A security vulnerability has been discovered in WatchGuard Firebox devices that could allow attackers to bypass authentication mechanisms and gain unauthorized SSH access to affected systems. Tracked as CVE-2025-59396, this flaw poses a significant threat to organizations that rely on…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Researchers Expose Deep Connections Between Maverick and Coyote Banking Malware
Security researchers at CyberProof have uncovered critical connections between two sophisticated banking trojans Maverick and Coyote that are actively targeting Brazilian users through WhatsApp. The discovery came after investigating a suspicious file download incident flagged through the messaging platform, leading…
Beware of Security Alert-Themed Malicious Emails that Steal Your Email Logins
A sophisticated phishing campaign is currently targeting email users with deceptive security alert notifications that appear to originate from their own organization’s domain. The phishing emails are crafted to resemble legitimate security notifications from email delivery systems. These messages inform…
65% of Top AI Firms Found Exposing Verified API Keys and Tokens on GitHub
A comprehensive security analysis has uncovered a troubling reality: 65% of leading AI companies have leaked verified secrets on GitHub, exposing critical API keys, authentication tokens, and sensitive credentials that could compromise their entire organizations. Researchers examined 50 prominent AI…
Danabot Malware Reemerges with Version 669 After Operation Endgame
The notorious Danabot banking malware has made a comeback with the release of version 669, marking a significant return after nearly six months of silence following the coordinated law enforcement takedown known as Operation Endgame in May 2025. The resurgence…
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in…
Lazarus Group Deploys Weaponized Documents Against Aerospace & Defense
Security researchers at ENKI have uncovered a sophisticated espionage campaign targeting aerospace and defense organizations, in which the Lazarus Group is weaponizing a new variant of the Comebacker backdoor to infiltrate high-value targets. The threat actor has been actively conducting…
Hackers Exploit Triofox 0-Day to Deploy Malicious Payloads Using Anti-Virus Feature
Cybersecurity researchers from Mandiant Threat Defense have uncovered a critical zero-day vulnerability in Gladinet’s Triofox file-sharing platform that allowed attackers to bypass authentication and execute malicious code with system-level privileges. The vulnerability, tracked as CVE-2025-12480, was actively exploited by the threat…
OWASP Top 10 2025 Released: Major Revisions and Two New Security Classes Added
The Open Web Application Security Project (OWASP) has officially unveiled the eighth edition of its influential Top 10 security risks list for 2025, introducing significant changes that reflect the evolving landscape of application security threats. The update features two new…
Threat Report: xHunt Targets Microsoft Exchange and IIS with Custom Backdoors
The xHunt advanced persistent threat group continues to pose a significant cybersecurity risk through sophisticated attacks targeting Microsoft Exchange and IIS web servers with custom-built backdoors. This highly focused cyber-espionage operation has maintained persistent, multi-year campaigns primarily aimed at organizations…
Android Users Hit by Malware Disguised as Relaxation Programs
A sophisticated new cyberattack targeting Android devices in South Korea has been uncovered, leveraging Google’s asset-tracking feature, Find Hub, to remotely wipe sensitive user data. Threat actors disguised as psychological counselors and North Korean human rights activists have distributed malware…
NuGet Supply-Chain Exploit Uses Timed Destructive Payloads Against ICS
A sophisticated supply chain attack has compromised critical industrial control systems through nine malicious NuGet packages designed to inject time-delayed destructive payloads into database operations and manufacturing environments. Socket’s Threat Research Team identified these weapons of code, published under the…
MAD-CAT “Meow” Tool Sparks Real-World Data Corruption Attacks
The infamous Meow attack, which devastated unsecured databases since 2020, has resurfaced with renewed force through MAD-CAT (Meow Attack Data Corruption Automation Tool). This custom-built adversarial simulation tool demonstrates how easily attackers can corrupt data across multiple database platforms simultaneously, highlighting a…
Popular npm Library Used in AI and NLP Projects Exposes Systems to RCE
A critical remote code execution vulnerability has been discovered in the widely used JavaScript library expr-eval, affecting thousands of projects that rely on it for mathematical expression evaluation and natural language processing. The vulnerability, tracked as CVE-2025-12735, poses significant risks…
Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses
Threat actors are systematically compromising Outlook and Google mailboxes with alarming success, leveraging sophisticated techniques that sidestep traditional email defenses entirely. According to VIPRE’s Q3 2025 Email Threat Report, over 90% of phishing attacks specifically target these two dominant email…
HackGPT Launches as AI-Driven Penetration Testing Suite Using GPT-4 and Other Models
HackGPT Enterprise has officially launched as a production-ready, cloud-native AI-powered penetration testing platform designed specifically for enterprise security teams. Created by Yashab Alam, Founder and CEO of ZehraSec, the platform represents a significant advancement in automated security assessments by integrating…
Ransomware Operators Exploit RMM Tools to Deploy Medusa and DragonForce
Cybersecurity researchers at Zensec have exposed a sophisticated supply-chain attack campaign that weaponised trusted Remote Monitoring and Management (RMM) infrastructure to deploy ransomware across multiple UK organisations throughout early 2025. The investigation reveals how two prominent ransomware-as-a-service groups exploited critical…
Hackers Exploit Websites to Inject Malicious Links for SEO Manipulation
A surge in online casino spam is reshaping the dark corners of the internet, with threat actors increasingly hacking websites to embed malicious SEO-boosting links. This evolving tactic aims to promote online gambling sites by hijacking the authority of legitimate…
Italian Adviser Becomes Latest Target in Expanding Paragon Graphite Spyware Surveillance Case
An extract from “The Enemy Inside, the Paragon Case, Spies and Regime Methods in Giorgia Meloni’s Italy” by Francesco Cancellato, published by Rizzoli on November 11, 2025. This surveillance system continues to expand its reach into opposition figures and political…
Ex-Intel Employee Hid 18,000 Sensitive Documents Prior to Leaving the Company
Intel is pursuing legal action against a former software engineer who the company claims downloaded thousands of confidential files shortly after being fired in July. The incident highlights growing concerns about data security during workforce reductions and employee departures. The…