Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

On October 15, 2023, a threat actor using the handle GhostSocks published a sales post on the Russian cybercrime forum xss[.]is advertising a novel Malware-as-a-Service (MaaS) offering. The post introduced GhostSocks, a service designed to turn compromised Windows machines into…

Read more →

The notorious SideWinder APT group has intensified its credential harvesting operations across South Asia, deploying sophisticated phishing campaigns that target government, defense, and critical infrastructure organizations through fake webmail portals. The campaign represents a significant escalation from the group’s August…

Read more →

Researchers at GreyNoise observed a sudden spike in attempts to exploit a well-known Grafana flaw. This vulnerability, tracked as CVE-2021-43798, allows attackers to traverse paths on a server and read any file they choose. Over the course of a single…

Read more →

An aggressive malware campaign dubbed SORVEPOTEL is exploiting WhatsApp messages to infiltrate Windows systems, with its epicenter in Brazil. Rather than pursuing data theft or ransomware extortion, this self-propagating malware is engineered for rapid spread, leveraging social trust and automation…

Read more →

A new toolkit named Impact Solutions has emerged on cybercrime forums, offering a comprehensive, user-friendly framework for crafting advanced phishing campaigns. By democratizing malware delivery, Impact Solutions empowers even low-skill threat actors to bypass both end users and conventional security…

Read more →

In a sophisticated resurgence of smishing campaigns, cybercriminals have begun embedding trusted brand names into deceptive URLs and group messaging threads to lure unsuspecting users into downloading malware. By inserting a familiar company name before the “@” symbol in links,…

Read more →

Cisco Talos has revealed that UAT-8099, a Chinese-speaking cybercrime group, has been exploiting vulnerable Internet Information Services (IIS) servers across multiple countries to conduct search engine optimization (SEO) fraud and steal high-value data. Identified in April 2025, this group targets…

Read more →

A new offering named Rhadamanthys, a sophisticated information stealer, has surfaced for sale on underground marketplaces, with subscription packages starting at $299 and reaching up to $499 per month. Marked by its polished branding and tiered pricing structure, the malware…

Read more →

Oracle has confirmed that a group of hackers stole data from its E-Business Suite (EBS) applications and is using the information in extortion campaigns. The company warns that these attackers exploited vulnerabilities already fixed in the July 2025 Critical Patch…

Read more →

Virtual Private Networks (VPNs) are trusted by millions to protect privacy, secure communications, and enable remote access on their mobile devices. But what if the very apps designed to safeguard your data are riddled with dangerous security flaws that expose…

Read more →

Signal, the popular end-to-end encrypted messaging platform, has announced a groundbreaking advancement in cryptographic security with the introduction of the Sparse Post Quantum Ratchet (SPQR). This innovative protocol represents a significant leap forward in protecting user communications against emerging quantum…

Read more →

The Confucius hacking group, a long-running cyber-espionage operation with suspected state-sponsored ties, has significantly evolved its attack methodologies over the past year, transitioning from document stealers like WooperStealer to sophisticated Python-based backdoors including AnonDoor malware. The December 2024 campaign demonstrated…

Read more →

NCC Group detailed a VMware Workstation guest-to-host escape achievable from a compromised VM via a logic flaw in virtual device handling that permits memory corruption and controlled code execution on the host process. The write-up shows a practical exploitation path…

Read more →

Microsoft Defender for Endpoint users, particularly those with Dell devices, are experiencing a widespread issue with false Basic Input/Output System (BIOS) security alerts due to a critical software bug. The problem, which surfaced on October 2, 2025, has prompted Microsoft…

Read more →

Obex, a newly released proof-of-concept utility by security researcher dis0rder0x00, demonstrates a simple but effective user-mode method to stop unwanted security and monitoring modules from loading into Windows processes. The tool launches a target process under debugger control and enforces…

Read more →

Three critical security flaws were discovered in firmware version V9.4.0cu.1360_B20241207 of the TOTOLINK X6000R router released on March 28, 2025. These vulnerabilities range from argument injection and command injection to a security bypass that can lead to remote code execution.…

Read more →

A critical vulnerability in the official Termix Docker image puts users at risk of exposing sensitive SSH credentials. The flaw allows anyone with network access to retrieve stored host addresses, usernames, and passwords without logging in. How the Vulnerability Works…

Read more →

The Chrome team has released Chrome 141.0.7390.54/55 to the stable channel for Windows, Mac, and Linux, rolling out over the coming days and weeks. This update delivers critical security fixes, including 21 distinct vulnerabilities that span high, medium, and low severity. External…

Read more →

Splunk released security advisories addressing multiple vulnerabilities affecting various versions of Splunk Enterprise and Splunk Cloud Platform. The flaws range from cross-site scripting (XSS) vulnerabilities to access control bypasses, with CVSS scores ranging from 4.6 to 7.5. Critical Vulnerabilities Identified…

Read more →

Microsoft is currently investigating a significant bug affecting classic Outlook for Windows that prevents users from accessing their email accounts. The issue manifests as a persistent error message stating “Cannot start Microsoft Outlook. Cannot open the Outlook window. The set…

Read more →