Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A security researcher, exploring reverse engineering and exploit development, has successfully identified a critical vulnerability in the TP-Link TL-WR940N router, specifically affecting hardware versions 3 and 4 with all firmware up to the latest version. This vulnerability, which has been…

Read more →

A security vulnerability has been identified in Brave Browser, potentially allowing malicious websites to masquerade as trusted ones during file upload or download operations. The issue, tracked under CVE-2025-23086, affects specific versions of the Brave browser on desktop platforms, creating…

Read more →

A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications. This issue affects all versions before 5.13.0 and is characterized by an argument injection vulnerability, enabling potential attackers…

Read more →

The Gootloader malware family employs sophisticated social engineering tactics to infiltrate computers. By leveraging compromised legitimate WordPress websites, Gootloader’s operators manipulate Google search results to redirect users to a deceptive online message board. They link the malware to a simulated…

Read more →

A recent phishing campaign has targeted customers of SBI Bank through a deceptive message circulating in WhatsApp groups. The message falsely claims that the recipient’s SBI reward points, amounting to Rs 9,980, will expire unless they download a purported “SBI…

Read more →

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services. This issue, documented as CVE-2025-23184, poses a significant risk as it can lead to a Denial of Service (DoS) attack…

Read more →

Microsoft has announced the release of Windows 11 Insider Preview Build 27774 to the Canary Channel. This build comes packed with enhancements, including a significant new feature aimed at bolstering system security—Administrator Protection. The highlight of this update is the…

Read more →

In early January 2025, a new ransomware strain identified as Contacto surfaced, showcasing advanced techniques designed to bypass conventional security measures. This analysis provides insights into its operational mechanisms, particularly suited for professionals venturing into ransomware analysis. Operational Mechanisms Upon…

Read more →

The Open Web Application Security Project (OWASP) has released its updated Smart Contract Top 10 for 2025, providing essential insights for developers and security teams in the rapidly evolving Web3 environment. This document outlines the most pressing vulnerabilities found in smart contracts,…

Read more →

A ransomware attack has compelled UK Brit, a prominent British high school, to close its doors to students for two days, specifically Monday, January 20, and Tuesday, January 21, 2025. This decision follows an incident that occurred on Friday, January…

Read more →

A significant security vulnerability, designated as CVE-2024-13454, has been discovered in the OpenVPN Easy-RSA tool, specifically affecting versions from 3.0.5 to 3.2.0 that utilize OpenSSL 3. This flaw pertains to the incorrect encryption of password-protected Certificate Authority (CA) private keys…

Read more →

A serious code execution vulnerability in the TP-Link TL-WR940N router, identified as CVE-2024-54887, has become the focus of intense scrutiny following the release of a proof-of-concept (PoC) exploit. This vulnerability allows attackers to execute arbitrary code on the device remotely…

Read more →

Christian Brabandt, a prominent figure in the Vim community, announced the patching of a medium-severity segmentation fault vulnerability identified as CVE-2025-24014. The vulnerability, discovered in versions of Vim before 9.1.1043, could potentially be exploited during silent Ex mode operations, which are…

Read more →

Socket’s threat research team has identified a series of malicious npm packages specifically designed to steal private keys from Solana wallets. The implicated packages—@async-mutex/mutex, dexscreener, solana-transaction-toolkit, and solana-stable-web-huks—typosquat on popular libraries, appearing to serve legitimate functions while covertly executing malware.…

Read more →

Researchers uncovered several significant vulnerabilities within Azure DevOps, specifically focusing on potential Server-Side Request Forgery (SSRF) weaknesses. The findings highlight the importance of robust security measures in cloud-based development environments. During testing, the researcher aimed to identify any Service Connections…

Read more →

Large-scale DDoS attack commands sent from an IoT botnet’s C&C server targeting Japan and other countries since late 2024. These commands targeted various companies, which include major Japanese corporations and banks.  While a direct link cannot be confirmed, some targeted…

Read more →

Researchers have reported a series of sophisticated cyber attacks aimed at organizations in Chinese-speaking regions, including Hong Kong, Taiwan, and mainland China. These attacks employ a multi-stage loader known as PNGPlug to deliver a malware payload identified as ValleyRAT. The…

Read more →

Bug bounty programs have emerged as a critical avenue for researchers to identify vulnerabilities in digital platforms. One such success story involves a recent discovery made within the Red Bull bug bounty program, where a security researcher utilized ChatGPT to…

Read more →

Security researchers have uncovered a severe vulnerability in OpenAI’s ChatGPT API, allowing attackers to exploit its architecture for launching Reflective Distributed Denial of Service (DDoS) attacks. This loophole, characterized by a high severity CVSS score of 8.6, raises significant concerns…

Read more →

Apple has confirmed that popular apps developed by ByteDance Ltd., including TikTok, will no longer be available for download or updates in the United States. This decision, effective January 19, 2025, comes in response to the Protecting Americans from Foreign…

Read more →