A recently discovered vulnerability in Docker Desktop for macOS is raising concerns in the developer and security communities. The flaw, which stems from the improper application of Registry Access Management (RAM) policies under certain conditions, could allow unauthorized access to potentially malicious…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
PowerDNS DNSdist Vulnerability Let Attackers Trigger Denial-of-Service
PowerDNS has issued an urgent security advisory for its DNSdist software, warning users of a critical vulnerability that could let attackers trigger denial-of-service (DoS) conditions by exploiting flawed DNS-over-HTTPS (DoH) exchanges. The flaw, tracked as CVE-2025-30194 (CVSS score: 7.5), affects DNSdist versions 1.9.0…
WhatsApp Unveils New AI Features While Ensuring Full Message Secrecy
WhatsApp, the world’s most popular messaging platform, has announced a major expansion of artificial intelligence (AI) capabilities, promising to enhance user experience while reinforcing its longstanding commitment to privacy and message secrecy. Meta, WhatsApp’s parent company, has integrated its generative…
Wormable AirPlay Zero-Click RCE Flaw Allows Remote Device Hijack via Wi-Fi
A major set of vulnerabilities-collectively named “AirBorne”-in Apple’s AirPlay protocol and SDK have been unveiled, enabling an array of severe attack vectors. Most critically, these flaws allow zero-click “wormable” Remote Code Execution (RCE), meaning attackers can take over Apple and third-party…
Chrome 136 Fixes 20-Year-Old Privacy Bug in Latest Update
Google has begun rolling out Chrome 136 to the stable channel for Windows, Mac, and Linux, bringing significant security and privacy upgrades to millions of users worldwide. The update, set to be distributed over the coming days and weeks, addresses…
Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software
A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest Uyghur diaspora organization, using a weaponized version of UyghurEditPP-a trusted open-source Uyghur language text editor. This incident exemplifies the technical evolution of digital transnational repression and…
Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories
Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads and a Linux ELF Cobalt Strike beacon. The discovery, originating from a routine search for open-source proxy software, highlights the pervasive risks of…
20.5 Million DDoS Barrage Shattered Records Leading Attack Fired Off 4.8 Billion Packets
Cloudflare’s latest DDoS Threat Report for the first quarter of 2025 reveals that the company mitigated a record-shattering 20.5 million Distributed Denial of Service (DDoS) attacks, marking a 358% surge year-over-year and a 198% increase quarter-over-quarter compared to the previous…
New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials
A formidable new information-stealing malware dubbed Gremlin Stealer has surfaced in the cybercrime underground, actively promoted since mid-March 2025 on platforms like the Telegram channel CoderSharp. Discovered by Unit 42 researchers at Palo Alto Networks, this malware, crafted in C#,…
Google Reports 75 Zero-Day Vulnerabilities Actively Exploited in the Wild
In a comprehensive report released by the Google Threat Intelligence Group (GTIG), 75 zero-day vulnerabilities were identified as actively exploited in the wild throughout 2024, marking a slight decline from 98 in 2023 but an increase from 63 in 2022.…
Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware
The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based crypto mining botnet. Detailed insights from a recent incident response case in Brazil, handled by…
Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks
A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent Threat (APT) group, has been identified targeting entities predominantly in South Korea. Cybersecurity experts have uncovered a meticulously crafted attack chain that leverages advanced obfuscation techniques…
GPUAF: Two Methods to Root Qualcomm-Based Android Phones
Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array of Android devices from brands like Samsung, Honor, Xiaomi, and Vivo. These exploits, centered around the GPU Address Fault (GPUAF) primitive, target the kgsl_mem_entry and Virtual…
Verizon 2025 Report Highlights Surge in Cyberattacks Through Third Parties
Verizon Business unveiled its 2025 Data Breach Investigations Report (DBIR) today, painting a stark picture of the escalating cyber threat landscape. Analyzing over 22,000 security incidents, including 12,195 confirmed data breaches, the report reveals a alarming 30% involvement of third…
Blinded from Above: How Relentless Cyber-Attacks Are Knocking Satellites Out of Sight
According to the Center for Strategic & International Studies’ (CSIS) 2025 Space Threat Assessment, space systems’ susceptibility to cyberattacks has gained significant attention. With approximately 720 cyber incidents reported across sectors in 2024 by the European Repository of Cyber Incidents…
Threat Actors Accelerate Transition from Reconnaissance to Compromise – New Report Finds
Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from reconnaissance to compromise. The data shows a staggering 16.7% global increase in scans, with over 36,000 scans per second targeting not just exposed ports but delving…
Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions – Technical Details Revealed
A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting the Mojo inter-process communication (IPC) component on Windows systems. This high-impact flaw, with a CVSS score of 8.8, stems from improper handle validation and management within…
Europol Launches Taskforce to Combat Violence-as-a-Service Networks
Europol has announced the launch of a powerful new Operational Taskforce (OTF), codenamed GRIMM, to confront the alarming rise of “violence-as-a-service” (VaaS) and the growing recruitment of young people by organised crime groups across Europe. Spearheaded by Sweden and joined by…
ResolverRAT Targets Healthcare and Pharmaceutical Sectors Through Sophisticated Phishing Attacks
A previously undocumented remote access trojan (RAT) named ResolverRAT has surfaced, specifically targeting healthcare and pharmaceutical organizations worldwide. First observed as recently as March 10, 2025, this malware distinguishes itself from related threats like Rhadamanthys and Lumma through its sophisticated…
JokerOTP Platform Linked to 28,000+ Phishing Attacks Dismantled
Law enforcement agencies from the UK and the Netherlands have dismantled the notorious JokerOTP cybercrime platform, which is allegedly linked to more than 28,000 phishing attacks across 13 countries. A 24-year-old man was apprehended this morning by Cleveland Police at…