Google has released Chrome 143 to the stable channel, addressing 13 security vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update is now rolling out to Windows, Mac, and Linux users worldwide. The latest version,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
BPFDoor and Symbiote: Advanced eBPF-Based Rootkits Target Linux Systems
Extended Berkeley Packet Filter (eBPF) represents one of Linux’s most powerful kernel technologies, enabling users to load sandboxed programs directly into the kernel for network packet inspection and system call monitoring. Introduced in 2015 to modernize the 1992 BPF architecture,…
Hackers Exploit Telegram, WinSCP, Chrome, and Teams to Deliver ValleyRat Malware
Researchers have uncovered a sophisticated malware campaign where threat actors weaponize trojanized installers for popular productivity applications to deploy ValleyRat, a persistent remote access tool. The operation demonstrates advanced evasion techniques, including kernel-level driver abuse, endpoint security tampering, and multi-stage…
OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read sensitive memory data.…
Azure API Management Vulnerability Lets Attackers Create Accounts Across Tenants
A critical security flaw in the Azure API Management Developer Portal enables attackers to bypass administrator controls and register accounts across multiple tenants, even when user sign-up has been explicitly disabled. The vulnerability remains unpatched as Microsoft considers it working…
DevilsTongue Spyware Targets Windows Users Across Multiple Countries
Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing an ongoing campaign deploying the sophisticated DevilsTongue malware against Windows users across several nations. The discovery highlights the persistent threat…
OpenAI Codex CLI Flaw Allows Attackers to Run Arbitrary Commands
OpenAI’s Codex CLI, a command-line tool designed to bring AI-powered reasoning into developer workflows, contains a critical vulnerability that allows attackers to execute arbitrary commands on developer machines without any user interaction or approval. Security researchers Isabel Mill and Oded…
Glassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious Packages
Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Marketplace and OpenVSX platforms.…
Apache Struts Flaw Allows Attackers to Launch Disk Exhaustion Attacks
A new security flaw has been found in Apache Struts, a popular open‑source web application framework used by many companies worldwide. The issue, tracked as CVE‑2025‑64775, could allow attackers to fill a server’s disk space, causing it to stop working correctly.…
Google Fixes Android Zero-Day Flaws Actively Exploited in the Wild
Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulletin, affect multiple Android versions and require immediate attention…
Mandatory ‘Undeletable’ Security App to Be Installed on Every Smartphone in India
In a significant decision that will affect millions of mobile phone users, the Indian government has ordered all smartphone companies to install a specific security app on every new device sold in the country. The Department of Telecommunications (DoT) issued…
Hackers Shift to ‘Living Off the Land’ Tactics to Evade EDR on Windows Systems
Security researchers have discovered that modern attackers are abandoning traditional offensive tools and instead weaponizing legitimate Windows utilities to conduct cyberattacks without triggering security alarms. This shift in tactics, known as “Living Off the Land,” poses a significant challenge for…
KimJongRAT Strikes Windows Users via Malicious HTA Files
Security researchers have confirmed that KimJongRAT, a sophisticated remote access Trojan attributed to the Kimsuky group and believed to be backed by North Korea, is being actively distributed via weaponized .hta files targeting Windows users. The discovery reveals a carefully…
Australian Man Jailed for Running Fake Wi-Fi Attacks at Airports and Onboard Flights
A Perth man has been sent to jail for stealing private videos from women and creating a fake Wi-Fi network to trick airline passengers. The 44-year-old’s crimes have shocked the aviation industry and left many victims feeling violated. The Fake…
Chinese Front Companies Offering Advanced Steganography Tools for APT Groups
The Chinese government’s cyber ecosystem continues to attract significant scrutiny from security researchers worldwide. Following revelations from Intrusion Truth, the i-Soon leaks, tracking of EagleMsgSpy, and exposure of Great Firewall components, a recent analysis has uncovered details about two technology…
Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process
Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a fundamental security mechanism that protects devices from malicious software during…
Linux 6.18 Rolls Out With Major Hardware Support Upgrades and Driver Enhancements
Linus Torvalds has officially released Linux 6.18, the latest stable version of the Linux kernel. The announcement came on Sunday, November 30, 2025, marking another milestone for the open-source operating system that powers everything from smartphones to supercomputers. Torvalds shared…
PoC Released for Outlook “MonikerLink” RCE Flaw Allowing Remote Code Execution
Security researchers have released a proof-of-concept (PoC) exploit for CVE-2024-21413, a critical remote code execution vulnerability in Microsoft Outlook dubbed “MonikerLink.” This flaw enables attackers to execute arbitrary code on victim systems via specially crafted emails, posing a serious risk…
APT36 Deploys Python-Based ELF Malware in Targeted Attacks on Indian Government Agencies
Pakistan-linked cyberespionage group APT36 (Transparent Tribe) has escalated its campaign against Indian government institutions with the deployment of sophisticated Python-based ELF malware specifically designed to compromise Linux-based BOSS operating environments, according to research published by CYFIRMA. The threat actor, historically…
Albiriox Malware Emerges, Targeting Android Users for Full Device Takeover
A dangerous new Android malware called Albiriox has been discovered by security researchers, posing a serious threat to mobile banking and cryptocurrency users worldwide. The malware operates as a Malware-as-a-Service (MaaS), allowing cybercriminals to rent access to this powerful hacking tool for…