Apple has released a comprehensive security update for iOS 26 and iPadOS 26, addressing 27 vulnerabilities across multiple system components. The update, released on September 15, 2025, targets devices including iPhone 11 and later models, along with various iPad generations from iPad…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Microsoft Releases Fix for Windows 11 24H2 Bluetooth Audio Malfunction Affecting Headsets and Speakers
Microsoft has successfully resolved a critical audio compatibility issue that left thousands of Windows 11 version 24H2 users without functioning Bluetooth headsets, speakers, and integrated laptop audio devices. The company released a targeted driver update on September 12, 2025, addressing…
Spring Framework Security Flaws Allow Authorization Bypass and Annotation Detection Issues
A pair of medium-severity vulnerabilities in the Spring Framework and Spring Security libraries were disclosed on September 15, 2025. Both flaws involve the annotation detection mechanism used by Spring Security’s method security features and can lead to authorization bypass in…
0-Click Linux Kernel KSMBD Vulnerability Enables Remote Code Execution via N-Day Exploit
A recent vulnerability in the Linux Kernel’s KSMBD module allows an attacker to execute arbitrary code on a target system without any user interaction. KSMBD is a kernel-space SMB3 server that handles network file sharing. Researchers demonstrated a stable exploit…
Popular NPM Package ‘ctrl/tinycolor’ with 2M Weekly Downloads and 40+ Others Compromised in Supply Chain Attack
The NPM ecosystem is under attack once again, with a sophisticated supply chain compromise targeting the widely-used @ctrl/tinycolor package and over 40 other JavaScript packages. This latest incident represents a significant escalation in supply chain threats, featuring self-propagating malware that…
New Maranhão Stealer Targets Users Through Pirated Software and Cloud Services
A sophisticated new information-stealing malware campaign dubbed Maranhão Stealer has emerged, targeting gaming enthusiasts through malicious pirated software distributed via cloud-hosted platforms. The campaign, first identified by security researchers in May 2025, represents a concerning evolution in credential theft operations, combining social…
Open Source CyberSOCEval Sets New Benchmark for AI in Malware Analysis and Threat Intelligence
Open Source CyberSOCEval, a newly launched evaluation platform, is making waves in the cybersecurity community by demonstrating how artificial intelligence can transform malware analysis and threat intelligence. Developed by a group of independent security researchers, CyberSOCEval combines advanced machine learning…
Microsoft Resolves Bluetooth Audio Problem in Windows 11 24H2 Update
Microsoft has addressed a widespread audio issue affecting Bluetooth speakers, headsets, and integrated laptop speakers in Windows 11 version 24H2. The problem stemmed from an incompatibility with Dirac Audio software on certain devices, causing audio devices to go silent and…
Phishing Campaigns Exploit RMM Tools to Sustain Remote Access
A sophisticated phishing operation in which attackers deploy remote monitoring and management (RMM) tools—ITarian (formerly Comodo), PDQ Connect, SimpleHelp, and Atera—to gain persistent remote access to compromised systems. By disguising malicious installers as legitimate browser updates, meeting or party invitations,…
Sidewinder Hackers Weaponize Nepal Protests to Spread Cross-Platform Malware
Sidewinder, a well-known advanced persistent threat (APT) group, has adapted its tactics to exploit the ongoing protests in Nepal, deploying a coordinated campaign of mobile and Windows malware alongside credential phishing. By masquerading as respected national institutions and figures, the…
Burger King Uses DMCA to Remove Blog Exposing Drive-Thru System Security Flaws
Burger King has invoked the Digital Millennium Copyright Act to force the removal of a security researcher’s blog post that disclosed serious vulnerabilities in its new drive-thru “Assistant” system. Ethical hacker BobDaHacker published a report showing how attackers could bypass…
Red AI Range: Advanced AI Tool for Identifying and Mitigating Security Flaws
Red AI Range (RAR) offers a turnkey platform for AI red teaming and vulnerability assessment, enabling security professionals to simulate realistic attack scenarios, uncover weaknesses, and deploy fixes all within a controlled, containerized environment. By consolidating diverse AI vulnerabilities and…
Pro-Russian Hackers Target Critical Industries Across the Globe
In 2024, as the Russia-Ukraine war prolongs and military and economic cooperation between North Korea and Russia deepens, cyberspace has emerged as a central battleground for international conflict. Russia is increasingly using cyber-attacks as a strategic tool to alleviate economic…
IBM QRadar SIEM Vulnerability Allows Unauthorized Actions by Attackers
A permissions issue in IBM QRadar SIEM could enable local privileged users to modify configuration files without proper authorization. Tracked as CVE-2025-0164, this flaw stems from incorrect permission assignment for a critical resource, potentially compromising the integrity of a deployed…
Hackers using generative AI “ChatGPT” to evade anti-virus defenses
The Kimsuky APT group has begun leveraging generative AI ChatGPT to craft deepfake South Korean military agency ID cards. Phishing lures deliver batch files and AutoIt scripts designed to evade anti-virus scanning through sophisticated obfuscation. Organizations must deploy endpoint detection…
FBI Releases IOCs on Cyber Threats Exploiting Salesforce for Data Theft
The Federal Bureau of Investigation (FBI) has released a detailed flash advisory disclosing indicators of compromise (IOCs) and tactics used by two cybercrime groups—UNC6040 and UNC6395—to breach Salesforce customer environments and siphon sensitive data. Coordinated with the Department of Homeland…
LangChainGo Vulnerability Allows Malicious Prompt Injection to Access Sensitive Data
A recently discovered flaw in LangChainGo, the Go implementation of the LangChain framework for large language models, permits attackers to read arbitrary files on a server by injecting malicious prompt templates. Tracked as CVE-2025-9556, this vulnerability arises from the use…
BlackNevas Ransomware Encrypts Files, Exfiltrates Corporate Data
Countries with most cyberattacks stopped highlighting global cyber defense efforts, including key regions in Asia-Pacific and North America. BlackNevas has released a comprehensive attack strategy spanning three major regions, with the Asia-Pacific area bearing the heaviest burden of attacks at 50%…
AppSuite-PDF, PDF Editor Operators Exploited 26 Code-Signing Certificates to Fake Legitimacy
Analysis reveals that the developers behind the AppSuite-PDF and PDF Editor campaigns have abused at least 26 distinct code-signing certificates over the past seven years to lend legitimacy to their malware, collectively tracked as BaoLoader. Previously classified as potentially unwanted…
Top 10 Best Ransomware Protection Companies in 2025
As per a recent Sophos report from July 2025, 53% of Indian organizations impacted by ransomware paid the ransom, though the median payment saw a significant drop to around $481,636 (approximately ₹4 crore). However, the average recovery cost, excluding ransom,…