The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated 1.5 terabytes of…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
The Evolution of Chaos: Ransomware’s New Era of Speed and Intelligence
In 2025, the notorious Chaos ransomware has undergone a dramatic transformation, emerging with a sophisticated C++ variant that represents the most dangerous iteration to date. This marks the first time Chaos has departed from its traditional .NET foundation, introducing destructive…
Chinese Hackers Weaponize Nezha Tool to Run Commands on Web Servers
Security researchers have uncovered a sophisticated cyberattack campaign where Chinese threat actors are exploiting web applications using an innovative log poisoning technique to deploy web shells and subsequently weaponize Nezha, a legitimate server monitoring tool, for malicious command execution. Creative…
CrowdStrike Falcon Windows Sensor Flaw Could Let Attackers Execute Code and Delete Files
CrowdStrike has disclosed two critical vulnerabilities affecting its Falcon sensor for Windows that could enable attackers to delete arbitrary files and potentially compromise system stability. The cybersecurity company released patches for both security flaws in its latest sensor version 7.29,…
Top 10 Best Supply Chain Intelligence Security Companies in 2025
In 2025, securing global supply chains is one of the top priorities for enterprises seeking business continuity, data integrity, and resilience against threats. As cyber risks, fraud, and disruption increase across physical and digital networks, leaders must adopt robust intelligence…
Top 10 Best Fraud Prevention Companies in 2025
Fraud prevention has become one of the most important priorities for enterprises, financial institutions, and digital-first businesses in 2025. With rising cyber threats, account takeovers, synthetic identities, financial crimes, phishing, and social engineering attacks, the need for advanced fraud detection…
Top 10 Best Digital Footprint Monitoring Tools for Organizations in 2025
In today’s hyperconnected business environment, organizations are under constant threat from cybercriminals who exploit digital footprints, shadow IT, cloud misconfigurations, and external exposures. Digital footprint monitoring has become one of the most critical aspects of a cybersecurity strategy in 2025.…
Google Unveils CodeMender – An AI Agent That Automatically Fixes Vulnerable Code
Google has introduced CodeMender, an AI-powered agent designed to automatically detect and patch security flaws in software. Announced on 6 October 2025 by Raluca Ada Popa and Four Flynn, CodeMender represents a major step toward leveraging artificial intelligence for proactive code…
New Phishing Kit Automates ClickFix Attacks to Evade Security Defenses
Cybercriminals are increasingly automating one of the most insidious social engineering exploits—forcing victims to manually execute malware under the guise of browser verification. The newly discovered IUAM ClickFix Generator commoditizes the ClickFix technique into an easy-to-use phishing kit, lowering the…
OpenAI Blocks ChatGPT Accounts Linked to Chinese Hackers Developing Malware
OpenAI has taken decisive action to stop misuse of its ChatGPT models by banning accounts tied to a group of Chinese hackers. This move reflects OpenAI’s core aim to ensuring artificial general intelligence benefits everyone. By setting clear rules and…
AI Chatbot Exploited as a Backdoor to Access Sensitive Data and Infrastructure
The rapid adoption of generative AI (GenAI), especially large language model (LLM) chatbots, has revolutionized customer engagement by delivering unparalleled efficiency and personalization. Yet, with this transformative power comes an equally formidable risk: adversaries are increasingly weaponizing AI applications to…
ClamAV 1.5.0 Released with Enhanced MS Office and PDF File Verification
ClamAV 1.5.0 is now available with new features that strengthen malware detection in Microsoft Office and PDF documents. This update marks a significant step forward for users who need reliable and thorough scanning of encrypted files and embedded links. Alongside…
Nagios Vulnerability Allows Users to Retrieve Cleartext Administrative API Keys
Security researchers have identified two significant vulnerabilities in Nagios Log Server that expose critical system information and allow unauthorized service manipulation. The vulnerabilities, tracked as CVE-2025-44823 and CVE-2025-44824, affect versions prior to 2024R1.3.2 and pose serious risks to enterprise monitoring…
Trinity of Chaos Leaks Data from 39 Companies — Google, Cisco Among Targets
A newly formed ransomware collective calling itself the Trinity of Chaos has published a data leak site (DLS) on the TOR network exposing the stolen records of 39 prominent corporations, including Google Adsense, CISCO, Toyota, FedEx and Disney/Hulu. The alliance…
PoC Exploit Released for Critical Vulnerabilities in Lua Engine
A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaws in the Lua parser,…
AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation.…
Shuyal Stealer Malware Exploits 19 Browsers to Steal Logins
Shuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware. Unlike most variants that zero in on popular platforms like Chrome and Edge, Shuyal dramatically widens its scope by targeting 19 different browsers, making it…
ASCII Smuggling Attack in Gemini Tricks AI Agents into Revealing Smuggled Data
Enterprise AI assistants face a hidden menace when invisible control characters are used to smuggle malicious instructions into prompts. In September 2025, FireTail researcher Viktor Markopoulos tested several large language models (LLMs) for susceptibility to the long-standing ASCII Smuggling technique. His…
77% of Employees Share Company Secrets on ChatGPT Compromising Enterprise Policies
In an era where AI and SaaS applications underpin daily workflows, organizations face an unprecedented challenge: the invisible exfiltration of sensitive information. Traditional, file-based data loss prevention (DLP) measures were designed for attachments and downloads, but today’s risk landscape extends…
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked…