Microsoft Threat Intelligence has spotlighted the escalating adoption of the ClickFix social engineering technique, a sophisticated method that manipulates users into executing malicious commands on their devices, bypassing traditional automated security defenses. Observed since early 2024, this tactic has targeted…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Anatsa Malware Escalates: Android Under Siege as Hackers Harvest Credentials and Track Keystrokes
The Zscaler ThreatLabz team has uncovered significant advancements in the Anatsa malware, also known as TeaBot, an Android banking trojan that has been active since 2020. Originally designed for credential theft, keylogging, and facilitating fraudulent transactions, Anatsa has evolved into…
Microsoft to Restrict Use of OnMicrosoft Domains for Email Sending
Microsoft has announced significant restrictions on the use of default onmicrosoft.com domains for email communication, implementing new throttling measures to combat spam and improve email deliverability across its Microsoft 365 platform. Policy Changes Target Spam Prevention The technology giant will…
CISA Warns of Actively Exploited 0-Day Vulnerability in Apple iOS, iPadOS, and macOS
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability affecting Apple iOS, iPadOS, and macOS systems that is being actively exploited in the wild. CVE-2025-43300, an out-of-bounds write vulnerability in Apple’s Image…
Rogue Go Module Doubles as Fast SSH Brute-Forcer, Sends Stolen Passwords via Telegram
Socket’s Threat Research Team has uncovered a deceptive Go module named golang-random-ip-ssh-bruteforce, which masquerades as an efficient SSH brute-forcing tool but secretly exfiltrates stolen credentials to its creator. Published on June 24, 2022, this package remains active on the Go…
AI Systems Capable of Generating Working Exploits for CVEs in Just 10–15 Minutes
Cybersecurity researchers have developed an artificial intelligence system capable of automatically generating working exploits for published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit, fundamentally challenging the traditional security response timeline that defenders rely…
Hackers Target Phones of Military-Linked Individuals in South Asia Using New Spy Tools
Cyber threat actors have launched sophisticated phishing operations aimed at military and government personnel in South Asia, leveraging defense-related lures to distribute malicious archives and applications. Recent detections include ZIP files like “Coordination of the Chief of Army Staff’s Visit…
Stealth Threat Unpacked: Weaponized RAR Files Deliver VShell Backdoor on Linux Systems
Trellix Advanced Research Center has exposed an infection chain that weaponises nothing more than a filename to compromise Linux hosts. A spam message masquerading as a beauty-product survey offers a small reward and carries a RAR archive, yy.rar. When unpacked,…
Malicious PDFs in Play: UAC-0057 Leveraging Invitations to Trigger Shell Script Attacks
The Belarusian-affiliated threat actor UAC-0057, also known as UNC1151, FrostyNeighbor, or Ghostwriter, has been using weaponized archives that contain phony PDFs that are posing as official invitations and documents to target organizations in Poland and Ukraine in a sophisticated cyber…
Colt Confirms Ransomware Attack Resulted in Customer Data Theft
Industrial technology company Colt has confirmed that a recent ransomware attack on its business support systems resulted in the theft of customer data, marking the latest in a series of high-profile cybersecurity incidents affecting critical infrastructure providers. The company disclosed…
Azure Default API Connection Flaw Enables Full Cross-Tenant Compromise
A critical security vulnerability in Microsoft Azure’s API Connection architecture has been discovered that could allow attackers to completely compromise resources across different tenant environments, potentially exposing sensitive data stored in Key Vaults, Azure SQL databases, and third-party services like…
NIST Releases New Control Overlays to Manage Cybersecurity Risks in AI Systems
The National Institute of Standards and Technology (NIST) has unveiled a comprehensive initiative to address the growing cybersecurity challenges associated with artificial intelligence systems through the release of a new concept paper and proposed action plan for developing NIST SP…
14 Million-Download SHA JavaScript Library Exposes Users to Hash Manipulation Attacks
A critical security vulnerability has been discovered in the widely-used sha.js npm package, exposing millions of applications to sophisticated hash manipulation attacks that could compromise cryptographic operations and enable unauthorized access to sensitive systems. The vulnerability, designated CVE-2025-9288, affects all…
Windows Docker Desktop Vulnerability Allows Full Host Compromise
A critical vulnerability in Docker Desktop for Windows has been discovered that allows any container to achieve full host system compromise through a simple Server-Side Request Forgery (SSRF) attack. The flaw, designated CVE-2025-9074, was patched in Docker Desktop version 4.44.3…
New HTTP Smuggling Technique Allows Hackers to Inject Malicious Requests
Cybersecurity researchers have uncovered a sophisticated HTTP request smuggling attack that exploits inconsistent parsing behaviors between front-end proxy servers and back-end application servers. This newly discovered technique leverages malformed chunk extensions to bypass security controls and inject unauthorized requests into…
ChatGPT-5 Downgrade Attack Allows Hackers to Evade AI Defenses With Minimal Prompts
Security researchers from Adversa AI have uncovered a critical vulnerability in ChatGPT-5 and other major AI systems that allows attackers to bypass safety measures using simple prompt modifications. The newly discovered attack, dubbed PROMISQROUTE, exploits AI routing mechanisms that major…
Threat Actors Exploiting Victims’ Machines for Bandwidth Monetization
Cybersecurity researchers have uncovered an ongoing campaign where threat actors exploit the critical CVE-2024-36401 vulnerability in GeoServer, a geospatial database, to remotely execute code and monetize victims’ bandwidth. This remote code execution flaw, rated at a CVSS score of 9.8,…
Hackers Weaponize QR Codes With Malicious Links to Steal Sensitive Data
Quishing, a powerful form of phishing that uses malicious hyperlinks contained in QR codes to expose user credentials and sensitive data, has surfaced in the ever-changing field of cybersecurity threats. Unlike traditional phishing, which relies on clickable links or deceptive…
AI Website Generators Repurposed by Adversaries for Malware Campaigns
Adversaries are using AI-powered website builders to expedite the development of harmful infrastructure in a quickly changing threat landscape, hence reducing the entry barriers for malware distribution and credential phishing. Platforms like Lovable, which enable users to generate fully functional…
Warlock Ransomware Exploits SharePoint Flaws for Initial Access and Credential Theft
The Warlock ransomware group has intensified its operations by targeting unpatched on-premises Microsoft SharePoint servers, leveraging critical vulnerabilities to achieve remote code execution and initial network access. This campaign, observed in mid-2025, involves sending crafted HTTP POST requests to upload…