Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Cybersecurity firm Silent Push has exposed a colossal illegal Internet Protocol Television (IPTV) network, revealing a sophisticated piracy operation that has been active for years across more than 1,000 domains and over 10,000 unique IP addresses. The findings highlight the…

Read more →

Security teams have issued a warning after Google researchers detected active attacks exploiting a new zero-day vulnerability in Sitecore products. Tracked as CVE-2025-53690, this flaw allows attackers to run code on unpatched servers by tampering with the ViewState mechanism in ASP.NET.…

Read more →

Security researchers revealed that three unauthorized TLS certificates were issued in May 2025 for 1.1.1.1, the widely used public DNS service run by Cloudflare and APNIC. These certificates, improperly issued by the Fina RDC 2020 certificate authority, could allow attackers…

Read more →

A highly sophisticated phishing campaign is targeting PayPal users with a deceptive email designed to grant scammers direct access to their accounts. The attack, which has been circulating for at least a month, uses a clever trick that bypasses traditional…

Read more →

Malicious actors have found a new way to slip harmful links into X’s promoted posts by tricking Grok, the platform’s AI assistant. Although X explicitly bans links in paid promotions to curb malvertising, scammers now harness Grok’s content amplification to…

Read more →

Cybersecurity researchers have identified a sophisticated evolution in XWorm malware operations, with the backdoor campaign implementing advanced tactics to evade detection systems. The Trellix Advanced Research Center has documented this significant shift in the malware’s deployment strategy, revealing a deliberate…

Read more →

Russian state-sponsored hackers have developed a sophisticated new backdoor malware called “NotDoor” that specifically targets Microsoft Outlook users, enabling attackers to steal sensitive data and gain complete control over compromised systems. The NotDoor malware has been attributed to APT28, the…

Read more →

PagerDuty has confirmed that it experienced a data breach following a compromise of its Salesforce account. The company was first alerted to the issue by Salesloft on August 20, 2025, when Salesloft notified PagerDuty of a security problem in the…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a serious security hole in certain TP-Link devices. This flaw, tracked as CVE-2020-24363, allows an attacker on the same network to take control without needing a password.…

Read more →

A newly discovered vulnerability in the AI supply chain—termed Model Namespace Reuse—permits attackers to achieve Remote Code Execution (RCE) across major AI platforms, including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source projects. By re-registering abandoned or…

Read more →

The recently emerged DireWolf ransomware group has launched a sophisticated new campaign targeting Windows systems worldwide, employing ruthless tactics to delete event logs, erase backup-related data, and thwart recovery efforts. First sighted in May 2025, DireWolf has rapidly escalated its…

Read more →

More than 1,100 instances of Ollama—a popular framework for running large language models (LLMs) locally—were discovered directly accessible on the public internet, with approximately 20% actively hosting vulnerable models that could be exploited by unauthorized parties. Cisco Talos specialists made…

Read more →

A low-severity security issue in Apache DolphinScheduler has been addressed in the latest release. Identified as CVE-2024-43166 and classified under CWE-276: Incorrect Default Permissions, this vulnerability affects all DolphinScheduler versions prior to 3.2.2. Users are strongly advised to upgrade to…

Read more →

Google has released Chrome 140 to the stable channel for Windows, Mac, and Linux. This update will roll out to users over the coming days and weeks. The new version, 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, delivers…

Read more →

NVIDIA today released critical security updates for its BlueField, ConnectX, DOCA, Mellanox DPDK, Cumulus Linux, and NVOS products. The Partner Security Bulletin addresses multiple vulnerabilities that could allow denial of service (DoS), escalation of privileges (EoP), and information disclosure. Customers…

Read more →

The U.S. District Court for the District of Columbia today imposed landmark remedies in the Justice Department’s monopolization case against Google, ordering the tech giant to share critical search data with competitors and outlawing exclusive distribution agreements for its flagship…

Read more →

A sophisticated backdoor, MystRodX, that exploits DNS and ICMP protocols to stealthily activate and exfiltrate data from compromised systems. Deployed via a dropper disguised as a Mirai variant, MystRodX remained undetected for over 20 months by hiding its activation logic…

Read more →

The BC-SECURITY team has released a major update to its flagship offensive security framework, Empire, introducing enhanced agent capabilities and comprehensive API support designed to streamline post-exploitation operations and adversary emulation for Red Teams and penetration testers worldwide. Enhanced Features Drive…

Read more →

An industrial-scale phishing campaign exploiting Google Cloud and Cloudflare infrastructure operated in plain sight for more than three years, targeting Fortune 500 companies and siphoning millions in potential revenue while evading detection. Deep Specter Research’s investigation reveals the depth of…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a high-severity alert (ICSA-25-245-03) regarding a critical vulnerability in SunPower’s PVS6 solar inverter series that allows attackers on adjacent networks to gain complete control of the device. Rated 9.4 out of…

Read more →