Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Amazon’s cybersecurity team has successfully disrupted a sophisticated watering hole campaign orchestrated by APT29, a notorious hacking group linked to Russia’s Foreign Intelligence Service. The August 2025 operation represents the latest chapter in an ongoing cyber warfare battle between tech…

Read more →

WhatsApp has issued a critical security advisory addressing a newly discovered zero-day vulnerability, tracked as CVE-2025-55177, which has been exploited in highly sophisticated zero-click attacks targeting Mac and iOS users. The vulnerability, combined with an OS-level flaw (CVE-2025-43300), has raised…

Read more →

A clandestine campaign in which threat actors are weaponizing a legitimate-looking PDF document, titled “국가정보연구회 소식지 (52호)” (National Intelligence Research Society Newsletter – Issue 52), alongside a malicious Windows shortcut (LNK) file named 국가정보연구회 소식지(52호).pdf.LNK. The attackers distribute both files…

Read more →

A sophisticated backdoor in AppSuite PDF Editor that enables threat actors to execute arbitrary commands on compromised Windows systems. Initially flagged as a potentially unwanted program due to its aggressive installation behavior, AppSuite’s true nature was revealed when its malicious…

Read more →

A recently uncovered vulnerability in the Visual Studio Code (VS Code) Marketplace has allowed malicious actors to hijack discontinued extension names and slip malware past unsuspecting developers. In June, ReversingLabs (RL) researchers discovered a new malicious extension, ahbanC.shiba, that bore…

Read more →

Virustotal today unveiled a powerful addition to its Code Insight suite: a dedicated API endpoint that accepts code snippets—either disassembled or decompiled—and returns succinct summaries and detailed descriptions tailored for malware analysts. Launched over two years after the debut of…

Read more →

On August 28, 2025, the Hikvision Security Response Center (HSRC) issued Security Advisory SN No. HSRC-202508-01, detailing three critical vulnerabilities affecting various HikCentral products. Collectively assigned CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247, these vulnerabilities range in severity from moderate to…

Read more →

A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats. Security researchers have confirmed that malicious versions of Nx—numbered 20.9.0 through…

Read more →

In a significant data breach disclosed by TransUnion LLC, more than 4.4 million consumers had sensitive personal information compromised in late July 2025. The credit reporting agency, headquartered at 555 W. Adams Street in Chicago, Illinois, revealed the incident on…

Read more →

In a concerning development for enterprise security, cybercriminals have begun exploiting Microsoft Teams—long trusted as an internal messaging and collaboration tool—to deliver PowerShell-based malware and gain unauthorized remote access to Windows systems. By impersonating IT support personnel and leveraging social…

Read more →

Cybercriminals are increasingly turning their sights from desktop to mobile, exploiting Meta’s advertising platform to distribute a sophisticated Android banking trojan disguised as a free TradingView Premium app. Bitdefender Labs warns that these threat actors have shifted tactics after months…

Read more →

DPRK IT workers have leveraged popular code-sharing platforms such as GitHub, CodeSandbox, and Medium to cultivate convincing developer portfolios and land remote positions under fabricated identities. Investigations reveal approximately 50 active GitHub profiles operated by North Korean actors, supplemented by…

Read more →

A sophisticated new Mac malware campaign has emerged that exploits users’ trust in free online PDF conversion tools, demonstrating how cybercriminals continue to evolve their tactics to bypass modern security measures. Cybersecurity firm Mosyle has exclusively disclosed the discovery of…

Read more →

A sophisticated new Mac malware campaign has emerged that exploits users’ trust in free online PDF conversion tools, demonstrating how cybercriminals continue to evolve their tactics to bypass modern security measures. Cybersecurity firm Mosyle has exclusively disclosed the discovery of…

Read more →

A sophisticated campaign by the Silver Fox APT group that exploits a previously unknown vulnerable driver to bypass endpoint detection and response (EDR) and antivirus solutions on fully updated Windows 10 and 11 systems. Check Point Research (CPR) revealed on…

Read more →

When web application protection is no longer a million-dollar luxury, and when every developer can build their own security perimeter with just a few clicks—that is when cybersecurity truly fulfills its mission. As a penetration tester, I’ve used zero-days to…

Read more →

The State of Nevada became the target of a significant cyberattack which resulted in a substantial network security incident impacting government infrastructure across multiple agencies. According to an official communication from the Governor’s Technology Office, state officials rapidly identified the…

Read more →

Cisco has released urgent security updates to remediate a high-severity vulnerability in its Integrated Management Controller (IMC) virtual keyboard video monitor (vKVM) module that could allow unauthenticated, remote attackers to hijack sessions and redirect users to malicious websites. The flaw,…

Read more →

Cisco has released urgent security updates to remediate two medium-severity command injection vulnerabilities in its UCS Manager Software that could allow authenticated administrators to execute arbitrary commands and compromise system integrity. Disclosed on August 27, 2025, the advisory (cisco-sa-ucs-multi-cmdinj-E4Ukjyrz) affects…

Read more →

Researchers from the Counter Threat Unit (CTU) at Sophos uncovered a sophisticated intrusion where threat actors repurposed the legitimate open-source Velociraptor digital forensics and incident response (DFIR) tool to establish unauthorized remote access within targeted networks. Velociraptor, designed for endpoint…

Read more →