In late August 2025, Cleafy’s Threat Intelligence team uncovered Klopatra, a new, highly sophisticated Android banking trojan and Remote Access Trojan (RAT) that grants attackers full control of compromised devices and facilitates large-scale financial fraud. Active campaigns in Spain and…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Beer Maker Asahi Shuts Down Production Due to Cyberattack
Japanese beer and beverage giant Asahi Group Holdings has been forced to halt production at its domestic factories as a result of a cyberattack that struck on Monday. Asahi, known for its popular brands such as Asahi Super Dry Beer,…
Warning: Malicious AI Tools Being Distributed as Chrome Extensions by Threat Actors
Cybercriminals are exploiting the growing popularity of artificial intelligence tools by distributing malicious Chrome browser extensions that masquerade as legitimate AI services. These fake extensions, mimicking popular AI platforms like ChatGPT, Claude, Perplexity, and Meta’s Llama, are designed to hijack…
Hackers Actively Probe Palo Alto PAN-OS GlobalProtect Vulnerability for Exploitation
An uptick in internet-wide scanning activity indicates that threat actors are actively probing for systems vulnerable to CVE-2024-3400, a critical GlobalProtect flaw in Palo Alto Networks PAN-OS. Security researchers at SANS ISC observed a single source IP address 141.98.82.26, systematically targeting…
CISA Issues Alert on Actively Exploited Libraesva ESG Command Injection Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting the active exploitation of a serious vulnerability in the Libraesva Email Security Gateway (ESG). Cataloged as CVE-2025-59689, this command injection vulnerability has emerged as a significant…
CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent alert for system administrators and IT teams worldwide. Researchers have confirmed that attackers are actively exploiting a serious vulnerability in the sudo utility used on many Linux and Unix systems. This…
Researchers Publish Technical Analysis of Linux Sudo Privilege Escalation
A team of security researchers has released an in-depth technical report on CVE-2025-32463, a critical local privilege escalation flaw in the widely used Linux sudo utility. The vulnerability, which affects sudo versions 1.9.14 through 1.9.17, allows a local attacker with…
Threat Actors Exploiting MS-SQL Servers to Deploy XiebroC2 Framework
A surge in attacks targeting improperly managed MS-SQL servers, culminating in the deployment of the open-source XiebroC2 command-and-control (C2) framework. Similar in functionality to legitimate tools like Cobalt Strike, XiebroC2 offers capabilities for information gathering, remote control, and defense evasion,…
APT35 Hackers Targeting Government and Military to Steal Login Credentials
Stormshield CTI researchers have identified two active phishing servers linked to APT35, revealing ongoing credential-stealing operations targeting government and military entities. In an active threat-hunting operation, Stormshield’s Cyber Threat Intelligence (CTI) team discovered two malicious servers exhibiting hallmark characteristics of…
Malicious Code in Fake Postmark MCP Server Steals Thousands of Emails
A newly discovered attack on the npm ecosystem has exposed a deceptive backdoor embedded in a malicious package impersonating Postmark. The package, named postmark-mcp, quietly siphoned off thousands of emails from unsuspecting developers and organizations, all with just one line…
VMware Tools and Aria 0-Day Under Active Exploitation for Privilege Escalation
Organizations using VMware hypervisors face an urgent threat as a local privilege escalation zero-day, tracked as CVE-2025-41244, is under active exploitation in the wild. Both VMware Tools and VMware Aria Operations’ Service Discovery Management Pack (SDMP) are affected, enabling unprivileged users…
Apple Font Parser Vulnerability Allowing Memory Corruption Attacks
Apple has released a security update for macOS Sequoia 15.7.1 to address a serious vulnerability in its font parser. The flaw, tracked as CVE-2025-43400, allows a maliciously crafted font file to trigger an out-of-bounds write. Exploitation could cause unexpected application crashes…
Veeam RCE Exploit Allegedly Listed for Sale on Dark Web
A new dark web marketplace listing has sparked alarm in the cybersecurity community after a seller using the handle “SebastianPereiro” purportedly advertised a remote code execution (RCE) exploit targeting Veeam Backup & Replication platforms. The alleged exploit, marketed as the…
VMware vCenter and NSX Flaws Allow Hackers to Enumerate Usernames
Broadcom released VMSA-2025-0016 to address three key vulnerabilities affecting VMware vCenter Server and NSX products. The vulnerabilities include an SMTP header injection in vCenter (CVE-2025-41250) and two distinct username enumeration flaws in NSX (CVE-2025-41251 and CVE-2025-41252). All three are rated…
Hackers Distribute Malicious Microsoft Teams Build to Steal Remote Access
Cybersecurity researchers have identified a sophisticated campaign where threat actors are using malicious advertisements and search engine optimization poisoning to distribute fake Microsoft Teams installers containing the Oyster backdoor malware. The campaign targets users searching for legitimate Microsoft Teams downloads…
Lunar Spider Infected Windows Machine in Single Click and Harvested Login Credentials
A sophisticated cybercriminal group known as Lunar Spider successfully compromised a Windows machine through a single malicious click, establishing a foothold that allowed them to harvest credentials and maintain persistent access for nearly two months. The intrusion, which began in…
New Harrods Data Breach Leaks Personal Information of 430,000 Customers
Luxury department store Harrods has become the latest victim of a significant cybersecurity incident after hackers successfully accessed personal data belonging to 430,000 customers. The prestigious London retailer confirmed that threat actors contacted the company following the breach, though Harrods has stated it…
New Spear-Phishing Attack Deploys DarkCloud Malware to Steal Keystrokes and Credentials
Adversaries don’t work 9–5 and neither do we. At eSentire, our 24/7 SOCs are staffed with elite threat hunters and cyber analysts who hunt, investigate, contain and respond to threats within minutes. Backed by threat intelligence, tactical threat response and…
Jaguar Land Rover Confirms Gradual Restart of Operations Post-Cyberattack
Jaguar Land Rover (JLR) has announced the controlled resumption of manufacturing operations following a significant cyberattack that disrupted its production facilities. The British luxury automaker confirmed that some sections of its manufacturing operations will resume in the coming days as…
New TamperedChef Malware Exploits Productivity Tools to Access and Exfiltrate Sensitive Data
A sophisticated malware campaign dubbed “TamperedChef” is exploiting trojanized productivity tools—disguised as seemingly benign applications—to bypass security controls, establish persistence, and siphon sensitive information from targeted systems. On September 22, 2025, Field Effect researchers investigating a potentially unwanted application (PUA)…