A sophisticated cyber-sabotage group known as Predatory Sparrow has emerged as one of the most destructive threat actors targeting Iranian critical infrastructure over the past several years. Unlike traditional cybercriminal operations focused on financial gain, this group executes highly disruptive…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Qilin Ransomware Exploits MSPaint and Notepad to Locate Sensitive Files
In the latter half of 2025, the Qilin ransomware group has solidified its standing as a formidable threat, continuing to post details of more than 40 victims per month on its public leak site. This rapid, relentless campaign—primarily impacting manufacturing,…
Critical CoPhish Exploit Uses Copilot Studio to Hijack OAuth Tokens
Security researchers at Datadog have uncovered a sophisticated phishing technique that weaponizes Microsoft Copilot Studio to conduct OAuth token theft attacks. Dubbed “CoPhish,” this attack method leverages the legitimate appearance of Microsoft domains to trick users into consenting to malicious…
Microsoft Adds Wi-Fi-Based Work Location Auto-Detection to Teams
Microsoft is preparing to introduce a groundbreaking feature in Teams that will revolutionise how hybrid workers manage their presence information. The new capability will automatically identify and update users’ work locations by detecting their connection to organisational Wi-Fi networks, eliminating…
North Korean Chollima Actors Added BeaverTail and OtterCookie to its Arsenal
Famous Chollima, a DPRK-aligned threat group, has evolved its arsenal, with BeaverTail and OtterCookie increasingly merging functionalities to steal credentials and cryptocurrency via deceptive job offers. A recent campaign involved a trojanized Node.js application distributed through a malicious NPM package,…
706,000+ BIND 9 DNS Resolvers Exposed to Cache Poisoning – PoC Released
A critical vulnerability affecting more than 706,000 BIND 9 DNS resolvers worldwide has been disclosed with proof-of-concept exploit code now publicly available. The security flaw enables attackers to perform cache poisoning attacks by injecting malicious DNS records into vulnerable resolver…
WhatsApp 0-Click Exploit Disclosed to Meta at Pwn2Own Security Event
Cybersecurity researchers from Team Z3 have withdrawn their planned demonstration of a zero-click remote code execution vulnerability in WhatsApp at the Pwn2Own Ireland 2025 hacking competition, opting instead for private coordinated disclosure to Meta. The high-stakes exploit, which stood to…
Top 10 Best Cloud Workload Protection Platforms (CWPP) in 2025
The cloud landscape in 2025 continues its unprecedented growth, with organizations of all sizes rapidly migrating critical workloads to public, private, and hybrid cloud environments. While cloud providers meticulously secure their underlying infrastructure, the onus of protecting everything within that…
Hackers Use ClickFix Technique to Deploy NetSupport RAT Loaders
Cybercriminals are increasingly using a technique known as “ClickFix” to deploy the NetSupport remote administration tool (RAT) for malicious purposes. According to a new report from eSentire’s Threat Response Unit (TRU), threat actors have shifted their primary delivery strategy from…
Hackers Exploit WordPress Arbitrary Installation Vulnerabilities in the Wild
Cybersecurity firm Wordfence has uncovered a renewed wave of mass exploitation targeting critical vulnerabilities in two popular WordPress plugins, allowing unauthenticated attackers to install malicious software and potentially seize control of websites. The flaws, first disclosed in late 2024, affect…
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Cybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on…
Top 10 Best Cloud Access Security Brokers (CASB) in 2025
The year 2025 marks a new era in enterprise cloud adoption, characterized by a complex tapestry of Software-as-a-Service (SaaS) applications, Infrastructure-as-a-Service (IaaS) platforms, and Platform-as-a-Service (PaaS) offerings. While cloud services deliver unparalleled agility and scalability, they also introduce significant security…
Top 10 Best Cloud Penetration Testing Providers in 2025
The rapid migration to cloud environments – AWS, Azure, and GCP being the dominant players continues unabated in 2025. While cloud providers offer robust underlying infrastructure security, the shared responsibility model dictates that securing everything in the cloud, from configurations…
Top 10 Best Bug Bounty Platforms in 2025
As digital attack surfaces expand with rapid innovation in cloud, AI, and Web3 technologies, organizations increasingly rely on the collective intelligence of ethical hackers to identify vulnerabilities before malicious actors can exploit them. These platforms facilitate a structured, incentivized approach…
Top 10 Best Cloud Security Companies For AWS, Azure And GCP in 2025
Organizations are not just adopting cloud; they are embracing multi-cloud and hybrid strategies as the new norm, distributing workloads across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) to optimize for cost, performance, and resilience. While the…
Top 10 Best Breach And Attack Simulation (BAS) Vendors in 2025
In the rapidly escalating cyber threat landscape of 2025, where attackers are more sophisticated and persistent than ever, a reactive security posture is no longer sufficient. Organizations worldwide are grappling with an expanding attack surface, the proliferation of advanced persistent…
Top 10 Best Digital Forensics And Incident Response (DFIR) Firms in 2025
In 2025, the complexity of cyberattacks demands more than just a quick fix; it requires a deep dive into the digital footprint left by adversaries and a methodical approach to recovery. For organizations facing such threats, partnering with the Best…
Top 10 Best Cyber Threat Intelligence Companies in 2025
Organizations face a relentless onslaught of highly targeted, evasive, and economically motivated cyber threats. To combat this, they are increasingly relying on Cyber Threat Intelligence Companies. To effectively combat this dynamic landscape, simply reacting to incidents is no longer sufficient.…
Top 10 Best Security Operations Center (SOC) as a Service Providers in 2025
In 2025, the digital landscape is more complex and perilous than ever. Organizations face an unrelenting barrage of sophisticated cyber threats, from advanced ransomware campaigns to nation-state-backed attacks. As a result, many are turning to SOC as a Service Providers…
Telegram Messenger Abused by Android Malware to Seize Full Device Control
Security researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X that grants cybercriminals complete control over victims’ accounts and devices. The malware, identified as Android.Backdoor.Baohuo.1.origin, has already infected more than 58,000 devices worldwide, with approximately…