Researchers at Trendyol, a leading e-commerce platform, have uncovered multiple vulnerabilities in Meta’s Llama Firewall, a suite of tools designed to safeguard large language models (LLMs) against malicious inputs. Llama Firewall incorporates components like PROMPT_GUARD for mitigating prompt injection attacks…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Fake Gaming and AI Companies Target Windows and macOS Users with Drainer Malware Attacks
The cybersecurity company Darktrace has uncovered a persistent, intricate social engineering campaign that targets bitcoin users, building on earlier findings by Cado Security Labs in December 2024. Threat actors are fabricating elaborate startup companies themed around AI, gaming, video conferencing,…
Bitcoin Depot Breach Exposes Data of 27,000 Crypto Users
Bitcoin Depot, Inc., a prominent cryptocurrency ATM operator, has disclosed a data breach that compromised the personal information of approximately 27,000 users. The breach, which involved unauthorized access to sensitive customer records, underscores the persistent vulnerabilities in the fintech sector,…
GPUHammer: First-Ever Rowhammer Attack Targeting NVIDIA GPUs
Researchers from the University of Toronto have unveiled the first successful Rowhammer attack on an NVIDIA GPU, specifically targeting the A6000 model equipped with GDDR6 memory. Dubbed “GPUHammer” in some circles, this exploit builds on the decade-old Rowhammer vulnerability, traditionally…
OpenAI Set to Launch AI-Powered Web Browser in the Coming Weeks
OpenAI is on the cusp of introducing a groundbreaking AI-infused web browser, slated for release in the imminent weeks, as detailed in a recent Reuters report. This innovative browser is poised to embed OpenAI’s Operator AI agent directly into its…
Hackers Compromise WordPress GravityForms Plugin with Malicious Code Injection
Hackers have targeted the popular WordPress plugin Gravity Forms, injecting malicious code into versions downloaded from the official gravityforms.com domain. The breach was first reported on July 11, 2025, when security researchers noticed suspicious HTTP requests to the domain gravityapi.org,…
Thermomix TM5 Vulnerabilities Enable Remote Takeover by Attackers
Researchers have uncovered multiple vulnerabilities in the Thermomix TM5, a multifunctional kitchen appliance from Vorwerk, allowing attackers to potentially achieve remote takeover through firmware manipulation and persistent code execution. The device’s main board, powered by a Freescale/NXP i.MX28 SoC with…
Hacker Returns $42 Million in Stolen Crypto in Exchange for $5 Million Bounty
A security flaw in the GMX V1 software was made public, causing a significant upheaval in the decentralized finance (DeFi) ecosystem and forcing immediate action to protect user assets. GMX, a prominent perpetual futures trading platform built on blockchain technology,…
Microsoft Broadens Zero Trust Training to Address Network and SecOps Domains
Zero Trust architectures are being adopted by enterprises globally to update their security postures in response to the fast changing cyberthreat landscape, where traditional perimeter-based defenses are becoming more and more insufficient. Zero Trust operates on the principle of “never…
ClickFix: The Emerging Technique Threat Actors Use to Dominate Targeted Organizations
Threat actors have increasingly adopted ClickFix, a sophisticated social engineering technique that deceives users into executing malicious commands under the guise of resolving common computer issues like performance lags or pop-up errors. This method, often delivered via compromised websites, malvertising,…
SLOW#TEMPEST Hackers Adopt New Evasion Tactics to Bypass Detection Systems
Security researchers have uncovered a sophisticated evolution in the SLOW#TEMPEST malware campaign, where threat actors are deploying innovative obfuscation methods to evade detection and complicate analysis. This variant, distributed via an ISO file containing a mix of benign and malicious…
Qilin Leads in Exploiting Unpatched Fortinet Vulnerabilities
The Qilin group has surged to prominence by aggressively exploiting critical vulnerabilities in Fortinet devices, underscoring a broader trend of sophisticated cyber extortion tactics targeting data-dependent sectors. Global ransomware victims dropped to 463, a 15% decline from May’s 545, yet…
Arkana Ransomware Gang Claims Theft of 2.2 Million Customer Records
The Arkana ransomware group burst onto the cybercrime scene with a high-profile attack on WideOpenWest (WOW!), a prominent U.S. internet service provider, in late March. The group boldly claimed to have exfiltrated two massive databases containing approximately 403,000 and 2.2…
Mis-scoped AWS Organizations Policy Allowed Hackers to Seize Full Control of AWS Environment
Security professionals have uncovered serious vulnerabilities in AWS Organizations in a ground-breaking study by Cymulate Research Labs that might allow attackers to switch between accounts, increase privileges, and take control the entire organization.l takeover. The research focuses on how misconfigured…
Infostealers Targeting macOS Users in Active Campaigns to Steal Sensitive Data
MacOS infostealers are becoming a powerful and underappreciated method of data exfiltration in a world where Windows-centric threats predominate. They act as predecessors to ransomware deployments and significant breaches. These malware variants, often distributed via Malware-as-a-Service (MaaS) models, meticulously harvest…
Microsoft Removes High-Privilege Access to Strengthen Microsoft 365 Security
Microsoft has taken a significant step forward in bolstering the security of its Microsoft 365 ecosystem by systematically eliminating high-privileged access (HPA) across all applications, as part of its broader Secure Future Initiative (SFI). This initiative integrates efforts across the…
Iranian APT Hackers Targeting Transportation and Manufacturing Sectors in Active Attacks
Nozomi Networks Labs cybersecurity researchers have reported a startling 133% increase in cyberattacks linked to well-known Iranian advanced persistent threat (APT) groups in May and June 2025, following current tensions with Iran. This uptick aligns with warnings from U.S. authorities,…
Rockerbox Data Breach Exposes 245,949 Users’ SSNs and Driver’s Licenses
Jeremiah Fowler, an ethical researcher, discovered an unsecured database with 245,949 entries totaling 286.9 GB in a huge cybersecurity issue. The database was assumed to be owned by Rockerbox, a tax credit consulting organization situated in Texas. The exposed repository,…
RapidFire Network Detective Vulnerabilities Expose Sensitive Data to Threat Actors
Security researchers have discovered two critical vulnerabilities in RapidFire Tools Network Detective, a widely-used network assessment and reporting tool developed by Kaseya, that expose sensitive credentials to potential attackers. The flaws, disclosed on July 10th, 2025, affect organizations using the…
Russian Basketball Star Arrested Over Ransomware Attacks on 900+ Companies
A prominent Russian basketball player has been arrested in France on charges related to one of the most extensive ransomware operations in recent years, highlighting the ongoing intersection between cybercrime and international law enforcement. Daniil Kasatkin, a 26-year-old professional basketball…