The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability in Git (CVE-2025-48384) that enables arbitrary file writes and has already been observed in active exploitation campaigns. The flaw arises from Git’s inconsistent handling…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Threat Actors Update Android Droppers to Remain Effective with Even Simple Malware
Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers served as innocuous entry points for payloads requiring elevated…
Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection
Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China’s strategic interests, primarily targeted diplomats…
Users of WhatsApp Desktop on Windows Face Code Execution Risk Via Python
A critical security risk has emerged for Windows users of WhatsApp Desktop who also have Python installed. Attackers can exploit a flaw in how WhatsApp Desktop handles .pyz (Python archive) files, delivering arbitrary code execution on the victim’s machine with a single…
Maryland Transportation Systems Disrupted Following Cyberattack
Maryland’s transit network experienced widespread disruption this week after a sophisticated cyberattack targeted critical information systems, forcing the Maryland Transit Administration (MTA) and the Department of Information Technology (DoIT) to scramble containment efforts. While most core services remain operational, significant…
X/Twitter Found to Be Most Aggressive Social Media App in Tracking User Location Data
A comprehensive study examining the location data practices of the top 10 social media platforms has uncovered concerning patterns of user tracking that extend far beyond what most users realize. The research, which analyzed App Store disclosures from major platforms…
French Retailer Auchan Hit by Cyberattack, Customer Data Compromised
French retail giant Auchan announced on August 21 that it fell victim to a cyberattack that resulted in the theft of loyalty account information belonging to several hundred thousand customers. The company revealed in an official statement that attackers accessed personal data such as…
Hackers Scan Over 1,000 IPs to Target Microsoft Remote Desktop Web Access
A sophisticated scanning campaign has escalated dramatically, with threat intelligence firm GreyNoise detecting over 30,000 unique IP addresses simultaneously probing Microsoft Remote Desktop Protocol (RDP) services on August 24, 2024. This represents a significant expansion from an initial wave of nearly 2,000…
CISA Issues Alert on Citrix Flaws Actively Exploited by Hackers
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert after adding three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025. The alert highlights active exploitation of two serious Citrix Session Recording…
ThreatActors Leverage Google Classroom to Target 13,500 Organizations
Google Classroom, a popular educational platform, has been exploited by threat actors to launch a major phishing campaign in a complex operation discovered by Check Point researchers. Over a single week from August 6 to August 12, 2025, attackers disseminated…
New Stealthy Malware Hijacking Cisco, TP-Link, and Other Routers for Remote Control
FortiGuard Labs has uncovered a sophisticated malware campaign targeting critical infrastructure devices from multiple vendors, with the “Gayfemboy” malware strain demonstrating advanced evasion techniques and multi-platform capabilities. The campaign affects organizations globally, exploiting vulnerabilities in DrayTek, TP-Link, Raisecom, and Cisco…
Beware! Google Ads Promote Fake Tesla Websites Soliciting Fraudulent Deposits
Scammers are using Google Ads to pose as Tesla in an elaborate cybercrime campaign that aims to obtain illicit preorders for the company’s unreleased Optimus humanoid robot and other items. These deceptive sponsored listings appear prominently in search results for…
Hackers Disrupt Iranian Ships via Maritime Communication Terminals Exploiting MySQL Database
The National Iranian Tanker Company (NITC) and Islamic Republic of Iran Shipping Lines (IRISL), two sanctioned companies, are the operators of 64 boats, 39 tankers, and 25 cargo ships that were compromised in a targeted attack on Iran’s maritime infrastructure…
Proxyware Malware Poses as YouTube Video Download Site, Delivering Malicious JavaScript
Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a persistent campaign where attackers distribute proxyware malware through fake YouTube video download pages. This operation, which mimics legitimate video downloading services, tricks users into installing malicious executables disguised as…
Fake Google Play Store Websites Deliver Potent RAT to Steal Sensitive Data
Cybersecurity researchers have uncovered a persistent campaign deploying the AndroidOS SpyNote malware, a sophisticated Remote Access Trojan (RAT) designed for surveillance, data exfiltration, and remote device control. This operation mimics legitimate Google Play Store pages for popular Android apps, tricking…
Chinese APT Leverages Proxy and VPN Services to Obfuscate Infrastructure
A significant data dump surfaced on DDoSecrets.com, purportedly extracted from a workstation belonging to a threat actor targeting organizations in South Korea and Taiwan. The leak, detailed in an accompanying article, attributes the activity to the North Korean advanced persistent…
Multiple vtenext Flaws Allow Attackers to Bypass Authentication and Run Remote Code
Security researcher Mattia “0xbro” Brollo disclosed a trio of severe vulnerabilities in vtenext CRM (versions 25.02 and earlier) that enable unauthenticated attackers to completely bypass login controls and execute arbitrary code on affected installations. Although vtenext quietly patched one of…
New Android Spyware Masquerading as Antivirus Targets Business Executives
Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware, designated Android.Backdoor.916.origin, which has been evolving since its initial detection in January 2025. This multifunctional spyware primarily targets representatives of Russian businesses through targeted attacks rather than mass distribution.…
Hackers Use AI-Generated Summaries to Deliver Ransomware Payloads
Cybercriminals have unveiled a novel variation of the ClickFix social engineering technique that weaponizes AI-powered summarization tools to stealthily distribute ransomware instructions. By leveraging invisible prompt injection and a “prompt overdose” strategy, attackers embed malicious directives within hidden HTML elements…
Attaxion Releases Agentless Traffic Monitoring for Immediate Risk Prioritization
Dover, DE, United States, August 25th, 2025, CyberNewsWire Attaxion announces the addition of the Agentless Traffic Monitoring capability to its exposure management platform. Agentless Traffic Monitoring is a new capability designed to give cybersecurity teams actionable visibility into network traffic flowing to and…