Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Cognizant Technology Solutions is facing a wave of legal challenges in the United States following a significant data breach at its subsidiary, TriZetto Provider Solutions (TPS). The IT services giant has been hit with at least three class-action lawsuits alleging…

Read more →

A threat actor operating under the alias “victim” has claimed responsibility for a significant data breach targeting Tokyo FM Broadcasting Co., Ltd., a central radio broadcasting station in Japan. The alleged intrusion, which was observed on January 1, 2025, reportedly…

Read more →

Over 3,000 organisations, predominantly in manufacturing, fell victim to a sophisticated phishing campaign in December 2025 that leveraged Google’s own application infrastructure to bypass enterprise email security controls. Attackers sent deceptive messages from noreply-application-integration@google.com, marking a critical shift in how threat…

Read more →

In December 2025, the Iran-linked hacking group known as Handala escalated its influence operations against Israel’s political establishment by publishing material it claimed was pulled from the fully “compromised” mobile devices of two high-profile officials. A technical review by threat…

Read more →

The legendary Careto threat actor, also known as “The Mask,” has resurfaced after a decade-long disappearance, employing sophisticated new attack methods that demonstrate the group’s continued evolution and technical prowess. Kaspersky researchers unveiled these findings during the 34th Virus Bulletin…

Read more →

The Apache Software Foundation has released a security advisory addressing a memory corruption vulnerability in the Apache NuttX Real-Time Operating System (RTOS). Tracked as CVE-2025-48769, this flaw affects widely used embedded systems and could allow attackers to destabilize devices or manipulate…

Read more →

A groundbreaking study from researchers at the University of Luxembourg reveals a critical security paradigm shift: large language models (LLMs) are being weaponized to automatically generate functional exploits from public vulnerability disclosures, effectively transforming novice attackers into capable threat actors.…

Read more →

A sophisticated Chinese threat actor dubbed DarkSpectre has compromised 8.8 million users across Chrome, Edge, and Firefox through three distinct malware campaigns that have operated undetected for over seven years, researchers revealed today. The operation represents one of the most…

Read more →

NeuroSploit v2 is an advanced AI-powered penetration testing framework designed to automate and enhance offensive security operations. Leveraging cutting-edge large language model (LLM) technology, the framework brings automation to vulnerability assessment, threat simulation, and security analysis workflows. NeuroSploit v2 represents…

Read more →

The cybercriminal underground has entered a new phase of industrialization. Hudson Rock researchers have uncovered ErrTraffic v2, a sophisticated ClickFix-as-a-Service platform that commoditizes deceptive social engineering at an unprecedented scale. Priced at just $800 and advertised on top-tier Russian cybercrime…

Read more →

GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS Code extensions, has completed a significant platform pivot to macOS with 50,000 downloads and a fully…

Read more →

The open-source community has received a major update with the release of AdaptixC2 Version 1.0. This new version brings significant enhancements to the Command and Control (C2) framework, with a focus on network stability, user interface (UI) performance, and operational…

Read more →

Cybersecurity researchers have spotted a new high-sophistication malware loader being advertised on dark web forums, marketed as a commercial solution for evading modern endpoint protection. The tool, dubbed InternalWhisper x ImpactSolutions, is being promoted by a threat actor known as “ImpactSolutions.”…

Read more →

Israel’s National Cyber Directorate has issued an urgent alert warning of an active spear-phishing campaign specifically targeting individuals employed in security and defense-related sectors. The operation, linked to infrastructure associated with APT42 (also known as Charming Kitten), represents a deliberate…

Read more →

IBM has disclosed a critical authentication bypass vulnerability affecting its API Connect platform, assigning it a maximum CVSS severity score of 9.8. The flaw, tracked as CVE-2025-13915, represents a primary authentication weakness (CWE-305) that requires no user interaction or special…

Read more →

The cybersecurity landscape entered a critical new era in the second half of 2025 as AI-powered malware transitioned from theoretical threat to tangible reality, while the ransomware-as-a-service economy expanded at an unprecedented pace. According to ESET Research’s latest Threat Report,…

Read more →

A threat actor operating under the handle Crypt4You has begun advertising a sophisticated new offensive tool on underground cybercrime forums, marketed as a “kernel-level” security neutralization utility. Dubbed VOID KILLER, the malware is designed explicitly to terminate antivirus (AV) and Endpoint Detection and…

Read more →

A sophisticated and expansive Magecart campaign has been uncovered, marking a dangerous evolution in client-side attacks. Security researchers have identified a global operation utilizing over 50 distinct malicious scripts to hijack checkout and account creation flows across dozens of e-commerce…

Read more →

Over 74,000 MongoDB database servers remain vulnerable to a critical security flaw after proof-of-concept exploit code for the MongoBleed vulnerability became publicly available. The Shadowserver Foundation reports that 74,854 exposed MongoDB instances are running unpatched versions susceptible to CVE-2025-14847, representing…

Read more →

The popular text editor EmEditor fell victim to a sophisticated supply chain attack between December 19-22, 2025, in which attackers compromised the official website to distribute malware-laced installation packages. Emurasoft, Inc., the software’s developer, confirmed on December 23 that malicious…

Read more →