McAfee’s Mobile Research Team has identified a sophisticated Android malware campaign primarily aimed at Hindi-speaking users in India, masquerading as legitimate financial applications from institutions like SBI Card, Axis Bank, and IndusInd Bank. This operation distributes malicious APKs through dynamically…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Chollima APT Group Targets Job Seekers and Organizations with JavaScript-Based Malware
The North Korean-linked Chollima advanced persistent threat (APT) group, also known as Famous Chollima, has been orchestrating a persistent cyber espionage campaign since at least December 2022, primarily targeting job seekers in the software development and IT sectors to infiltrate…
Streamlit Vulnerability Exposes Users to Cloud Account Takeover Attacks
A critical security flaw in Streamlit, the popular open-source framework for building data applications, has been discovered that could allow cybercriminals to execute cloud account takeover attacks and manipulate financial data systems. The vulnerability, found in Streamlit’s file upload feature,…
WAF Protections Bypassed via JS Injection and Parameter Pollution for XSS Attacks
A groundbreaking security research has revealed that parameter pollution techniques combined with JavaScript injection can bypass 70% of modern Web Application Firewalls (WAFs), raising serious concerns about the effectiveness of current web security defenses. Security researchers conducting autonomous penetration testing discovered…
LegalPwn Attack Tricks AI Tools Like ChatGPT and Gemini into Running Malicious Code
Security researchers have discovered a new type of cyberattack that exploits how AI tools process legal text, successfully tricking popular language models into executing dangerous code. Cybersecurity firm Pangea has unveiled a sophisticated attack method called “LegalPwn” that embeds malicious…
Claude AI Flaws Let Attackers Execute Unauthorized Commands Using the Model Itself
Security researchers have discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to bypass security restrictions and execute unauthorized commands, with the AI assistant itself helping to facilitate these attacks. The vulnerabilities, designated CVE-2025-54794 and CVE-2025-54795, demonstrate how sophisticated…
Ransomware Hits Phone Repair & Insurance Firm, Causing Millions in Damage
Wilhelm Einhaus, a businessman from Bockum-Hövel, Germany, pioneered cell phone insurance services, establishing a robust network that integrated innovative offerings like a 24-hour repair and replacement program. His enterprise expanded rapidly, partnering with major telecommunications providers such as Deutsche Telekom…
Threat Actors Exploit AI to Scale Attacks and Target Autonomous Agents
Adversaries are using artificial intelligence (AI) to increase their operational efficiency in a fast-changing threat landscape. They are scaling attacks and focusing on autonomous AI agents that support contemporary enterprise ecosystems. According to frontline intelligence from CrowdStrike’s 2025 Threat Hunting…
CNCERT Accuses U.S. Intelligence of Cyberattacks on Chinese Military-Industrial Targets
China’s National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) has publicly accused U.S. intelligence agencies of orchestrating sophisticated cyberattacks against key military-industrial entities, building on the 2022 NSA breach at Northwestern Polytechnical University. The revelations detail two emblematic incidents…
PXA Stealer Distributed via Telegram Harvests 200K Passwords and Credit Card Data
SentinelLABS and Beazley Security have uncovered a sophisticated infostealer campaign deploying the Python-based PXA Stealer, which has rapidly evolved since late 2024 to incorporate advanced anti-analysis techniques, decoy content, and hardened command-and-control (C2) infrastructure. This operation, linked to Vietnamese-speaking cybercriminal…
Modular Malware Suite Sold by Threat Actors Through Public Storefront Domains
A threat actor operating under the moniker Cyber Products has established a public-facing storefront at cyberproducts[.]io to distribute their modular malware suite, dubbed Cyber Stealer. This development marks a shift toward overt commercialization of malicious tools, with additional promotion occurring…
New Malware Attack Uses LNK Files to Deploy REMCOS Backdoor on Windows Systems
The investigation began with the detection of two scanning IP addresses, 91.238.181[.]225 and 5.188.86[.]169 sharing a common Secure Shell (SSH) fingerprint (b5:4c:ce:68:9e:91:39:e8:24:b6:e5:1a:84:a7:a1:03). Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign that leverages malicious Windows LNK shortcut files to deploy…
Surge in Threat Actor Exploitation Attempts Serves as Early Warning of Emerging Cyber Vulnerabilities
Researchers have discovered a continuous relationship between increases in threat actor activity and the eventual disclosure of new Common Vulnerabilities and Exposures (CVEs) in corporate edge technologies, according to a groundbreaking report published by GreyNoise, Inc. The study, spanning data…
FUJIFILM Printer Flaw Allows Attackers to Trigger DoS Attacks
FUJIFILM Business Innovation has disclosed a critical vulnerability affecting multiple printer models that could allow attackers to launch denial-of-service (DoS) attacks through specially crafted network packets. The vulnerability, tracked as CVE-2025-48499, affects the Internet Printing Protocol (IPP) and Line Printer…
Mozilla Issues Warning on Phishing Campaign Targeting Add-on Developer Accounts
Mozilla has issued an urgent security warning to Firefox add-on developers following the detection of a sophisticated phishing campaign targeting accounts on the Add-ons Mozilla Organization (AMO) platform. The alert, published by Scott DeVaney from Mozilla’s Add-ons Community team on…
Hackers Leverage AI to Craft Malicious NPM Package That Drains Crypto Wallets
Security researchers at Safety have uncovered an AI-generated malicious NPM package dubbed @kodane/patch-manager, engineered as an advanced cryptocurrency wallet drainer. This package, posing as a benign “NPM Registry Cache Manager” for license validation and registry optimization, embeds sophisticated mechanisms to…
Biggest-Ever Bitcoin Hack Uncovered: $3.5B Stolen in Silent Breach
A massive cryptocurrency theft that remained hidden for over four years has been uncovered, revealing what may be the largest Bitcoin hack in history. LuBian, once one of the world’s most prominent Bitcoin mining pools, lost approximately $3.5 billion in…
Researchers Use 0-Day to Exploit Google kernelCTF and Debian 12
Security researchers have uncovered and weaponized a critical Use-After-Free vulnerability (CVE-2025-38001) in the Linux network packet scheduler’s HFSC queuing discipline, successfully compromising Google kernelCTF instances—LTS, COS, and mitigation—and fully updated Debian 12. By ingeniously combining HFSC’s real-time scheduling mode, NETEM’s…
Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Allegedly Leaked Online
Digital Rights Management (DRM) systems are essential for safeguarding premium streaming content against unauthorized access and piracy, with Microsoft’s PlayReady emerging as a cornerstone technology adopted by major platforms such as Netflix, Amazon Prime Video, and Disney+. PlayReady employs sophisticated…
ShadowSyndicate Infrastructure Used by Multiple Ransomware Groups Including Cl0p, LockBit and RansomHub
Cybersecurity researchers have uncovered significant overlaps between the attack infrastructure of ShadowSyndicate, also known as Infra Storm by Group-IB, and several prominent ransomware-as-a-service (RaaS) operations. Active since July 2022, ShadowSyndicate has been linked to high-profile RaaS brands such as AlphaV/BlackCat,…