The cybersecurity landscape entered a critical new era in the second half of 2025 as AI-powered malware transitioned from theoretical threat to tangible reality, while the ransomware-as-a-service economy expanded at an unprecedented pace. According to ESET Research’s latest Threat Report,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion
A threat actor operating under the handle Crypt4You has begun advertising a sophisticated new offensive tool on underground cybercrime forums, marketed as a “kernel-level” security neutralization utility. Dubbed VOID KILLER, the malware is designed explicitly to terminate antivirus (AV) and Endpoint Detection and…
Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions
A sophisticated and expansive Magecart campaign has been uncovered, marking a dangerous evolution in client-side attacks. Security researchers have identified a global operation utilizing over 50 distinct malicious scripts to hijack checkout and account creation flows across dozens of e-commerce…
70,000+ MongoDB Servers Exposed After MongoBleed PoC Released
Over 74,000 MongoDB database servers remain vulnerable to a critical security flaw after proof-of-concept exploit code for the MongoBleed vulnerability became publicly available. The Shadowserver Foundation reports that 74,854 exposed MongoDB instances are running unpatched versions susceptible to CVE-2025-14847, representing…
EmEditor Website Breach Used to Spread Infostealer Malware
The popular text editor EmEditor fell victim to a sophisticated supply chain attack between December 19-22, 2025, in which attackers compromised the official website to distribute malware-laced installation packages. Emurasoft, Inc., the software’s developer, confirmed on December 23 that malicious…
Silver Fox Hackers Target Indian Entities Using Income Tax Phishing Lures
Threat intelligence researchers at CloudSEK have uncovered a sophisticated phishing campaign targeting Indian entities using Income Tax-themed lures, attributed to the Chinese-aligned Silver Fox APT group. The campaign employs an advanced multi-stage malware chain delivering Valley RAT, a modular remote…
New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones
Security researchers have disclosed critical vulnerabilities in Airoha-based Bluetooth headphones that enable attackers to compromise connected smartphones through chained exploits. The three vulnerabilities CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 affect dozens of popular headphone models from Sony, Marshall, Jabra, Bose, and other…
Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts
A severe unauthenticated remote code execution vulnerability has been discovered in XSpeeder networking devices, potentially affecting more than 70,000 publicly accessible hosts worldwide. Tracked as CVE-2025-54322, the flaw allows attackers to gain root-level access without any authentication credentials. CVE ID…
Hackers Launch 2.5 Million+ Malicious Requests Targeting Adobe ColdFusion Servers
Security researchers have uncovered a massive coordinated exploitation campaign where threat actors launched over 2.5 million malicious requests against vulnerable systems during the Christmas 2025 holiday period. The campaign represents a sophisticated, multi-faceted initial access broker operation targeting Adobe ColdFusion…
Hacker Dumped MacBook in River in Attempt to Destroy Digital Evidence
A former employee of South Korean e-commerce giant Coupang attempted to destroy evidence of a massive data theft by throwing his MacBook Air into a river, investigators revealed this week. The desperate act failed spectacularly, with forensic experts recovering the…
MongoBleed Detector Launched to Identify Critical MongoDB Flaw (CVE-2025-14847)
Security researchers have released an open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting multiple MongoDB versions. The MongoBleed Detector, developed by Neo23x0, provides incident responders with an offline analysis capability…
Hacktivist Proxies and the Normalization of Cyber Pressure Campaigns
A significant shift in the cyber threat landscape has been identified in a new research report, distinguishing modern “Hacktivist Proxy Operations” from traditional digital protests or criminal schemes. The findings suggest that hacktivism has evolved into a repeatable, model-driven instrument…
Hackers Compromise Trust Wallet Chrome Extension, Users Claim Millions Stolen
Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025. The breach, which targeted desktop users exclusively, left hundreds of wallets completely drained within hours of the…
Google Introduces Option to Change @gmail.com Email Addresses
For years, Google users have been stuck with the email addresses they created when they first signed up. If you picked an embarrassing username years ago or simply want a more professional handle, the only previous solution was to create…
Critical LangChain Vulnerability Allows Attackers to Steal Sensitive Secrets
A critical security vulnerability in LangChain, one of the world’s most widely deployed AI frameworks, enables attackers to extract environment variable secrets and, through a serialization injection flaw, potentially achieve code execution. The vulnerability, identified as CVE-2025-68664, affects the core…
Unpatched FortiGate Security Flaw Allows Attackers to Bypass 2FA Controls
A critical authentication bypass vulnerability in FortiGate devices enables threat actors to circumvent two-factor authentication (2FA) protections through case-sensitive username manipulation. The flaw, tracked as CVE-2020-12812, affects organizations with specific LDAP integration configurations and remains exploitable on unpatched systems. The…
M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens
A critical security vulnerability in M-Files Server could allow authenticated attackers to capture active user session tokens via the M-Files Web interface, enabling identity impersonation and unauthorized access to sensitive information. The flaw, tracked as CVE-2025-13008, was disclosed on December…
Israeli Organizations Targeted by AV-Themed Malicious Word and PDF Files
SEQRITE Labs’ Advanced Persistent Threat (APT) Team has uncovered a sophisticated campaign targeting Israeli organizations through weaponized Microsoft Word and PDF documents disguised as legitimate antivirus software. The operation, tracked as UNG0801 or “Operation IconCat,” exploits the trusted branding of…
NVIDIA Isaac Vulnerabilities Enable Remote Code Execution Attacks
NVIDIA released critical security updates for its Isaac Launchable platform on December 23, 2025, addressing three severe vulnerabilities that could allow unauthenticated attackers to execute arbitrary code remotely. All three flaws carry a maximum CVSS score of 9.8, placing them…
Microsoft Enhances BitLocker with Hardware Acceleration Support
Microsoft has officially announced a major upgrade to its encryption technology with the introduction of hardware-accelerated BitLocker. Revealed by Microsoft’s Rafal Sosnowski following the Ignite conference, this new feature is designed to solve performance bottlenecks that have plagued high-speed storage…