Italian State Police, working alongside French and Romanian authorities, have successfully dismantled a sophisticated ransomware operation known as “Diskstation” that specifically targeted Synology Network Attached Storage (NAS) systems worldwide. The international investigation, coordinated by EUROPOL and led by Milan’s Cybersecurity…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Curl 8.15.0 Officially Released: 233 Bugs Fixed in Major Update
Curl, the ubiquitous command-line tool and library for transferring data with URLs, has reached version 8.15.0 with a landmark release that addresses more than 230 bugs and streamlines its internal architecture. Officially launched today at 10:00 CEST (08:00 UTC) in…
Former U.S. Army Member Pleads Guilty in Telecom Hacking Case
A 21-year-old former U.S. Army soldier has pleaded guilty to participating in a sophisticated cybercrime operation that targeted telecommunications companies through hacking, data theft, and extortion schemes. Cameron John Wagenius, who was stationed in Texas during his military service, admitted…
Node.js Vulnerabilities Leave Windows Apps Vulnerable to Path Traversal and HashDoS
The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities that pose significant risks to Windows applications and could enable denial-of-service attacks. The vulnerabilities, identified as CVE-2025-27210 and CVE-2025-27209, affect active Node.js release…
Google Chrome 0-Day Vulnerability Under Active Exploitation
Google has released an emergency security update for Chrome 138 to address a critical zero-day vulnerability that is actively being exploited in the wild. The vulnerability, tracked as CVE-2025-6558, affects the browser’s ANGLE and GPU components and has prompted immediate…
VMware ESXi and Workstation Vulnerabilities Allow Host-Level Code Execution
Broadcom disclosed four critical vulnerabilities in VMware’s virtualization suite on July 15, 2025, enabling attackers to escape virtual machines and execute code directly on host systems. The flaws, discovered through the Pwn2Own competition, affect ESXi, Workstation, Fusion, and VMware Tools…
Ransomware Attack on Albemarle County Exposes Residents’ Personal Information
Albemarle County, Virginia, discovered irregularities in its IT infrastructure under a sophisticated ransomware attack. The breach was quickly recognized by cybersecurity experts as a ransomware deployment, a type of malware that encrypts data and demands payment to decrypt it. This…
Microsoft Explains How Security Copilot in Intune and Entra Supports Security and IT Teams
Microsoft has detailed how its Security Copilot, an AI-powered tool, is transforming security and IT operations by embedding generative AI directly into daily workflows, aligning with Zero Trust principles to enable faster threat response and decision-making. Launched last year, Security…
DShield Honeypot Scanning Hits Record High with Over 1 Million Logs in a Single Day
DShield honeypots have reported previously unheard-of log quantities in a startling increase in cyber reconnaissance activity, with some subnets producing over a million entries in a single day. This surge, observed across multiple honeypot instances including residential and archived setups,…
Federal IT Contractor to Pay $14.75M for False Cybersecurity Services Claims
Hill ASC Inc., operating as Hill Associates and based in Rockville, Maryland, has agreed to a multimillion-dollar settlement with the U.S. Department of Justice to address allegations of violating the False Claims Act through improper billing practices under a General…
Iranian Threat Actors Target U.S. Critical Infrastructure, Including Water Systems
Iran’s Islamic Revolutionary Guard Corps (IRGC) has increased its asymmetric cyber operations in response to recent U.S. attacks on Iranian nuclear sites. Intelligence Group 13 has emerged as a major aggressor in attacking critical infrastructure in the United States. This…
GLOBAL GROUP RaaS Adds AI-Powered Negotiation Feature for Ransom Demands
A newly surfaced Ransomware-as-a-Service operation, dubbed GLOBAL GROUP, has begun deploying an AI‐driven negotiation tool that elevates the psychological pressure on victims and streamlines extortion workflows for affiliates. Security researchers at EclecticIQ first identified GLOBAL GROUP’s activity in early June…
Octalyn Stealer Harvests VPN Configs, Passwords, and Cookies in Organized Folder Structure
The Octalyn Forensic Toolkit, which is openly accessible on GitHub, has been revealed as a powerful credential stealer that poses as a research tool for red teaming and digital forensics. This is a worrying development for cybersecurity. Developed with a…
Kafbat UI Vulnerabilities Allow Arbitrary Code Execution via JMX Services
A critical security vulnerability has been discovered in Kafbat UI, a popular web-based interface for managing Apache Kafka clusters, allowing unauthenticated attackers to execute arbitrary code on affected systems through unsafe deserialization attacks. Critical Vulnerability Details The vulnerability, designated as…
North Korean Hackers Exploit 67 Malicious npm Packages to Spread XORIndex Malware
The Socket Threat Research Team has discovered a new software supply chain attack that uses a malware loader called XORIndex that had not been previously reported, marking a major uptick in North Korean cyber operations. This activity builds on the…
New AsyncRAT Forks Discovered Featuring Screamer Tool and USB Malware Spreader
Cybersecurity researchers have identified two sophisticated AsyncRAT variants that expand the remote access trojan’s capabilities with a psychological warfare component and enhanced propagation mechanisms. The newly discovered forks introduce a “Screamer” plugin designed to terrorize victims through audio manipulation and…
BaitTrap Reveals Global Web of 17,000+ Fraud-Promoting Fake News Sites
Cybersecurity firm CTM360 has unveiled an extensive network of over 17,000 Baiting News Sites (BNS), engineered by cybercriminals to disseminate investment fraud on a global scale. These deceptive platforms, identified through CTM360’s proprietary WebHunt monitoring system, masquerade as authoritative news…
Hacktivists Launch Attacks on ICS Systems to Exfiltrate Sensitive Information
Hacktivists’ attacks on Industrial Control Systems (ICS) are becoming more intense in a noticeable evolution of ideologically motivated cyber operations. They have progressed from simple Distributed Denial of Service (DDoS) attacks and website vandalism to more complex intrusions targeted at…
LaRecipe Tool with 2.3M Downloads Found Vulnerable to Full Server Takeover
A critical security vulnerability has been discovered in LaRecipe, a popular Laravel documentation package with over 2.3 million downloads, that could allow attackers to completely compromise affected servers. The vulnerability, identified as CVE-2025-53833, enables Server-Side Template Injection (SSTI) attacks that…
14 Hackers Arrested in Massive Tax Fraud Scheme, Authorities Confirm
Authorities have arrested 14 individuals in a coordinated international operation targeting a sophisticated tax fraud scheme that exploited stolen personal data to submit fraudulent claims worth over £1 million. The arrests demonstrate the growing collaboration between UK and Romanian law…