Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A newly identified threat actor known as Water Curse has been linked to a sprawling campaign utilizing at least 76 GitHub accounts to distribute weaponized repositories packed with multistage malware. This financially motivated group leverages the inherent trust in open-source…

Read more →

A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2025-2783, is being actively exploited by hackers in sophisticated cyber-espionage campaigns. Security researchers have observed a surge in targeted attacks leveraging this flaw, with attribution pointing to the advanced persistent…

Read more →

Over 150,000 users across Google Play and the Apple App Store have fallen victim to a malicious SpyLoan application named “RapiPlata,” which was identified in February 2025 by advanced detection engines. This app, posing as a legitimate financial service primarily…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert following the discovery and active exploitation of a critical zero-click vulnerability in Apple’s ecosystem, tracked as CVE-2025-43200. This flaw, now patched, enabled attackers to compromise iOS, iPadOS,…

Read more →

Threat actors are increasingly exploiting legitimate channels to achieve privilege escalation, posing a severe risk to millions of devices worldwide. While conventional exploits remain a concern, a more insidious danger emerges from applications gaining excessive system access through mechanisms such…

Read more →

The eSentire’s Threat Response Unit (TRU) has uncovered a series of malicious campaigns throughout May 2025, where threat actors have been deploying the DeerStealer malware, also known as XFiles Spyware, using the HijackLoader malware loader. This sophisticated information stealer, peddled…

Read more →

A former intern at the UK’s intelligence agency GCHQ has been sentenced to seven and a half years in prison after admitting to smuggling top secret data out of a secure facility using his mobile phone, in a breach described…

Read more →

The Apache Software Foundation has released critical security updates to address four newly discovered vulnerabilities in Apache Tomcat, one of the world’s most widely used open-source Java servlet containers.  These flaws, affecting Tomcat versions 9.0, 10.1, and 11.0, expose systems…

Read more →

A critical security flaw in Langflow, a widely adopted Python-based AI prototyping framework, is being actively exploited by cybercriminals to deploy the rapidly evolving Flodrix botnet. Security researchers have confirmed that attackers are exploiting CVE-2025-3248, a remote code execution (RCE)…

Read more →

A sudden and highly coordinated wave of cyberattacks has struck Zyxel firewall and VPN devices worldwide, as hackers exploit a critical remote code execution (RCE) vulnerability tracked as CVE-2023-28771. The attacks, observed on June 16, 2025, leveraged UDP port 500—the…

Read more →

The Washington Post confirmed late last week that its email systems were targeted in a cyberattack, resulting in the compromise of several journalists’ email accounts. “The Wall Street Journal, which first reported the breach, said it was potentially the work…

Read more →

The emergence of Katz Stealer, a sophisticated information-stealing malware-as-a-service (MaaS) that is redefining the boundaries of credential theft. First detected this year, Katz Stealer combines aggressive data exfiltration with advanced system fingerprinting, stealthy persistence mechanisms, and evasive loader tactics. Distributed…

Read more →

The JFrog Security Research team has uncovered a sophisticated malicious package named “chimera-sandbox-extensions” on the Python Package Index (PyPI), a widely used repository for Python software. Uploaded by a user identified as “chimerai,” this package was designed to exploit unsuspecting…

Read more →

Cybersecurity enthusiast Xavier shed light on a sophisticated method of hiding malicious payloads within seemingly innocuous JPEG images. This discovery has sparked significant interest in the infosec community, as it highlights the growing complexity of cyber threats leveraging steganography the…

Read more →

A targeted cyberattack has struck The Washington Post, compromising the email accounts of several of its journalists and raising new concerns about the digital security of newsrooms worldwide. The breach, discovered late last week, prompted an immediate and sweeping response…

Read more →

In a major international law enforcement operation dubbed “Operation Deep Sentinel,” authorities have successfully dismantled the notorious darknet marketplace “Archetyp Market,” one of the world’s largest and longest-running illegal trading platforms. The takedown marks a significant victory in the ongoing…

Read more →

Zoomcar Holdings, Inc., the prominent car-sharing platform, has confirmed a significant data breach that has compromised the personal information of approximately 8.4 million users. The incident, which was first detected on June 9, 2025, was disclosed in a recent filing…

Read more →

The HP Threat Research team discovered a sophisticated malware campaign in Q1 2025 that targets vacation planners by imitating Booking.com using phony travel websites. As detailed in the latest HP Wolf Security Threat Insights Report, attackers are leveraging users’ “click…

Read more →

Calgary-based WestJet Airlines, Canada’s second-largest carrier, is grappling with the fallout from a significant cybersecurity incident that has disrupted access to its mobile app and internal systems. The breach, first detected on June 13, has led to intermittent outages and…

Read more →

The BERT ransomware group, first detected in April 2025 but active since mid-March, has expanded its reach from targeting Windows environments to launching sophisticated attacks on Linux machines as of May 2025. Initially spotted through phishing campaigns, BERT has evolved…

Read more →