Arch Linux—the community-driven, lightweight distribution renowned for its rolling-release model—has confirmed that a distributed denial-of-service (DDoS) attack has been targeting its core infrastructure for over a week. Beginning on August 18, users worldwide have experienced intermittent outages and slowdowns on…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Threat Actors Exploit Windows Scheduled Tasks for Stealthy Persistence Without Additional Tools
Threat actors continue to use Scheduled Tasks and other built-in Windows features to create persistence in the ever-changing world of cybersecurity threats, frequently avoiding the need of external tools or complex zero-day exploits. As of 2025, despite advancements in attack…
Microsoft Confirms August 2025 Patch Slows Down Windows 11 24H2 and Windows 10
Microsoft has acknowledged that the August 2025 security update—KB5063878—can cause significant performance degradation on both Windows 11, version 24H2, and supported Windows 10 releases. The company’s Windows release health dashboard confirms reports of severe stuttering, lag, and choppy audio/video playback…
Hackers Abuse Python eval/exec Calls to Run Malicious Code
Threat actors are increasingly abusing native evaluation and execution functions to conceal and execute malicious payloads within innocent-looking packages on PyPI. Security researchers warn that while static analysis libraries such as hexora can detect many obfuscation techniques, attackers continue innovating ways to…
Unmasking KorPlug Malware: TTPs, Control Flow, and Exposed IOCs
As part of the ongoing analysis of the KorPlug malware family, this second installment focuses on the complex second-stage payload, expanding on earlier discoveries of DLL side-loading methods that use legitimate programs to execute code initially. The payload, a malicious…
Chinese Hacker Sentenced for Kill Switch Attack on Ohio Firm’s Global Network
A federal court has handed down a four-year prison term to a former software developer who sabotaged his employer’s global network with a custom “kill switch,” crippling operations and inflicting hundreds of thousands in losses. Davis Lu, 55, a Chinese…
New macOS Installer Boasts Lightning-Fast Data Theft, Marketed on Dark Web
A novel macOS infostealer malware, designated as Mac.c, has emerged as a formidable contender in the underground malware-as-a-service (MaaS) ecosystem. Developed openly by a threat actor operating under the pseudonym “mentalpositive,” Mac.c represents a streamlined derivative of the notorious Atomic…
Hackers Exploit SendGrid to Steal User Login Credentials in Latest Attack
Cybersecurity researchers at the Cofense Phishing Defense Center (PDC) have uncovered a fresh surge in credential harvesting attacks that leverage the reputable cloud-based email service SendGrid to distribute phishing emails. Attackers are exploiting SendGrid’s trusted status, commonly used for transactional…
NIST Releases Lightweight Cryptography Standard for IoT Security
The National Institute of Standards and Technology (NIST) has formally published Special Publication 800-232, “Ascon-Based Lightweight Cryptography Standards for Constrained Devices,” establishing the first U.S. government benchmark for efficient cryptographic algorithms tailored to resource-constrained environments such as the Internet of…
Hackers Steal Windows Secrets and Credentials Undetected by EDR Detection
A cybersecurity researcher has unveiled a sophisticated new method for extracting Windows credentials and secrets that successfully evades detection by most Endpoint Detection and Response (EDR) solutions currently deployed in enterprise environments. The technique, dubbed “Silent Harvest,” leverages obscure Windows…
Happy Birthday Linux! 34 Years of Open-Source Power
August 25, 2025, marks the 34th anniversary of Linux, a project that began as a modest hobby and has grown into the bedrock of modern digital infrastructure. On this day in 1991, 21-year-old Finnish student Linus Torvalds posted to the…
Microsoft Copilot Agent Policy Flaw Lets Any User Access AI Agents
Microsoft has disclosed a critical flaw in its Copilot agents’ governance framework that allows any authenticated user to access and interact with AI agents within an organization—bypassing intended policy controls and exposing sensitive operations to unauthorized actors. At the core…
PoC Exploit and Technical Analysis Published for Apple 0-Day RCE Vulnerability
A critical zero-click remote code execution vulnerability in Apple’s iOS has been disclosed with a working proof-of-concept exploit, marking another significant security flaw in the company’s image processing capabilities. The vulnerability, tracked as CVE-2025-43300, affects Apple’s implementation of JPEG Lossless Decompression…
Critical Tableau Server Flaws Allows Malicious File Uploads
Salesforce has addressed multiple critical security vulnerabilities in Tableau Server and Desktop that could enable attackers to upload malicious files and execute arbitrary code. The vulnerabilities, disclosed on August 22, 2025, were proactively identified during a security assessment and patched…
10 Best Endpoint Detection And Response (EDR) Companies in 2025
In 2025, the endpoint remains the primary battleground for cyber attackers, making the implementation of EDR solutions a critical necessity for robust cybersecurity defenses. Laptops, desktops, servers, mobile devices, and cloud workloads are critical entry points and data repositories, making…
10 Best Incident Response Companies To Handle Data Breaches in 2025
Data breaches, encompassing everything from unauthorized access and data exfiltration to ransomware-induced data destruction, pose severe threats to an organization’s financial stability, reputation, and customer trust. The immediate aftermath of a breach is a chaotic and high-stakes environment where every…
10 Best Endpoint Protection Solutions for MSP/MSSPs in 2025
Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) are the guardians of cybersecurity for a vast and diverse clientele. In 2025, their role is more critical than ever as businesses of all sizes face an increasingly sophisticated and…
10 Best Web Content Filtering Solutions 2025
In the modern digital landscape, web content filtering is a fundamental component of cybersecurity and network management. A web content filtering solution is a technology that controls and monitors the web pages, URLs, and IP addresses that users can access.…
10 Best Network Monitoring Tools in 2025
The digital landscape in 2025 is more complex than ever, with organizations relying on intricate hybrid, cloud, and on-premises networks to power their operations. Network monitoring tools have become indispensable for IT teams to maintain network health, security, and performance.…
Agentic AI vs SOAR: What’s the Real Difference?
By now, you’ve heard the hype. Agentic AI; self-directed and goal-oriented. Supposedly, the next big thing in security automation. If you’re working in a Security Operations Center (SOC), it might sound like déjà vu. Agentic AI brings autonomous, decision-making security agents…