Microsoft Edge has identified and mitigated a critical threat exploiting its Internet Explorer (IE) compatibility mode, closing off high-risk entry points and reinforcing security for both individual and enterprise users. Although the web has largely embraced modern standards, many enterprise…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
North Korean Hackers Target Developers with 338 Malicious Software Packages
North Korean threat actors have escalated their Contagious Interview campaign, deploying 338 malicious npm packages with over 50,000 downloads to target cryptocurrency and blockchain developers through sophisticated social engineering tactics. The state-sponsored operation represents a significant evolution in supply chain…
Happy DOM Flaw Allows Remote Code Execution Affecting 2.7 Million Users
A critical security vulnerability has been discovered in Happy DOM, a popular JavaScript library used for server-side rendering and testing frameworks. The flaw, tracked as CVE-2025-61927, enables attackers to escape the virtual machine context and execute arbitrary code on affected systems,…
Microsoft Finally Resolves Persistent Windows 11 ‘Update and Shut Down’ Glitch
Microsoft has successfully addressed one of Windows 11’s most frustrating issues with its latest preview builds, finally fixing the notorious “update and shut down” glitch that has plagued users since the operating system’s 2021 launch. This persistent bug tricked countless…
WhatsApp Worm Targets Users with Banking Malware, Steals Login Information
Cybersecurity researchers have uncovered a sophisticated new campaign targeting WhatsApp users in Brazil with self-propagating malware designed to steal banking credentials and cryptocurrency exchange login information. The attack, first detected on September 29, 2025, represents a dangerous evolution in social…
Hackers Claim Massive Salesforce Breach: 1 Billion Records Stolen
A new cybercriminal conglomerate known as Scattered Lapsus$ Hunters has emerged as a significant threat to global organizations, claiming responsibility for massive data breaches targeting Salesforce customer tenants. The group, also referred to as SP1D3R HUNTERS or SLSH, has reportedly…
Spanish Authorities Dismantle Advanced AI Phishing Operation GoogleXcoder
Spanish law enforcement recently dismantled an advanced AI-driven phishing network and arrested the mastermind developer known as “GoogleXcoder.” This operation marks a significant victory in the fight against banking credential theft in Spain. Cybercriminals Target Banks and Government Agencies Since…
Astaroth Banking Malware Exploits GitHub for Hosting Configuration Files
McAfee’s Threat Research team recently uncovered a sophisticated new Astaroth campaign that represents a significant evolution in malware infrastructure tactics. This latest variant has abandoned traditional command-and-control (C2) server dependencies in favor of leveraging GitHub repositories to host critical malware…
Oracle E-Business Suite Flaw Enables Remote Code Execution and Data Theft
Oracle has issued a critical security alert for a severe vulnerability in its E-Business Suite platform that could allow attackers to execute remote code and steal sensitive data without requiring authentication. The flaw, identified as CVE-2025-61884, affects multiple versions of the…
SonicWall SSLVPN Targeted After Hackers Breach All Customer Firewall Backups
Cybersecurity researchers at Huntress have detected a widespread attack campaign targeting SonicWall SSL VPN devices across multiple customer environments, with over 100 accounts compromised since early October. The attacks appear coordinated and sophisticated, with threat actors rapidly authenticating into multiple…
Attackers Exploit Defender for Endpoint Cloud API to Bypass Authentication and Disrupt Incident Response
Microsoft Defender for Endpoint’s cloud communication can be abused to bypass authentication, intercept commands, and spoof results, allowing attackers to derail incident response and mislead analysts. Recent research shows that multiple backend endpoints accept requests without effectively validating tokens, enabling…
Threat Actors Exploit Discord Webhooks for C2 via npm, PyPI, and Ruby Packages
Threat actors are increasingly abusing Discord webhooks as covert command-and-control (C2) channels inside open-source packages, enabling stealthy exfiltration of secrets, host telemetry, and developer environment data without standing up bespoke infrastructure. Socket’s Threat Research Team has documented active abuse across…
New Stealit Malware Exploits Node.js Extensions to Target Windows Systems
Security researchers have identified a new, active campaign of the Stealit malware that uses an experimental Node.js feature to infect Windows systems. According to a report from FortiGuard Labs, threat actors are leveraging Node.js’s Single Executable Application (SEA) functionality to…
Chaosbot Using CiscoVPN and Active Directory Passwords for Network Commands
Adversaries have once again demonstrated that operational hours are irrelevant when mounting sophisticated cyberattacks. eSentire’s TRU team first observed suspicious activity within a financial services customer’s environment when legitimate CiscoVPN logins coincided with anomalous WMI calls to multiple endpoints. Investigation…
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and…
175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads
Socket’s Threat Research Team has uncovered a sprawling phishing campaign—dubbed “Beamglea”—leveraging 175 malicious npm packages that have amassed over 26,000 downloads. These packages serve solely as hosting infrastructure, redirecting victims to credential-harvesting pages. Though randomly named packages make accidental developer…
LLM-Powered MalTerminal Malware Uses OpenAI GPT-4 to Create Ransomware Code
LLM-enabled malware poses new challenges for detection and threat hunting as malicious logic can be generated at runtime rather than embedded in code. Our research discovered hitherto unknown samples, and what may be the earliest example known to date of…
GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories
A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in…
RondoDox Botnet Targets Over 50 Vulnerabilities to Compromise Routers, CCTV Systems, and Web Servers
The RondoDox campaign’s “exploit shotgun” method leverages over 50 vulnerabilities across more than 30 vendors to infiltrate network devices, highlighting the urgent need for rapid patching and continuous monitoring. The first detected RondoDox intrusion on June 15, 2025, reused a…
Gladinet CentreStack and Triofox 0-Day Flaw Under Active Attack
Gladinet CentreStack and Triofox have come under active attack as threat actors exploit an unauthenticated local file inclusion flaw (CVE-2025-11371). The flaw lets attackers read sensitive files without logging in. Once they grab the machine key, they can trigger a…