Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

IBM has issued a security bulletin highlighting multiple vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. The flaws, which range from medium to critical severity, could enable attackers to compromise sensitive data, execute arbitrary code, or…

Read more →

The Mobile Threat Intelligence (MTI) team identified a formidable new player in the mobile malware landscape: Crocodilus, an Android banking Trojan designed for device takeover. Initially observed in test campaigns with limited live instances, this malware has rapidly evolved, demonstrating…

Read more →

Threat actors have been found exploiting the ubiquitous “Prove You Are Human” verification systems to distribute malicious software. Specifically, this campaign leverages spoofed websites mimicking legitimate platforms like Gitcodes and DocuSign to deceive users into executing harmful PowerShell scripts on…

Read more →

On May 15, 2025, Coinbase, the largest U.S. cryptocurrency exchange, publicly disclosed a major security breach that exposed the sensitive personal data of 69,461 users—less than 1% of its monthly transacting base, but a significant figure given the depth of…

Read more →

The modern digital estate is under siege. Over the past 18 months, Microsoft’s threat protection teams have tracked a staggering 275% increase in ransomware encounters, with attackers shifting from broad, random attacks to highly targeted, multi-domain campaigns that exploit unique…

Read more →

Researchers have unearthed a sophisticated supply chain attack targeting Ruby Gems, a popular package manager for the Ruby programming language. Malicious actors have infiltrated the ecosystem by embedding backdoors in seemingly legitimate gems, enabling them to steal sensitive Telegram tokens…

Read more →

Active Directory (AD) Group Policy Objects (GPOs) are a cornerstone of centralized management for Windows environments, enabling administrators to configure operating systems, applications, and user settings across all domain-connected machines. The real work of applying these policies on client machines…

Read more →

Beijing, China, June 4th, 2025, CyberNewsWire After nearly a year of research and evaluation, Gartner released the first “Magic Quadrant for Network Detection and Response” report on May 29, ThreatBook became the only Chinese company selected. As enterprises accelerate their…

Read more →

Beijing, China, June 4th, 2025, CyberNewsWire After nearly a year of research and evaluation, Gartner released the first “Magic Quadrant for Network Detection and Response” report on May 29, ThreatBook became the only Chinese company selected. As enterprises accelerate their…

Read more →

Since 2016, the “DollyWay World Domination” campaign has quietly compromised more than 20,000 WordPress websites worldwide, exploiting vulnerabilities in plugins and themes to redirect visitors to malicious destinations.  The operation’s name comes from a telltale code string found in infected…

Read more →

A new and insidious threat has surfaced in the cybersecurity landscape as Darktrace’s Threat Research team uncovers PumaBot, a Go-based Linux botnet meticulously designed to exploit embedded Internet of Things (IoT) devices. Unlike conventional botnets that cast a wide net…

Read more →

A pro-Ukrainian hacktivist group known as BO Team, also operating under aliases such as Black Owl, Lifting Zmiy, and Hoody Hyena, has emerged as a formidable threat to Russian organizations in 2025. This group, which publicly declared its intentions via…

Read more →

The Android Security Bulletin for June 2025, published on June 2, details a series of high-severity vulnerabilities affecting a wide range of Android devices. Security patch levels of 2025-06-05 or later address all reported issues, with source code patches set…

Read more →

The manufacturing sector has emerged as a prime target for cyber attackers in 2024, with a staggering 71% surge in active threat actors compared to the previous year, according to a recent report by Forescout Technologies. Between 2024 and the…

Read more →

In a chilling revelation for cybersecurity professionals, the Russian Market has solidified its position as the leading hub for stolen credentials, fueling a dramatic rise in credential theft attacks worldwide. According to a 2024 report by ReliaQuest’s GreyMatter Digital Risk…

Read more →

The North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following a swift and thorough investigation, the company identified the incident as a small-scale credential stuffing attack. Unauthorized Access Incident on…

Read more →

A severe vulnerability in Apple’s iOS activation infrastructure has been uncovered, posing a significant risk to device security during the setup phase. This flaw, identified in the iOS Activation Backend at the endpoint https://humb.apple.com/humbug/baa, allows attackers to inject unauthenticated XML…

Read more →

A critical improper authentication vulnerability has been discovered in ConnectWise ScreenConnect, tracked as CVE-2025-3935 and mapped to CWE-287 (Improper Authentication). This flaw affects all ScreenConnect versions up to and including 25.2.3, exposing them to ViewState code injection attacks that could…

Read more →

A crucial point has been reached in the conflict between personal privacy and governmental monitoring in a time when digital communication is essential. Governments worldwide are grappling with the proliferation of strong encryption in messaging apps, social media platforms, and…

Read more →

Cross-site scripting (XSS) remains one of the most persistent threats in web security, but most discussions focus on traditional vectors. A lesser-known but intriguing avenue is exploiting JavaScript TypeError messages in Safari to achieve XSS. This technique leverages how Safari…

Read more →