunge Caracas into darkness during the operation to capture Venezuelan leader Nicolás Maduro an unusually public nod to U.S. cyber power. The blackout, which coincided with pre-dawn…
New DocuSign-Themed Phishing Scam Delivers Stealth Malware to Windows Devices
New research has uncovered a sophisticated phishing campaign that abuses DocuSign’s brand to deliver Vidar malware and infect Windows systems. The operation uses a realistic phishing site, a fake signed installer, access-code checks, and timebased execution barriers to evade both users and automated analysis. DocuSign-themed phishing…
New OAuth Attack Lets Hackers Bypass Microsoft Entra Authentication and Steal Keys
In a year-end tradition that has become all too familiar for cybersecurity defenders, researchers have uncovered a novel attack vector targeting Microsoft Entra ID that weaponizes legitimate OAuth 2.0 authentication flows to harvest privileged access tokens. The technique, dubbed “ConsentFix”…