Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A Mandiant Red Team engagement has uncovered two critical vulnerabilities in Aviatrix Controller—cloud networking software used to manage multi-cloud environments. The flaws enable full system compromise through an authentication bypass (CVE-2025-2171) followed by authenticated command injection (CVE-2025-2172). Authentication Bypass (CVE-2025-2171)…

Read more →

A groundbreaking AI jailbreak technique, dubbed the “Echo Chamber Attack,” has been uncovered by researchers at Neural Trust, exposing a critical vulnerability in the safety mechanisms of today’s most advanced large language models (LLMs). Unlike traditional jailbreaks that rely on…

Read more →

A critical privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 enables attackers to achieve full system control through a supply-chain attack. The flaw exploits the installer’s insecure search path behavior, allowing unprivileged users to escalate privileges to NT AUTHORITY\SYSTEM with minimal user interaction.…

Read more →

Google has revealed a thorough protection technique aimed at indirect prompt injection attacks, a subtle but powerful threat, marking a major advancement in cybersecurity in the age of generative AI. Unlike direct prompt injections, where malicious commands are overtly inserted…

Read more →

The national team for responding to cyber incidents, CERT-UA, has exposed a sophisticated cyberattack targeting the information and communication system (ICS) of a central executive body in March-April 2024. During the implementation of response measures, a technical device running a…

Read more →

APT36, also known as Transparent Tribe, a Pakistan-based cyber espionage group, has launched a highly sophisticated phishing campaign targeting Indian defense personnel. According to recent findings by CYFIRMA, this group has meticulously crafted phishing emails that deliver malicious PDF attachments…

Read more →

When the NICT CSRI analysis team presented their three-year investigation into the RapperBot virus at Botconf 1, an international conference on botnets and malware hosted in Angers, France in May 2025, they made a startling discovery. This Mirai variant has…

Read more →

Acronis Threat Research Unit (TRU) has discovered a startling development: a malicious campaign called “Shadow Vector” is actively targeting Colombian users using malicious Scalable Vector Graphics (SVG) files, a novel attack vector. Disguised as urgent court notifications, these SVG files…

Read more →

McLaren Health Care, a prominent healthcare provider based at One McLaren Parkway, Grand Blanc, MI, has disclosed a data breach that compromised the personal information of 743,131 individuals, including 25 residents of Maine. The breach, identified as an external system…

Read more →

A sophisticated spyware campaign, dubbed SparkKitty, has emerged as a significant threat to both iOS and Android users, infiltrating even the official app stores like Google Play and the App Store. First detected in connection with the earlier SparkCat campaign…

Read more →

In an analysis by FS-ISAC and Akamai, the financial services sector has emerged as the primary target of Distributed Denial of Service (DDoS) attacks, with a dramatic surge in both the frequency and volume of malicious traffic. These attacks, designed…

Read more →

Cybersecurity researchers have uncovered a sophisticated spearphishing campaign orchestrated by the North Korean threat group Kimsuky, leveraging GitHub as a critical piece of attack infrastructure to distribute malware since March 2025. This operation, identified through analysis of a malicious PowerShell…

Read more →

A critical security vulnerability, tracked as CVE-2025-49825, has been discovered in Teleport, a widely used open-source platform for secure access to servers, cloud applications, and infrastructure. This flaw enables remote attackers to bypass authentication controls, potentially granting unauthorized access to…

Read more →

The notorious Confucius hacking organization, first exposed by foreign security vendors in 2016, continues to pose a significant threat to government and military entities across South and East Asia. With attack activities dating back to 2013, this group has recently…

Read more →

The Field Effect Analysis team has uncovered a targeted social engineering campaign orchestrated by the North Korean state-sponsored threat actor BlueNoroff, a financially motivated subgroup of the notorious Lazarus Group. A Canadian online gambling provider fell victim to a meticulously…

Read more →

The highly anticipated IPFire 2.29 – Core Update 194 has officially landed, delivering a significant upgrade for users of the popular Linux-based firewall. This release stands out for its much-awaited native support for the WireGuard VPN protocol, alongside a suite…

Read more →

The National Cyber Security Centre (NCSC) has sounded the alarm over a newly identified malware dubbed “UMBRELLA STAND,” specifically targeting internet-facing FortiGate 100D series firewalls manufactured by Fortinet. This medium-sophistication malware, believed to be deployed through security vulnerabilities, is designed…

Read more →

Microsoft has announced a significant upgrade to its Defender for Office 365 platform, introducing a new AI-powered capability designed to provide unprecedented clarity into why emails are classified as spam, phishing, or clean. This enhancement, powered by large language models…

Read more →

In a significant change for Windows 11 users, Microsoft has announced that, beginning with the June 2025 security update (KB5060842), system restore points in Windows 11 version 24H2 will now be retained for up to 60 days, down from the…

Read more →

Nucor Corporation, the largest steel producer and recycler in North America, has confirmed it suffered a significant cybersecurity breach that disrupted operations across multiple facilities and led to the theft of limited company data. The incident, first disclosed in a…

Read more →