Cybersecurity researchers have uncovered a sophisticated attack campaign where hackers exploiting a critical Apache ActiveMQ vulnerability are taking the unusual step of patching the security flaw after gaining access to victim systems. The Red Canary Threat Intelligence team observed this…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Kubernetes Capsule Vulnerability Enables Attackers to Inject Arbitrary Labels
Security researchers have disclosed a critical vulnerability in Kubernetes Capsule v0.10.3 and earlier versions that allows authenticated tenant users to inject arbitrary labels into system namespaces, fundamentally breaking multi-tenant isolation. The vulnerability, tracked as CVE-2025-55205 with a CVSS score of 9.9, enables…
CodeRabbit RCE Flaw Gives Attackers Write Access to 1M Repositories
A critical remote code execution vulnerability in CodeRabbit, one of GitHub’s most popular AI-powered code review tools, could have allowed attackers to gain read and write access to over one million code repositories, including private ones, according to security researchers…
New Salty 2FA PhaaS Platform Targets Microsoft 365 Users to Steal Login Credentials
The majority of events globally are caused by phishing, which continues to be the most common vector for cyberattacks in the constantly changing world of cyber threats. The proliferation of affordable Phishing-as-a-Service (PhaaS) platforms such as Tycoon2FA, EvilProxy, and Sneaky2FA…
New GodRAT Malware Uses Screensaver and Program Files to Target Organizations
Threat actors have been deploying a novel Remote Access Trojan (RAT) dubbed GodRAT, derived from the venerable Gh0st RAT codebase, to infiltrate financial institutions, particularly trading and brokerage firms. The malware is distributed via Skype as malicious .scr (screensaver) and…
Chrome High-Severity Vulnerability Could Let Attackers Run Arbitrary Code
Google has released an emergency security update for Chrome to address a high-severity vulnerability that could potentially allow attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-9132, affects the V8 JavaScript engine and represents a critical…
Microsoft Teams “Couldn’t Connect” Issue After Sidebar Update Gets a Fix
Microsoft is actively rolling out a solution to address a widespread service disruption affecting Teams users globally, where the application displays a “couldn’t connect to this app” error message when attempting to launch either the desktop or web versions of…
McDonald’s Free Nuggets Hack Exposes Sensitive Customer Data
A security researcher has revealed multiple critical vulnerabilities in McDonald’s digital infrastructure that exposed sensitive customer data and allowed unauthorized access to internal corporate systems. The researcher discovered these flaws over several months, ultimately requiring an unconventional approach to report…
47,000 Individuals Affected by Data Breach, Reveals NY Business Council
The Business Council of New York State, Inc., a prominent commercial organization based in Albany, has disclosed a data breach impacting approximately 47,329 individuals. The breach, characterized as an external system intrusion commonly associated with sophisticated hacking techniques, occurred on…
New Research Exposes DPRK IT Workers’ Email Addresses and Recruitment Trends
New cybersecurity research has revealed important details about how DPRK-affiliated IT professionals, who fall under Microsoft’s “Jasper Sleet” threat actor group, operate. They take advantage of remote work opportunities in the Web3, blockchain, and cryptocurrency industries to obtain unauthorized access…
New Research Reveals Security Vulnerabilities Linked to Popular VPN Apps
Researchers have uncovered deceptive practices among major VPN providers, linking seemingly independent entities into three distinct “families” with combined Google Play Store downloads exceeding 700 million. By analyzing business filings, APK artifacts, and network communications, the team identified clusters of…
Mobile Phishers Target Brokerage Customers in ‘Ramp and Dump’ Cashout Scheme
Cybercriminal groups specializing in advanced mobile phishing kits have evolved their operations beyond stealing payment card data for mobile wallet enrollment, now pivoting to exploit brokerage accounts in sophisticated ‘ramp and dump’ schemes. This shift, as detailed in recent research…
New ClickFix Attack Deploys Fake BBC News Page and Fake Cloudflare Verification to Deceive Users
Cybersecurity researchers have uncovered a novel ClickFix attack variant that impersonates trusted BBC news content while leveraging counterfeit Cloudflare Turnstile verification interfaces to coerce users into executing malicious PowerShell commands. This campaign, detailed in recent analyses from sources like Cybersecurity…
Weaponized Copyright Documents Used by Threat Actors to Target Key Employees with Noodlophile Stealer
The Noodlophile Stealer malware, initially uncovered in campaigns leveraging fake AI video generation platforms, has evolved into a targeted spear-phishing operation that weaponizes copyright infringement notices to infiltrate enterprises with substantial Facebook presences. This updated variant, active for over a…
Surge in Scans From Hacked Cisco, Linksys, and Araknis Routers
Cybersecurity researchers have identified a significant increase in malicious scanning activities originating from compromised consumer and enterprise networking equipment, with particular focus on Cisco, Linksys, and Araknis router models. The Shadowserver Foundation, a prominent threat intelligence organization, has reported observing…
SAP 0-Day Exploit Reportedly Leaked by ShinyHunters Hackers
A sophisticated exploit targeting critical SAP vulnerabilities has been publicly released by the notorious hacking group ShinyHunters, significantly escalating the threat landscape for enterprise SAP environments. The exploit, which chains together multiple zero-day vulnerabilities, was allegedly leaked through the “Scattered…
New Android Attack Targets Indian Users with Free Electricity Subsidy to Install Malware
A newly identified Android phishing campaign is aggressively targeting Indian users by masquerading as the legitimate PM Surya Ghar: Muft Bijli Yojana, a government initiative approved in February 2024 that offers subsidies for solar rooftop installations, covering up to 60%…
North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware
The Trellix Advanced Research Center exposed a DPRK-linked espionage operation attributed to the Kimsuky group (APT43), targeting diplomatic missions in South Korea. Between March and July, at least 19 spear-phishing emails impersonated trusted diplomatic contacts, delivering malware via password-protected ZIP…
PyPI Blocks Expired Domain Access to Prevent Resurrection Attacks
The Python Package Index (PyPI) has implemented new security measures to protect against domain resurrection attacks, a sophisticated supply-chain threat where attackers purchase expired domains to hijack user accounts through password reset mechanisms. Since early June 2025, the platform has…
Microsoft Defender AI Can Detect Plaintext Credentials in Active Directory
Microsoft has unveiled a new AI-powered security capability that addresses one of cybersecurity’s most persistent vulnerabilities: plaintext credentials stored in Active Directory systems. The enhanced Microsoft Defender feature uses sophisticated artificial intelligence to detect exposed credentials with unprecedented precision, helping…