The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarm over active exploitation of a critical privilege escalation vulnerability affecting Broadcom’s VMware Tools and VMware Aria Operations. Tracked as CVE-2025-41244, this 0-day flaw poses significant risk to organizations managing virtualized…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Kimsuky and Lazarus Hackers Deploy New Backdoor Tools for Remote Access Attacks
North Korean state-sponsored threat actors have escalated their cyber operations with the deployment of sophisticated new malware variants designed to establish persistent backdoor access to compromised systems. Recent investigations by threat intelligence researchers have uncovered two distinct toolsets from prominent…
Massive Great Firewall Leak Exposes 500GB of Censorship Data
In a historic breach of China’s censorship infrastructure, over 500 gigabytes of internal data were leaked from Chinese infrastructure firms associated with the Great Firewall (GFW) in September 2025. Researchers now estimate the full dump is closer to approximately 600…
New Agent-Aware Cloaking Technique Uses ChatGPT Atlas Browser to Feed Fake Content
Security researchers have uncovered a sophisticated attack vector that exploits how AI search tools and autonomous agents retrieve web content. The vulnerability, termed “agent-aware cloaking,” allows attackers to serve different webpage versions to AI crawlers like OpenAI’s Atlas, ChatGPT, and…
Malicious Multilingual ZIP Files Strike Banks and Government Offices
A sophisticated phishing campaign leveraging multilingual ZIP file lures has emerged across East and Southeast Asia, targeting government institutions and financial organizations with unprecedented coordination. Security researchers utilizing Hunt.io’s AttackCapture™ and HuntSQL™ datasets have uncovered an interconnected network of 28…
CISA Publishes New Guidance to Strengthen Microsoft Exchange Server Security
The Cybersecurity and Infrastructure Security Agency (CISA), working alongside the National Security Agency and international cybersecurity partners, has released a comprehensive security guidance document focused on hardening Microsoft Exchange servers against evolving threats. The Microsoft Exchange Server Security Best Practices…
Lampion Stealer Resurfaces with ClickFix Attack to Steal User Credentials Stealthily
A Brazilian cybercriminal group has refined its long-running malware distribution campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, which has operated continuously since at least June 2024 following its…
Threat Actors Abuse AzureHound Tool to Enumerate Azure and Entra ID Environments
The cybersecurity landscape continues to shift toward cloud-based attacks, with threat actors increasingly exploiting legitimate security tools for malicious reconnaissance. AzureHound, a penetration testing utility designed for authorized security professionals, has become a weapon of choice for attackers seeking to…
Critical Blink Vulnerability Lets Attackers Crash Chromium Browsers in Seconds
Security researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks. The vulnerability, called Brash, allows malicious actors to completely crash Chrome, Edge, Brave, Opera, and other…
Airstalk Malware: Multi-Threaded C2 Steals Windows Logins
Cybersecurity researchers have uncovered a sophisticated Windows malware family dubbed Airstalk, which leverages legitimate mobile device management infrastructure to establish covert command-and-control communications and exfiltrate sensitive browser credentials. The malware, available in both PowerShell and .NET variants, has been linked…
NFC Relay Attack: 700+ Android Apps Harvest Banking Login Details
A sophisticated cybercrime campaign leveraging Near Field Communication technology has exploded across multiple continents, with researchers at zLabs identifying over 760 malicious Android applications designed to steal banking credentials and facilitate fraudulent transactions. What initially appeared as isolated incidents in…
Critical RediShell RCE Vulnerability Threatens 8,500+ Redis Deployments Worldwide
A critical security vulnerability in Redis’s Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks. The RediShell RCE vulnerability, tracked as CVE-2025-49844, was publicly disclosed in early October 2025 by cloud security firm Wiz,…
New Attack Chains Ghost SPNs and Kerberos Reflection to Elevate SMB Privileges
Microsoft has addressed a critical privilege escalation vulnerability affecting Windows environments worldwide. Attackers can exploit misconfigured Service Principal Names (SPNs) combined with Kerberos reflection attacks to gain SYSTEM-level access on domain-joined machines, even when previous Kerberos mitigations are in place.…
New Malware Infects WooCommerce Sites Through Fake Plugins to Steal Credit Card Data
A sophisticated malware campaign is actively targeting WordPress e-commerce websites using the WooCommerce plugin, according to recent findings from the Wordfence Threat Intelligence Team. The malware campaign, which employs advanced evasion techniques and multi-layered attack strategies, disguises itself as a…
Privilege Escalation Exploit Targets Windows Cloud Files Minifilter
Microsoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern for systems utilising OneDrive and similar cloud…
Chrome 142 Update Patches 20 Security Flaws Enabling Code Execution
Google has released Chrome version 142 to the stable channel, addressing multiple critical security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, now rolling out to Windows, Mac, and Linux users, contains fixes for…
12 Malicious Extensions in VSCode Marketplace Steal Source Code and Exfiltrate Login Credentials
The VSCode extension marketplace has become a critical vulnerability in the software supply chain. Security researchers at HelixGuard Team recently discovered 12 malicious extensions operating within the Microsoft VSCode Marketplace and OpenVSX, with four remaining active despite their detection. These…
WordPress Plugin Vulnerability Lets Attackers Read Any Server File
A critical security flaw has been discovered in the Anti-Malware Security and Brute-Force Firewall WordPress plugin, putting more than 100,000 websites at risk. The vulnerability, identified as CVE-2025-11705, allows authenticated attackers with basic subscriber-level access to read any file stored…
CISA Alerts on Active Exploitation of WSUS Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about active exploitation of a critical vulnerability affecting Windows Server Update Service (WSUS). The agency updated its alert on October 29, 2025, adding crucial information about identifying vulnerable…
PhantomRaven Attack Discovered in 126 Malicious npm Packages, Exceeding 86,000 Downloads
The global developer community has been rocked by the emergence of PhantomRaven, a far-reaching campaign involving 126 malicious npm packages with more than 86,000 downloads. Lurking beneath the surface, these packages actively steal npm tokens, GitHub credentials, and CI/CD secrets…