Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Active Exploits Detected Targeting Critical vBulletin Vulnerability

Two critical vulnerabilities—CVE-2025-48827 and CVE-2025-48828—have been assigned to vBulletin, the widely used PHP/MySQL forum software, following public disclosure and observed exploitation in the wild. The flaws, affecting vBulletin versions 5.0.0 through 6.0.3, enable unauthenticated attackers to achieve Remote Code Execution…

MITRE Releases Roadmap for Transition to Post-Quantum Cryptography

The nonprofit research organization MITRE has unveiled a comprehensive roadmap designed to guide organizations through the critical transition from current cryptographic standards to quantum-resistant algorithms. This strategic framework addresses the emerging threat posed by quantum computing capabilities to existing public-key…

New Linux Security Bugs Could Expose Password Hashes Across Millions of Devices

The Qualys Threat Research Unit (TRU) has disclosed two significant local information disclosure vulnerabilities—CVE-2025-5054 and CVE-2025-4598—impacting the core-dump handlers Apport and systemd-coredump on millions of Linux systems. These race-condition vulnerabilities could enable local attackers to extract highly sensitive data, including…

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google Apps Script a legitimate development platform within Google’s ecosystem to host deceptive phishing pages. This attack, masquerading as an invoice email, exploits the inherent trust…

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers, targeting unsuspecting users and businesses across multiple industries. These threats, including the CyberLock and Lucky_Gh0$t ransomware families, along with a newly identified destructive malware dubbed…

Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks

Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As organizations increasingly adopt multifactor authentication (MFA), passwordless solutions, and robust email protections, threat actors are…

New Study Uncovers Multiple Vulnerabilities in WeChat and IM Apps

Instant messaging (IM) applications like WeChat have become indispensable for billions, facilitating not only communication but also payments, business, and personal data exchange. However, their ubiquity and complexity make them prime targets for sophisticated cyberattacks. This article explores how a…

MICI NetFax Server Flaws Allow Attackers to Execute Remote Code

In a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd’s NetFax Server, affecting all versions before 3.0.1.0. These flaws—CVE-2025-48045, CVE-2025-48046, and CVE-2025-48047—allow attackers to gain root-level access through a chain of authenticated attacks, with…

Hackers Use AI-Generated Videos on TikTok to Spread Info-Stealing Malware

TrendMicro has uncovered a sophisticated campaign where threat actors are exploiting TikTok to distribute information-stealing malware. By leveraging AI-generated videos posing as tutorials for unlocking pirated software, cybercriminals trick unsuspecting viewers into executing malicious PowerShell commands. These commands download dangerous…

Novel Malware Evades Detection by Skipping PE Header in Windows

Researchers have identified a sophisticated new strain of malware that bypasses traditional detection mechanisms by entirely omitting the Portable Executable (PE) header in Windows environments. This innovative evasion tactic represents a significant shift in how malicious software can infiltrate systems,…