A critical security vulnerability has been identified in IBM i, potentially allowing attackers to escalate privileges and execute arbitrary code with administrator rights. The flaw, tracked as CVE-2025-36004, affects IBM Facsimile Support for i across multiple versions of the IBM…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
CISA Issues Alert on ControlID iDSecure Flaws Enabling Bypass Authentication
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding critical vulnerabilities in ControlID’s iDSecure On-premises software, a widely used vehicle control and access management platform. The alert, designated ICSA-25-175-05 and released on June 24, 2025, highlights…
MOVEit Transfer Systems Hit by Wave of Attacks Using Over 100 Unique IPs
A dramatic surge in scanning and exploitation activity targeting Progress Software’s MOVEit Transfer file-sharing platform has alarmed cybersecurity researchers and enterprise defenders worldwide. Over the past 90 days, threat intelligence firm GreyNoise has detected 682 unique IP addresses targeting MOVEit…
Authorities Arrest Five Operators Behind Infamous BreachForums Cybercrime Hub
In a sweeping crackdown that has sent shockwaves through the global cybercrime community, French authorities have arrested five key operators behind BreachForums, one of the world’s most notorious online marketplaces for stolen data. The arrests mark a significant victory for…
New Malware Discovered Using Prompt Injection to Manipulate AI Models in the Wild
Researchers have uncovered a new malware sample in the wild that employs a unique and unconventional evasion tactic: prompt injection aimed at manipulating AI models used in malware analysis. Dubbed “Skynet” by its creator, this malware, discovered in early June…
Beware of Weaponized Wedding Invite Scams Delivering SpyMax RAT to Android Devices
A sophisticated Android phishing campaign, aptly named “Wedding Invitation,” has emerged as a significant threat targeting mobile users across India. According to a detailed report from K7 Computing, this malicious operation leverages the guise of digital wedding invitations to deceive…
Multiple Brother Device Vulnerabilities Allow Attackers to Execute Arbitrary HTTP Requests
A zero-day research project has uncovered eight new vulnerabilities in multifunction printers (MFPs) and related devices from Brother Industries, Ltd., affecting a staggering 748 models across five major vendors, including Brother, FUJIFILM Business Innovation, Ricoh, Toshiba Tec Corporation, and Konica…
INTERPOL Cautions of Significant Increase in Cyber Attacks on Western and Eastern Africa
The INTERPOL 2025 Africa Cyberthreat Assessment Report has raised alarms over a dramatic surge in cybercrime across Africa, with Western and Eastern regions reporting that over 30% of all documented criminal activities are now cyber-related. Two-thirds of INTERPOL’s African member…
North Korean Hackers Pose as Recruiters, Target Developers with 35 New Malicious npm Packages
A new cyber campaign orchestrated by North Korean threat actors has been exposed by the Socket Threat Research Team, revealing a sophisticated supply chain attack targeting software developers through the npm registry. Linked to the Contagious Interview operation, these adversaries…
Threat Actors Distribute Compromised SonicWall SSL VPN NetExtender to Steal Sensitive Data
Threat actors were discovered disseminating a malicious, altered version of SonicWall’s SSL VPN NetExtender application in a complex cyberattack that was discovered through a partnership between SonicWall and Microsoft Threat Intelligence (MSTIC). NetExtender, a critical tool for remote users, facilitates…
Hacktivist Groups Target U.S. Companies and Military Domains in Retaliation for Iran Attacks
The United States has become a popular target for hacktivist groups in the escalating Israel-Iran conflict, following U.S. attacks on Iranian nuclear sites on June 21, 2025. Several pro-Iranian hacktivist collectives, including Mr Hamza, Team 313, Cyber Jihad, and Keymous+,…
Windows 11 Configuration Bug Freezes Update Scanning Process
A recently discovered bug in Windows 11 has caused significant frustration among users, as the operating system’s update scanning process can freeze unexpectedly, leaving systems unable to check for or install critical updates. Microsoft has officially acknowledged the issue and…
Firefox 140 Launches with Critical Code Execution Bug Fix – Update Now
Mozilla has officially released Firefox 140, marking a significant update that addresses multiple security vulnerabilities, including a critical code execution flaw. Users are strongly urged to update their browsers immediately to protect against potential exploits targeting these newly patched weaknesses.…
Realtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During Pairing
A critical vulnerability in Realtek’s Bluetooth Low Energy (BLE) implementation enables attackers to launch denial-of-service (DoS) attacks during device pairing. The flaw (CVE-2024-48290) affects Realtek RTL8762E BLE SDK v1.4.0, allowing malicious actors to disrupt connections by exploiting protocol inconsistencies. Attackers…
Chrome Releases Security Patch for 11 Code Execution Vulnerabilities
The Chrome team has announced the rollout of a critical security update for its popular web browser, Chrome, addressing 11 code execution vulnerabilities that could potentially put millions of users at risk. The update, Chrome 138.0.7204.49 for Linux and 138.0.7204.49/50…
Threat Actors Manipulate Search Results, Exploit ChatGPT and Luma AI Popularity to Deliver Malicious Payloads
Threat actors are leveraging the soaring popularity of AI tools like ChatGPT and Luma AI to distribute malware through deceptive websites. Zscaler ThreatLabz researchers have uncovered a network of malicious AI-themed sites, often hosted on platforms like WordPress, that exploit…
CISA Publishes Guide to Address Memory Safety Vulnerabilities in Modern Software Development
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), has released a comprehensive guide titled “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development.” Published in June 2025, this report underscores the critical need…
Akamai Reveals New Strategies for Defenders to Combat Cryptominer Attacks
Akamai has unveiled two proactive strategies to disrupt malicious cryptominer operations, as detailed in the final installment of their Cryptominers’ Anatomy blog series. These techniques exploit the inherent design of common mining topologies, focusing on the Stratum protocol and pool…
NetNerve: AI-Powered Tool for Deep PCAP Threat Detection
As cyber threats evolve in sophistication and volume, traditional packet capture (PCAP) analysis tools are struggling to keep pace. Enter NetNerve, an AI-powered platform designed to revolutionize how security professionals, researchers, and students analyze network traffic and detect threats hidden…
Kubernetes NodeRestriction Flaw Lets Nodes Bypass Resource Authorization
A critical security vulnerability (CVE-2025-4563) in Kubernetes allows nodes to bypass authorization checks for dynamic resource allocation, potentially enabling privilege escalation in affected clusters. The flaw resides in the NodeRestriction admission controller, which fails to validate resource claim statuses during…