A cutting-edge penetration testing tool called BruteForceAI has arrived, bringing automation and artificial intelligence to the art of login page detection and brute-force attacks. Designed for security professionals and researchers, BruteForceAI streamlines two critical stages of a login attack: finding login forms…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Disney to Pay $10 Million Over Children’s Data Privacy Violations
In a landmark settlement announced on September 2, 2025, The Walt Disney Company has agreed to pay a $10 million civil penalty to resolve allegations by the United States Department of Justice that its subsidiaries violated federal law by collecting…
Android Issues Security Update to Patch Actively Exploited 0-Day Flaws
Google has released a critical Android Security Bulletin for September 2025, addressing multiple high-severity vulnerabilities that are currently being actively exploited in the wild. The security patch level 2025-09-05 or later is required to protect Android devices from these serious threats. The security bulletin…
IIS WebDeploy RCE Vulnerability Gets Public PoC
A newly disclosed remote code execution (RCE) vulnerability in Microsoft’s IIS Web Deploy toolchain has captured industry attention after the release of a public proof-of-concept. Tracked as CVE-2025-53772, this flaw resides in the unsafe deserialization logic of the msdeployagentservice and…
Top 10 Best Identity and Access Management (IAM) Tools in 2025
The rise of hybrid workforces and multi-cloud environments has made Identity & Access Management (IAM) more critical than ever. In 2025, a robust IAM solution is the cornerstone of a Zero Trust security model, where no user, device, or application…
Stealthy Python Malware Uses Discord to Steal Windows Data
Inf0s3c Stealer, a stealthy Python-based grabber built to harvest system information and user data from Windows hosts. Packed as a 64-bit PE file compressed with UPX and bundled via PyInstaller, the executable imports a suite of Windows API functions to…
Hackers Use Hexstrike-AI to Exploit Zero-Day Flaws in Just 10 Minutes
Within hours of its release, the newly unveiled framework Hexstrike-AI has emerged as a game-changer for cybercriminals, enabling them to scan, exploit and persist inside targets in under ten minutes. Originally touted as a powerful red-team tool, Hexstrike-AI rapidly morphed into an…
Hijacked by RapperBot: Devices Exploited for Instant DDoS Attacks
A newly uncovered variant of the notorious RapperBot malware is covertly commandeering internet-connected devices—particularly outdated network video recorders (NVRs)—and transforming them into a powerful distributed denial-of-service (DDoS) army in mere moments. Security researchers have detailed a sophisticated exploit chain that…
Jaguar Land Rover Confirms Cyberattack Disrupting Global IT Systems
Jaguar Land Rover (JLR), the UK’s leading luxury automotive manufacturer, has disclosed that it is the victim of a significant cyberattack affecting its global information technology infrastructure. In a statement released early Wednesday, JLR confirmed that an unauthorized intrusion forced…
TinyLoader Malware Spreads via Network Shares and Malicious Shortcut Files on Windows
A sophisticated malware operation that combines multiple attack vectors to steal cryptocurrency and deliver additional malicious payloads to Windows systems. A recently discovered TinyLoader malware campaign is actively targeting Windows users through a multi-pronged attack strategy involving network share exploitation,…
Cloudflare Confirms Data Breach – Customer Data Exposed via Salesforce Attack
Cloudflare has disclosed a significant data breach affecting customer information following a sophisticated supply chain attack targeting its Salesforce integration with Salesloft Drift. The incident, which occurred between August 12-17, 2025, resulted in the exposure of customer support case data…
Top 10 Best API Penetration Companies In 2025
Securing APIs is a critical cybersecurity challenge in 2025 as they are the backbone of modern applications and a prime target for attackers. API penetration testing is no longer an optional check; it’s a necessity for finding business logic flaws,…
ESPHome Vulnerability Allows Unauthorized Access to Smart Devices
A critical authentication bypass flaw in ESPHome’s ESP-IDF web server component allows unauthorized users on the same local network to access and control smart devices without any valid credentials. Discovered and reported by security researcher jesserockz, the vulnerability (CVE-2025-57808) undermines…
Palo Alto Networks Confirms Data Breach via Compromised Salesforce Instances
Cybersecurity vendor Palo Alto Networks disclosed that its Salesforce environment was breached through a compromised Salesloft Drift integration, marking the latest in a series of supply chain attacks targeting customer relationship management platforms. According to a statement from Palo Alto…
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document‐sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and…
Google Dismiss Reports of Major Gmail Security Alert
Google has firmly rejected widespread reports suggesting it issued a global security alert to its 2.5 billion Gmail users, calling such claims “entirely false”. The tech giant moved swiftly to clarify the situation after viral headlines sparked unnecessary panic among…
Mapping the Web of Commercial Spyware: Targets and Attack Chains
A comprehensive new report spanning 2010 to 2025 reveals the ever-evolving landscape of commercial spyware vendors (CSVs), exposing the methods these private firms employ to infiltrate devices, their typical targets, and the infection chains that deliver their covert implants. The…
Massive 11.5 Tbps UDP Flood DDoS Attack Originated From Google Cloud
Cloudflare disclosed that its automated defenses intercepted and neutralized a record-shattering Distributed Denial-of-Service (DDoS) assault peaking at 11.5 terabits per second (Tbps). The attack, characterized as a hyper-volumetric UDP flood, lasted just 35 seconds but set a new industry high…
Iran-Nexus Hackers Exploit Omani Mailbox to Target Governments
A sophisticated spear-phishing campaign that exploited a compromised mailbox belonging to the Ministry of Foreign Affairs of Oman. The operation, attributed to an Iranian-aligned group known as Homeland Justice and linked to Iran’s Ministry of Intelligence and Security (MOIS), masqueraded…
Threat Hunting Guide Designed for SOC Analysts and MSSPs
Proactive threat hunting has become an essential discipline for Security Operations Center (SOC) analysts and Managed Security Service Providers (MSSPs). Traditional detection methods often miss novel or sophisticated adversarial techniques, making it critical for security teams to leverage advanced tools…