A security flaw in Zabbix Agent and Agent2 for Windows has been discovered that could allow a local attacker to gain higher system privileges. The issue, tracked as CVE-2025-27237, stems from the way the agent loads its OpenSSL configuration file.…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
TamperedChef Malware Disguised as PDF Editor Hijacks Browser Credentials and Opens Backdoors
A sophisticated malware campaign dubbed TamperedChef has successfully compromised European organizations by masquerading as a legitimate PDF editor application, according to new research from WithSecure’s Strategic Threat Intelligence & Research Group (STINGR). The campaign demonstrates how threat actors can leverage…
Integrate Gemini CLI into Your Kali Terminal to Speed Up Pentesting Tasks
With the release of Kali Linux 2025.3, penetration testers and security professionals gain access to an innovative AI-powered assistant, the Gemini Command-Line Interface (CLI). This open-source package brings Google’s Gemini AI directly into the terminal, offering natural language–driven automation for…
Technical Details and Exploit Released for Chrome Remote Code Execution Flaw
A remote code execution vulnerability affecting Google Chrome’s WebAssembly engine has been publicly disclosed, along with a fully functional exploit. The flaw, discovered and reported during TyphoonPWN 2025, involves a regression in the canonicalization logic for indexed reference types in…
Yurei Ransomware leverages SMB shares and removable drives to Encrypt Files
Targeting Windows systems, Yurei employs advanced file encryption and stealth techniques to maximize impact and minimize detection. Encrypted files are appended with the extension .Yurei, and victims receive a ransom note named _README_Yurei.txt with Tor-based contact channels. CYFIRMA has observed…
Hackers Exploit WordPress Sites by Silently Injecting Malicious PHP Code
Cybercriminals have ramped up attacks on WordPress websites by stealthily modifying theme files to serve unauthorized third-party scripts. This campaign leverages subtle PHP injections in the active theme’s functions.php to fetch external code, effectively turning compromised sites into silent distributors…
Ransomware Gangs Exploit Remote Access Tools to Stay Hidden and Maintain Control
Modern ransomware operations have evolved far beyond simple opportunistic attacks into sophisticated, multi-stage campaigns that exploit legitimate Remote Access Tools (RATs) to maintain stealth and persistence while systematically dismantling organizational defenses. Ransomware is one of the most disruptive cyber threats,…
Redis Server Use-After-Free Vulnerability Allows Remote Code Execution
A critical security vulnerability has been discovered in Redis Server that could allow authenticated attackers to achieve remote code execution through a use-after-free flaw in the Lua scripting engine. The vulnerability, tracked as CVE-2025-49844, affects all versions of Redis that…
Hackers Turn AWS X-Ray into Command-and-Control Platform
Red team researchers have unveiled XRayC2, a sophisticated command-and-control framework that weaponizes Amazon Web Services’ X-Ray distributed application tracing service to establish covert communication channels. This innovative technique demonstrates how attackers can abuse legitimate cloud monitoring infrastructure to bypass traditional…
QNAP NetBak Replicator Vulnerability Allow Malicious Code Execution
QNAP Systems has disclosed a critical security vulnerability in its NetBak Replicator software that could enable local attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-57714, stems from an unquoted search path element flaw that poses…
Asgard Malware Protector Reversed: Researchers Expose Its Antivirus Bypass Methods
SpyCloud Labs analysts have successfully reverse-engineered Asgard Protector, a sophisticated crypter tool prominently used to hide malicious payloads from antivirus detection systems. This crypter has gained particular notoriety for being the preferred choice among sellers of LummaC2, currently the most prevalent commodity…
PoC Published for Sudo Flaw Lets Attackers Escalate to Root
A proof-of-concept exploit has been released for CVE-2025-32463, a critical local privilege escalation vulnerability affecting the Sudo binary that allows attackers to gain root access on Linux systems. The flaw was discovered by security researcher Rich Mirch and has garnered…
PoC Released for Remotely Exploitable Oracle E-Business Suite 0-Day
Oracle has issued an urgent security alert for a critical zero-day vulnerability affecting Oracle E-Business Suite that allows remote code execution without authentication. The vulnerability, tracked as CVE-2025-61882, has now received public proof-of-concept detection capabilities from cybersecurity researcher rxerium. Illustration showing…
WARMCOOKIE Malware Operators Introduce Advanced Capabilities
The cybersecurity landscape continues to evolve as threat actors behind the WARMCOOKIE backdoor malware have significantly enhanced their capabilities, introducing new features and maintaining active development despite law enforcement disruptions. The latest WARMCOOKIE variants demonstrate the threat actors’ commitment to…
Top 10 Best End-to-End Threat Intelligence Companies in 2025
In 2025, businesses face growing challenges in securing their digital assets, networks, and sensitive data. The rise in sophisticated cyberattacks has made end-to-end threat intelligence solutions one of the most critical investments for enterprises, governments, and even mid-size companies. Threat…
Top 10 Best Supply Chain Risk Management Solutions in 2025
In today’s globalized world, managing supply chain risks has become a top priority for businesses. From cybersecurity threats and compliance issues to supplier sustainability and geopolitical instability, businesses face more complex risks than ever before. The right Supply Chain Risk…
New Android Spyware Targeting Users by Imitating Signal and ToTok Apps
ESET researchers have uncovered two sophisticated Android spyware campaigns that target users seeking secure communication platforms by impersonating popular messaging apps Signal and ToTok. These malicious operations appear to focus primarily on residents of the United Arab Emirates (UAE), utilizing…
DrayOS Router Flaw Allows Remote Code Execution by Attackers
A critical vulnerability affecting DrayOS routers could let unauthenticated attackers execute code remotely. Discovered on July 22 by Pierre-Yves Maes of ChapsVision, the flaw stems from the use of an uninitialized variable in the Web User Interface (WebUI). Crafting special…
Threat Actors Pose as Government Officials to Attack Organizations with StallionRAT
In a recent wave of targeted phishing campaigns, the Cavalry Werewolf cluster has escalated its operations by impersonating government officials and deploying both FoalShell and StallionRAT malware. These tactics underscore the urgency of maintaining continuous cyber intelligence monitoring and implementing…
New XWorm V6 Variant Embeds Malicious Code into Trusted Windows Applications
In the constantly evolving world of cyber threats, staying informed is not just an advantage; it’s a necessity. First observed in 2022, XWorm quickly gained notoriety as a highly effective malware, providing cybercriminals with a versatile toolkit for malicious activities.…