Cisco has disclosed a critical zero-day vulnerability in its IOS and IOS XE software that is being actively exploited by threat actors in real-world attacks. The flaw, tracked as CVE-2025-20352, affects the Simple Network Management Protocol (SNMP) subsystem and allows both…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Multiple Apps on Google’s Firebase Platform Exposing Sensitive Data
A comprehensive security analysis has revealed a widespread vulnerability affecting Firebase-powered mobile applications, with over 150 popular apps inadvertently exposing sensitive user data through misconfigured Google Firebase services. The scope of this security crisis dwarfs previous incidents, potentially affecting thousands…
UK Police Arrest Suspect Tied to Ransomware Attack on European Airports
A person in his forties has been arrested in connection with a cyber-attack that caused days of disruption at several major European airports, including London Heathrow. The National Crime Agency (NCA) confirmed that officers detained the man on Tuesday evening…
Attackers Bypass EDR by Using In-Memory PE Loaders Delivered via Malicious Downloads
Security researchers have discovered a wave of attacks that use in-memory PE loaders to slip past endpoint detection and response (EDR) systems. In these incidents, threat actors deliver a small downloader to victims via malicious links or attachments. Once executed, the downloader…
Attackers Use Domain Fronting to Tunnel Malicious Traffic via Google Meet, YouTube and Chrome Update Servers
Attackers have discovered a way to exploit Google’s core services, Google Meet, YouTube, Chrome update servers and more using a technique called domain fronting. By making their malicious traffic appear as legitimate connections to high-trust domains, adversaries can tunnel data…
Weaponized Malware: GitHub Hosts Malware from Malwarebytes, LastPass, Citibank, SentinelOne, and More
A large-scale campaign targeting Mac users is leveraging fake GitHub pages to distribute information-stealing malware disguised as popular legitimate applications. Among the impersonated software are Malwarebytes for Mac, LastPass, Citibank, SentinelOne, and scores of other well-known brands. Although brand impersonation…
Chromium-Based Browsers in Windows Domains Vulnerable to Arbitrary Extension Loads
A new study has uncovered a method for silently installing custom extensions on Chromium-based browsers running in Windows domain environments. By exploiting how Chrome and its relatives store extension settings and security checks in preference files, attackers can inject arbitrary…
Russian Disinformation Campaign Targets Moldova’s Upcoming Elections
A sophisticated effort by Russian-linked actors is seeking to sway public opinion ahead of Moldova’s September 28, 2025, vote, raising concerns over foreign interference in the nation’s democratic process. Analysis of these sites revealed a technical fingerprint linking them to…
Attackers Exploit BMC Firmware Vulnerabilities to Bypass Signature Verification
In January 2025, Supermicro released patches addressing critical vulnerabilities in its Baseboard Management Controller (BMC) firmware validation logic. Despite these updates, subsequent research has uncovered bypass techniques that undermine signature verification and even compromise the BMC’s Root of Trust (RoT).…
OnePlus OxygenOS Vulnerability Lets Apps Access SMS Data Without User Permission
A newly disclosed flaw in OnePlus OxygenOS lets any app on a device read SMS and MMS messages without asking the user. Tracked as CVE-2025-10184, the issue stems from a permission bypass in the Telephony content provider (com.android.providers.telephony). Normally, apps…
CISA Reveals Hackers Breached U.S. Federal Agency via GeoServer RCE Flaw
Federal cybersecurity agency CISA has disclosed that attackers exploited a remote code execution vulnerability in GeoServer to breach a U.S. federal civilian executive branch agency. The incident response began after endpoint detection alerts sounded at the agency. Over three weeks,…
Banking Trojans Targeting Android Users Disguise as Government and Trusted Payment Apps
Since August 2024, a financially motivated threat group has been targeting Android users in Indonesia and Vietnam with banking trojans disguised as official government identity and payment applications. By employing elaborate download mechanisms, reusing infrastructure, and leveraging template-based spoofed sites,…
Salesforce CLI Installer Flaw Lets Attackers Run Code and Gain SYSTEM-Level Access
A serious security flaw in the Salesforce CLI installer (sf-x64.exe) has been assigned CVE-2025-9844. This weakness allows attackers to execute arbitrary code with SYSTEM-level privileges on Windows machines. Users who installed Salesforce CLI from untrusted sources may be at risk.…
Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts
A severe Stored Cross-Site Scripting (XSS) vulnerability in the Prompt module of the DNN Platform enables low-privilege attackers to inject and execute arbitrary scripts in the context of privileged users. Published as GHSA-2qxc-mf4x-wr29 by Daniel Valadas yesterday, this vulnerability affects…
RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders
Cisco Talos has uncovered a sophisticated, long-running campaign active since 2022 that leverages DLL search order hijacking to deliver a novel PlugX variant with overlapping characteristics of the RainyDay and Turian backdoors. This operation, targeting telecommunications and manufacturing organizations across…
North Korean IT Worker Gains Access to Organization’s Network Through Innocent Job Application
In today’s complex threat landscape, adversaries increasingly favor “malware-less” intrusion methods that slip past traditional defenses. One particularly insidious scheme involves North Korean operatives posing as legitimate remote IT professionals to infiltrate corporate networks. Trellix researchers recently uncovered a campaign…
SonicWall Issues Emergency Patch to Remove ‘OVERSTEP’ Rootkit Malware on SMA Devices
SonicWall has released an urgent software update for its Secure Mobile Access (SMA) 100 Series appliances to remove a dangerous rootkit known as ‘OVERSTEP.’ This backdoor malware was discovered in older SMA firmware versions and can give attackers persistent access…
CISA Issues Alert on Actively Exploited Google Chrome 0-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding an actively exploited zero-day vulnerability in Google Chrome. The vulnerability, designated as CVE-2025-10585, affects the V8 JavaScript and WebAssembly engine within Google Chromium, creating significant security…
Kali Linux 2025.3 Launches With Fresh Features and 10 New Pentesting Tools
Kali Linux 2025.3 has arrived, bringing a wave of improvements, updated firmware support, and a suite of ten new security tools. This release builds on the June 2025.2 update by refining core workflows, extending wireless capabilities, and preparing the distribution…
ShadowV2 Botnet Infects AWS Docker Containers to Launch DDoS Campaign
Darktrace’s latest investigation uncovered a novel campaign that blends traditional malware with modern DevOps technology. At the center of this operation lies a Python-based command-and-control (C2) framework hosted on GitHub CodeSpaces. The threat actors leverage a multi-stage Docker deployment initiated…