Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Cybercriminals are increasingly targeting MailChimp, a popular email marketing platform, through sophisticated phishing and social engineering attacks. Recent incidents reveal compromised accounts being used to exfiltrate subscriber lists, impersonate trusted brands, and launch secondary attacks. Attackers bypass multi-factor authentication (MFA)…

Read more →

Meta AI has announced its rollout across 41 European countries. This development marks a critical step in the company’s mission to make its intelligent and conversational AI assistant accessible to a wider audience. Since its launch in the U.S. in…

Read more →

Cloudflare has contributed to the open-sourcing of OPKSSH, a tool that integrates single sign-on (SSO) technologies like OpenID Connect (OIDC) into SSH protocols. This integration simplifies SSH access by leveraging OpenPubkey, which embeds public keys into the SSO tokens issued…

Read more →

Mozilla has released an urgent update for Firefox on Windows to address a critical vulnerability. This move comes after a similar exploit was identified in Google Chrome, highlighting the need for swift action to protect users. The latest update affects…

Read more →

Kuala Lumpur International Airport (KLIA), one of Southeast Asia’s busiest airports, was hit by a major cyberattack over the weekend. The incident, which paralyzed some operations, has raised significant concerns about the airport’s cybersecurity and the safety of travelers. Hackers…

Read more →

The Tor Project has swiftly released an emergency update for the Tor Browser, 14.0.8, which is exclusively available for Windows users and can be downloaded directly from the Tor Browser download page and the Tor distribution directory. This urgent update incorporates critical security…

Read more →

Resecurity, a prominent cybersecurity firm, has successfully exploited a vulnerability in the Data Leak Site (DLS) of Blacklock Ransomware, gaining unprecedented access to the group’s infrastructure. This breach, occurring during the winter of 2024-2025, allowed researchers to collect substantial intelligence…

Read more →

Classiscam, an automated scam-as-a-service operation, has been identified as a significant threat in Central Asia, leveraging sophisticated techniques to defraud users of online marketplaces and e-commerce platforms. This fraudulent scheme, highlighted in the High-Tech Crime Trends Report 2025, utilizes Telegram…

Read more →

A large-scale cyberattack has compromised approximately 150,000 legitimate websites by injecting malicious JavaScript to redirect visitors to Chinese-language gambling platforms. The campaign, first detected in February 2025 with 35,000 infected sites, has since expanded significantly, leveraging obfuscated scripts and iframe…

Read more →

A sophisticated phishing campaign targeting the hospitality industry has been uncovered, with threat actors impersonating Booking.com to gain access to hotel systems and customer data. Microsoft Threat Intelligence has attributed the ongoing attacks, which began in December 2024 and continued…

Read more →

ESET researchers have connections between the newly emerged ransomware-as-a-service (RaaS) group RansomHub and established ransomware gangs, including Play, Medusa, and BianLian. Emerging Threat Actor Connects Multiple Ransomware Operations The investigation centered on RansomHub’s custom EDR killer tool, EDRKillShifter, which has…

Read more →

ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and…

Read more →

A new ransomware strain, PlayBoy LOCKER, has been identified targeting Windows, NAS, and ESXi systems. First discovered in September 2024 as a Ransomware-as-a-Service (RaaS) offering, the malware later had its full source code put up for sale in November, potentially…

Read more →

A recent investigation by DomainTools Investigations (DTI) has uncovered a massive phishing infrastructure targeting defense and aerospace entities, particularly those linked to the conflict in Ukraine. This sophisticated campaign involves a network of mail servers supporting domains that mimic legitimate…

Read more →

A major cybersecurity incident has struck the New South Wales court system, as cybercrime detectives investigate a significant data breach affecting the Department of Communities and Justice (DCJ). The breach targeted the NSW Online Registry Website (ORW), a critical platform…

Read more →

Synology announced the discovery and resolution of a moderate-severity vulnerability in their Mail Server, which could allow remote authenticated attackers to tamper with non-sensitive system configurations. This issue, documented under CVE-2025-2848, highlights the importance of maintaining updated software to prevent…

Read more →

Cybersecurity researchers at Bitdefender have uncovered a significant evolution in the tactics of the RedCurl threat group, marking their first foray into ransomware deployment. This new strain, dubbed QWCrypt, specifically targets Hyper-V servers, showcasing a sophisticated and highly targeted approach…

Read more →

The cybersecurity landscape has been disrupted by the emergence of Lucid, a sophisticated Phishing-as-a-Service (PhAAS) platform developed by Chinese-speaking threat actors. This advanced toolkit enables cybercriminals to conduct large-scale phishing campaigns, targeting 169 entities across 88 countries globally. Lucid’s innovation…

Read more →

Cybersecurity threats continue to evolve, with malicious actors exploiting popular platforms like Google Ads to spread malware. Recently, a sophisticated campaign targeting DeepSeek users has been uncovered, highlighting the ongoing risks associated with sponsored search results. The Threat Landscape DeepSeek,…

Read more →

 The Cybersecurity and Infrastructure Security Agency (CISA) has included a critical deserialization vulnerability affecting Sitecore CMS and Experience Platform (XP). This vulnerability, tracked as CVE-2019-9874, allows unauthenticated attackers to execute arbitrary code by manipulating HTTP POST parameters, specifically the __CSRFTOKEN…

Read more →