The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability affecting Meta’s React Server Components to its Known Exploited Vulnerabilities (KEV) catalog. Assigned the identifier CVE-2025-55182, the security flaw dubbed “React2Shell” by the security community is currently being…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
LOLPROX Unveils Undetected Exploitation Routes for Stealthy Hypervisor Attacks
A new security analysis has unveiled “LOLPROX,” a comprehensive catalog of “Living Off The Land” (LOL) techniques specifically targeting Proxmox Virtual Environment (VE). The research, detailed by security researcher Andy Gill (ZephrSec), highlights how threat actors can weaponize the popular…
Critical Vulnerabilities Found in GitHub Copilot, Gemini CLI, Claude, and Other AI Tools Affect Millions
A groundbreaking security research project has uncovered a new class of vulnerabilities affecting virtually every major AI-powered integrated development environment (IDE) and coding assistant on the market. Dubbed “IDEsaster,” this attack chain exploits fundamental features of underlying IDE platforms to…
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code
A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked as CVE-2025-55182 and dubbed “React2Shell,” affects React and downstream ecosystems, including the…
Shanya EDR Killer: The New Favorite Tool for Ransomware Operators
A sophisticated new “packer-as-a-service” tool known as Shanya has emerged in the cybercriminal underground, rapidly becoming a preferred weapon for major ransomware groups looking to neutralize endpoint defenses. According to new research from Sophos, Shanya is an evolution in the…
Critical Cal.com Flaw Allows Attackers to Bypass Authentication Using Fake TOTP Codes
Cal.com has disclosed a critical authentication bypass vulnerability that could allow attackers to gain unauthorized access to user accounts by exploiting a flaw in password verification logic. The flaw, tracked as CVE-2025-66489 and assigned a critical CVSS v4 score of…
Indonesia’s Gambling Industry Reveals Clues of Nationwide Cyber Involvement
A massive Indonesian-speaking cybercrime operation spanning over 14 years has been uncovered, revealing a sophisticated infrastructure that shows hallmarks of state-level backing and resources typically associated with advanced persistent threat actors. Security researchers at Malanta have exposed what may be…
Barts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop Ransomware
Barts Health NHS Trust has disclosed a significant data breach affecting patient and staff information after the Cl0p ransomware gang exploited a critical vulnerability in Oracle E-Business Suite software. The criminal syndicate stole files from an invoice database. It published…
Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data
A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket Threat Research Team have discovered two malicious software packages that impersonate popular Google tools. These fake packages, designed to trick…
FvncBot Android Malware Steals Keystrokes and Injects Harmful Payloads
A newly discovered Android banking trojan, FvncBot, has emerged as a sophisticated threat targeting mobile banking users in Poland. Researchers from Intel 471 first identified this malware on November 25, 2025, disguised as a security application from mBank, one of…
2.15M Next.js Web Services Exposed Online, Active Attacks Reported – Update Immediately
Security teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as “React2Shell.” The flaw affects React Server Components (RSC) and has a maximum CVSS score of 10, the highest possible rating,…
Apache Tika Core Flaw Allows Attackers to Exploit Systems with Malicious PDF Uploads
A newly disclosed critical vulnerability in Apache Tika could allow attackers to compromise servers by simply uploading a malicious PDF file, according to a security advisory published by Apache maintainers. Tracked as CVE-2025-66516, the flaw affects Apache Tika core, Apache Tika parsers, and the Apache Tika PDF…
MuddyWater Hackers Use UDPGangster Backdoor to Bypass Network Defenses on Windows
The MuddyWater threat group has escalated its cyber espionage operations by deploying UDPGangster, a sophisticated UDP-based backdoor designed to infiltrate Windows systems while systematically evading traditional network defenses. Recent intelligence gathered by FortiGuard Labs reveals coordinated campaigns targeting high-value victims…
Threat Actors Distribute CoinMiner Malware through USB Drives to Infect Workstations
Cybercriminals continue to exploit USB drives as infection vectors, with recent campaigns delivering sophisticated CoinMiner malware that establishes persistent cryptocurrency-mining operations on compromised workstations. Security researchers have documented an evolving threat that leverages social engineering and evasion techniques to avoid…
Avast Antivirus Sandbox Vulnerabilities Allow Privilege Escalation
SAFA researchers uncovered four kernel heap overflow vulnerabilities in Avast Antivirus’s aswSnx.sys driver, designated CVE-2025-13032, affecting versions before 25.3 on Windows. These flaws originate from double-fetch issues in IOCTL handling, allow local attackers to trigger pool overflows for privilege escalation…
NCSC Launches Proactive Notification Service to Alert System Owners of Vulnerabilities
The UK’s National Cyber Security Centre (NCSC) has introduced a new initiative designed to protect organisations from cyber threats. Working alongside Netcraft, the NCSC has launched the Proactive Notification Service, a groundbreaking program that identifies and alerts system owners about security…
Hackers Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells
A critical command injection vulnerability in Array Networks’ ArrayOS AG systems has become the focus of active exploitation campaigns, with Japanese organizations experiencing confirmed attacks since August 2025. According to alerts from JPCERT/CC, threat actors are leveraged the vulnerability to install webshells…
Russian Calisto Hackers Target NATO Research with ClickFix Malware
Russian intelligence-linked cyber threat actors have intensified their operations against NATO research organizations, Western defense contractors, and NGOs supporting Ukraine, employing sophisticated phishing and credential harvesting techniques. The Calisto intrusion set, attributed to Russia’s FSB intelligence service, has escalated its…
Russian Hackers Imitate European Events in Coordinated Phishing Campaigns
Russian state-linked hackers are impersonating high-profile European security conferences to compromise cloud email and collaboration accounts at governments, think tanks, and policy organizations, according to new research from cybersecurity firm Volexity. The campaigns, active through late 2025, abuse legitimate Microsoft…
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access
The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend…