The widely used React Router library, a critical navigation tool for React applications, has resolved two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) that allowed attackers to spoof content, alter data values, and launch cache-poisoning attacks. Developers must update to react-router v7.5.2 immediately to…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
New iOS Vulnerability Could Brick iPhones with Just One Line of Code
A security researcher has uncovered a critical vulnerability in iOS, Apple’s flagship mobile operating system. The flaw, CVE-2025-24091, which leverages the long-standing but little-known “Darwin notification” system, allows any app-including those confined by Apple’s usually strict sandbox restrictions push the…
Three IXON VPN Client Vulnerabilities Let Attackers Escalate Privileges
Security researchers at Shelltrail have discovered three significant vulnerabilities in the IXON VPN client that could allow attackers to escalate privileges on both Windows and Linux systems. The vulnerabilities, temporarily designated as CVE-2025-ZZZ-01, CVE-2025-ZZZ-02, and CVE-2025-ZZZ-03, affect the widely used…
Cybercriminals Selling Sophisticated HiddenMiner Malware on Dark Web Forums
Cybercriminals have begun openly marketing a powerful new variant of the HiddenMiner malware on underground dark web forums, raising alarms within the cybersecurity community. The malware, a heavily modified Monero (XMR) cryptocurrency miner, attracts buyers due to its advanced stealth…
Cybersecurity Firm CEO Arrested for Planting Malware in Hospital Systems
Jeffrey Bowie, the CEO of a local cybersecurity firm, has been arrested for allegedly planting malware on computers at SSM St. Anthony Hospital. Bowie, who until recently touted himself as a leader in protecting businesses from cyber threats, now faces…
Building A Strong Compliance Framework: A CISO’s Guide To Meeting Regulatory Requirements
In the current digital landscape, Chief Information Security Officers (CISOs) are under mounting pressure to ensure their organizations meet a growing array of regulatory requirements while maintaining robust cybersecurity. The proliferation of regulations such as the General Data Protection Regulation…
How To Use Digital Forensics To Strengthen Your Organization’s Cybersecurity Posture
Digital forensics has become a cornerstone of modern cybersecurity strategies, moving beyond its traditional role of post-incident investigation to become an essential proactive defense mechanism. Organizations today face an ever-expanding threat landscape, with attackers employing increasingly sophisticated tactics to breach…
New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales
AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals to promote unverified supplements and treatments. These synthetic “doctors” exploit public trust in the medical field, often directing users to purchase products with exaggerated or entirely…
Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI Models
Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to bypass safety protocols and extract potentially dangerous content from multiple popular AI platforms. These “jailbreaks” affect services from industry leaders including OpenAI, Google, Microsoft, and Anthropic,…
Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware
The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced infostealers targeting global gaming communities. Documented in Flashpoint’s 2025 Global Threat Intelligence Report, this malware strain exploits gaming enthusiasts’ trust through socially engineered distribution channels, leveraging…
XDR, MDR, And EDR: Enhancing Your Penetration Testing Process With Advanced Threat Detection
In the ever-evolving world of cybersecurity, organizations must continuously adapt their defense strategies to stay ahead of increasingly sophisticated threats. One of the most effective ways to identify and mitigate vulnerabilities is through penetration testing, a proactive approach that simulates…
Compliance And Governance: What Every CISO Needs To Know About Data Protection Regulations
The cybersecurity landscape has changed dramatically in recent years, largely due to the introduction of comprehensive data protection regulations across the globe. Chief Information Security Officers (CISOs) now find themselves at the intersection of technical security, regulatory compliance, and organizational…
How to Develop a Strong Security Culture – Advice for CISOs and CSOs
Developing a strong security culture is one of the most critical responsibilities for today’s CISOs (Chief Information Security Officers) and CSOs (Chief Security Officers). As cyber threats become more sophisticated and pervasive, technical defenses alone are insufficient. A resilient security…
North Korean APT Hackers Pose as Companies to Spread Malware to Job Seekers
Silent Push Threat Analysts have uncovered a chilling new cyberattack campaign orchestrated by the North Korean Advanced Persistent Threat (APT) group known as Contagious Interview, also referred to as Famous Chollima, a subgroup of the notorious Lazarus group. This state-sponsored…
Russian Hackers Attempt to Sabotage Digital Control Systems of Dutch Public Service
The Dutch Defense Ministry has revealed that critical infrastructure, democratic processes, and North Sea installations in the Netherlands have become focal points for Russian cyber operations. These attacks, identified as part of a coordinated strategy to destabilize social cohesion and…
Threat Actors Register Over 26,000 Domains Imitating Brands to Deceive Users
Researchers from Unit 42 have uncovered a massive wave of SMS phishing, or “smishing,” activity targeting unsuspecting users. Since the FBI’s initial warning in April 2024, over 91,500 root domains associated with smishing have been identified and blocked. However, the…
“Power Parasites” Phishing Campaign Targets Energy Firms and Major Brands
Silent Push Threat Analysts have uncovered a widespread phishing and scam operation dubbed “Power Parasites,” targeting prominent energy companies and major global brands across multiple sectors in 2024. This campaign, active primarily in Asian countries such as Bangladesh, Nepal, and…
DragonForce and Anubis Ransomware Gangs Launch New Affiliate Programs
Secureworks Counter Threat Unit (CTU) researchers have uncovered innovative strategies deployed by the DragonForce and Anubis ransomware operators in 2025. These groups are adapting to law enforcement pressures with novel affiliate models designed to maximize profits and expand their reach,…
WooCommerce Users Targeted by Fake Security Vulnerability Alerts
A concerning large-scale phishing campaign targeting WooCommerce users has been uncovered by the Patchstack securpity team, employing a highly sophisticated email and web-based phishing template to deceive website owners. The attackers behind this operation warn users of a fabricated “Unauthenticated…
Threat Actors Target Organizations in Thailand with Ransomware Attacks
Thailand is experiencing a significant escalation in ransomware attacks, with both state-sponsored advanced persistent threat (APT) groups and cybercriminal organizations zeroing in on key industries across the country. The surge is underpinned by Thailand’s position as a burgeoning financial hub…