Apple has released a comprehensive set of security updates across its entire product ecosystem on July 29, 2025, addressing multiple vulnerabilities including a critical Safari flaw that was reportedly exploited in Chrome zero-day attacks. The updates span iOS, iPadOS, macOS,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Microsoft SharePoint Server 0-Day Exploit Targets African Treasury, Companies, and University
A sophisticated zero-day exploit campaign targeting unpatched vulnerabilities in Microsoft SharePoint Server has compromised approximately 400 organizations worldwide, with potential for a far higher victim count due to underreporting and delayed detections. The attacks, first identified last week by Dutch…
APT Hackers Target Maritime and Shipping Industry for Ransomware Attacks
The maritime sector, which facilitates approximately 90% of international trade, is facing an unprecedented surge in sophisticated cyberattacks from advanced persistent threat (APT) groups, ransomware operators, and hacktivists, driven by escalating geopolitical conflicts. According to a recent Cyble intelligence report,…
Dropbox Passwords Service Ending: Export Your Vault Before Oct 28, 2025
Dropbox has announced the discontinuation of its Passwords service, giving users until October 28, 2025, to export their stored credentials before the feature is permanently shut down. The cloud storage company is phasing out the password management tool as part…
Lazarus Group Enhances Malware with New OtterCookie Payload Delivery Technique
The Contagious Interview campaign conducted by the Lazarus Group continues to expand its capabilities. We have observed an exponential evolution in the delivery mechanisms for the campaign’s main payloads: BeaverTail, InvisibleFerret, and OtterCookie. In this article, we will discuss the…
BeyondTrust Privilege Management Flaw Lets Hackers Escalate System Access
BeyondTrust has disclosed a critical privilege escalation vulnerability in its Privilege Management for Windows solution that could allow local authenticated attackers to gain administrator-level access to compromised systems. The security flaw, tracked as CVE-2025-2297, affects versions before 25.4.270.0 and carries a…
WordPress Theme Security Vulnerability Enables to Execute Arbitrary Code Remotely
A critical security vulnerability has been discovered in the popular “Alone” WordPress theme that allows unauthenticated attackers to execute arbitrary code remotely and potentially take complete control of affected websites. The vulnerability, tracked as CVE-2025-5394, affects the charity and non-profit…
New Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption Feature
The new Gunra group has expanded its attack surface beyond Windows PCs by releasing a Linux version of their virus, which was initially discovered in April 2025. This is a major uptick in the ransomware ecosystem. This development underscores the…
New JSCEAL Attack Aims to Steal Credentials and Wallets from Crypto App Users
Check Point Research (CPR) has identified a sophisticated malware campaign dubbed JSCEAL, which targets users of cryptocurrency trading applications through malicious advertisements and compiled JavaScript payloads. Active since at least March 2024, the operation has evolved to incorporate advanced anti-analysis…
CISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker Group
The joint Cybersecurity Advisory AA23-320A, collaboratively issued by agencies such as the FBI, CISA, RCMP, ASD’s ACSC, AFP, CCCS, and NCSC-UK, serves as a critical update on the Scattered Spider cybercriminal group. Originally published in November 2023 and revised multiple…
ChatGPT Agent Defeats Cloudflare’s ‘I Am Not a Robot’ Security Check
In a significant development that highlights both the advancing capabilities of AI and potential vulnerabilities in web security systems, a ChatGPT-powered agent has successfully bypassed Cloudflare’s widely-used “I am not a robot” verification system. The breakthrough, demonstrated through automated interactions…
Severe Vulnerability in AI Vibe Lets Attackers Access Private User Applications
A critical security vulnerability in the popular AI-powered development platform Base44 allowed unauthorized attackers to bypass authentication controls and gain access to private enterprise applications, according to a new report from Wiz Research. The flaw, which has since been patched,…
Hackers Target SAP NetWeaver to Deploy New Auto-Color Linux Malware
Cybersecurity researchers at Darktrace have uncovered a sophisticated attack targeting a US-based chemicals company, marking the first observed instance of threat actors exploiting SAP NetWeaver vulnerabilities to deploy Auto-Color backdoor malware. The incident, which occurred over three days in April…
Free Decryptor Released for AI-Powered FunkSec Ransomware
Researchers at Avast have unveiled a free decryptor tool for victims of the FunkSec ransomware, marking a significant step in combating this now-defunct malware strain. Developed in collaboration with law-enforcement agencies, the decryptor enables affected users to recover encrypted files…
Enterprise LLMs Vulnerable to Prompt-Based Attacks Leading to Data Breaches
Security researchers have discovered alarming vulnerabilities in enterprise Large Language Model (LLM) applications that could allow attackers to bypass authentication systems and access sensitive corporate data through sophisticated prompt injection techniques. The findings reveal that many organizations deploying AI-powered chatbots…
New Microsoft Guidance Targets Defense Against Indirect Prompt Injection
Microsoft has unveiled new guidance addressing one of the most pressing security challenges facing enterprise AI deployments: indirect prompt injection attacks. This emerging threat vector has become the top entry in the OWASP Top 10 for LLM Applications & Generative…
Chrome Vulnerabilities Allow Attackers to Hijack Memory and Run Malicious Code
Google has released an emergency security update for its Chrome browser to address critical vulnerabilities that could allow attackers to hijack system memory and execute malicious code on affected devices. The Stable channel has been updated to version 138.0.7204.183/.184 for…
Orange Hit by Cyberattack, Internal Systems Hacked
French telecommunications giant Orange confirmed it suffered a significant cyberattack on Friday, July 25th, targeting one of its critical information systems. The incident has disrupted services for business customers and some consumer services, primarily affecting operations in France as the…
Android Banking Malware Masquerades as Government Agencies to Attack Users
Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated Android banking trojan dubbed RedHook, which disguises itself as legitimate applications from Vietnamese government and financial institutions to deceive users. This malware, first observed in the wild around January 2025,…
Qilin Ransomware Gains Momentum with Legal Assistance Option for Affiliates
The Qilin ransomware gang has introduced a “Call Lawyer” feature for its affiliates, announced on a Russian-speaking darknet forum. This Ransomware-as-a-Service (RaaS) enhancement provides on-demand legal assistance during extortion negotiations, leveraging the perceived authority of legal counsel to amplify pressure…