Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

In today’s hyperconnected business environment, organizations are under constant threat from cybercriminals who exploit digital footprints, shadow IT, cloud misconfigurations, and external exposures. Digital footprint monitoring has become one of the most critical aspects of a cybersecurity strategy in 2025.…

Read more →

Google has introduced CodeMender, an AI-powered agent designed to automatically detect and patch security flaws in software. Announced on 6 October 2025 by Raluca Ada Popa and Four Flynn, CodeMender represents a major step toward leveraging artificial intelligence for proactive code…

Read more →

Cybercriminals are increasingly automating one of the most insidious social engineering exploits—forcing victims to manually execute malware under the guise of browser verification. The newly discovered IUAM ClickFix Generator commoditizes the ClickFix technique into an easy-to-use phishing kit, lowering the…

Read more →

OpenAI has taken decisive action to stop misuse of its ChatGPT models by banning accounts tied to a group of Chinese hackers. This move reflects OpenAI’s core aim to ensuring artificial general intelligence benefits everyone. By setting clear rules and…

Read more →

The rapid adoption of generative AI (GenAI), especially large language model (LLM) chatbots, has revolutionized customer engagement by delivering unparalleled efficiency and personalization. Yet, with this transformative power comes an equally formidable risk: adversaries are increasingly weaponizing AI applications to…

Read more →

ClamAV 1.5.0 is now available with new features that strengthen malware detection in Microsoft Office and PDF documents. This update marks a significant step forward for users who need reliable and thorough scanning of encrypted files and embedded links. Alongside…

Read more →

Security researchers have identified two significant vulnerabilities in Nagios Log Server that expose critical system information and allow unauthorized service manipulation. The vulnerabilities, tracked as CVE-2025-44823 and CVE-2025-44824, affect versions prior to 2024R1.3.2 and pose serious risks to enterprise monitoring…

Read more →

A newly formed ransomware collective calling itself the Trinity of Chaos has published a data leak site (DLS) on the TOR network exposing the stolen records of 39 prominent corporations, including Google Adsense, CISCO, Toyota, FedEx and Disney/Hulu. The alliance…

Read more →

A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaws in the Lua parser,…

Read more →

Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation.…

Read more →

Shuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware. Unlike most variants that zero in on popular platforms like Chrome and Edge, Shuyal dramatically widens its scope by targeting 19 different browsers, making it…

Read more →

Enterprise AI assistants face a hidden menace when invisible control characters are used to smuggle malicious instructions into prompts. In September 2025, FireTail researcher Viktor Markopoulos tested several large language models (LLMs) for susceptibility to the long-standing ASCII Smuggling technique. His…

Read more →

In an era where AI and SaaS applications underpin daily workflows, organizations face an unprecedented challenge: the invisible exfiltration of sensitive information. Traditional, file-based data loss prevention (DLP) measures were designed for attachments and downloads, but today’s risk landscape extends…

Read more →

In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked…

Read more →

Cybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a significant increase…

Read more →

In a sophisticated evolution of email-based attacks, adversaries have begun leveraging Cascading Style Sheets (CSS) to inject hidden “salt” — irrelevant content used to confuse detection systems — deep within HTML emails. Cisco Talos’s year-long monitoring (March 1, 2024 –…

Read more →

Brand protection has become a necessity for enterprises in 2025, with increasing risks of counterfeiting, phishing, domain abuse, fake social media accounts, and digital piracy. Businesses today must not only defend their intellectual property but also safeguard their digital presence…

Read more →

A critical SQL injection vulnerability in FreePBX, designated as CVE-2025-57819, has been actively exploited by attackers to modify the database and achieve arbitrary code execution on vulnerable systems. The vulnerability affects the popular open-source PBX platform that provides a web-based administration…

Read more →

CISA has issued a warning about a new zero-day cross-site scripting (XSS) flaw in the Zimbra Collaboration Suite (ZCS). This vulnerability is already in use by attackers to hijack user sessions, steal data, and push malicious filters. Organizations running ZCS…

Read more →

Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the context of…

Read more →