A critical vulnerability has been discovered in the Windows Desktop Window Manager (DWM) that could allow attackers to escalate privileges to system level. The flaw, tracked as CVE-2025-55681, resides in the dwmcore.dll component and was disclosed during the TyphoonPWN Windows security competition, where…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
ForumTrol Operation Uses Chrome Zero-Day in Fresh Phishing Attacks
The ForumTroll APT group has resurfaced with a sophisticated phishing campaign targeting Russian academics, marking a significant escalation in their ongoing operations against entities in Russia and Belarus. While the group initially gained notoriety for exploiting CVE-2025-2783, a zero-day vulnerability…
Kimsuky Hackers Use Weaponized QR Codes to Distribute Malicious Mobile Apps
Threat researchers have uncovered a sophisticated mobile malware campaign attributed to North Korea-linked threat actor Kimsuky, leveraging weaponized QR codes and fraudulent delivery service impersonations to trick users into installing remote access trojans on their smartphones. The ENKI WhiteHat Threat…
CISA Alerts on Actively Exploited Gladinet CentreStack and Triofox Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert regarding a critical security vulnerability affecting Gladinet CentreStack and Triofox. The agency has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, indicating that hackers are actively…
Cellik Android Malware Uses One-Click APK Builder to Hide in Play Store Apps
A newly discovered Android Remote Access Trojan (RAT) called Cellik is democratizing sophisticated mobile surveillance attacks by bundling advanced spyware capabilities with an automated tool that allows attackers to inject malicious code into legitimate Google Play Store applications seamlessly. The…
New Moonwalk++ PoC Demonstrates How Malware Can Forge Windows Call Stacks to Evade Detection
Security researchers have unveiled a dangerous new technique that allows malware to completely hide its tracks by faking Windows call stacks a method designed to bypass modern endpoint detection systems. The technique, called Moonwalk++, extends previous research on Stack Moonwalking…
ClickFix Spoof of “Word Online” Used to Spread DarkGate Malware
A sophisticated social engineering campaign leveraging a fake “Word Online” extension error message has been discovered distributing the notorious DarkGate malware. This attack employs the increasingly popular “ClickFix” technique, where threat actors manipulate users into executing malicious commands disguised as…
Parked Domains Emerge as a Primary Channel for Malware and Phishing
The landscape of domain parking has transformed dramatically over the past decade, shifting from a relatively benign monetization strategy to a sophisticated vector for cybercrime. New research into the modern parking ecosystem reveals a startling reality: over 90% of visitors…
Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs
A popular browser extension promoted as a free and secure VPN has been discovered secretly capturing user conversations across multiple AI chatbot platforms including ChatGPT, Claude, Gemini, and Microsoft Copilot raising fresh concerns over privacy and data exploitation in the…
Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft
Jaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal data belonging to current and former employees. This disclosure marks the luxury automaker’s first public admission regarding the full scope…
JumpCloud Remote Assist Windows Agent Vulnerability Allows Privilege Escalation
A critical local privilege escalation vulnerability in the JumpCloud Remote Assist for Windows agent allows any low-privileged user on a Windows system to gain NT AUTHORITY\SYSTEM privileges or crash the machine. Tracked as CVE-2025-34352, the flaw affects JumpCloud Remote Assist for Windows versions prior to 0.317.0 and…
SantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet Data
Cybersecurity researchers at Rapid7 Labs have uncovered a sophisticated new threat: SantaStealer, a malware-as-a-service information stealer actively promoted on Telegram channels and underground hacker forums. The malware, which recently rebranded from “BluelineStealer,” is scheduled for release before the end of…
Wireshark 4.6.2 Released With Crash Vulnerability Fixes and Protocol Updates
Wireshark, the world’s leading network protocol analyzer, has released version 4.6.2 with critical security updates and important bug fixes. The update addresses compatibility issues, resolves multiple vulnerability concerns, and enhances protocol support for enterprise users and network engineers worldwide. Security…
xHunt APT Exploits Microsoft Exchange and IIS to Deploy Custom Backdoors
xHunt, a sophisticated cyber-espionage group with a laser focus on organizations in Kuwait, has continued to demonstrate advanced capabilities in infiltrating critical infrastructure. The group’s persistent, multi-year campaigns targeting the shipping, transportation, and government sectors underscore the evolving threat landscape…
PCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ Servers
A sophisticated attack campaign attributed to a group identifying as “PCP” has compromised 59,128 servers in less than 48 hours by exploiting critical Next.js vulnerabilities. Security researchers discovered the large-scale operation while monitoring a Docker honeypot, uncovering an industrialized attack…
ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure
Since December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks primarily deployed cryptocurrency miners, researchers discovered…
Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS
Microsoft’s December 2025 security update has introduced a significant compatibility issue affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The problematic update, identified as KB5071546 (OS Build 19045.6691), was released on December 9, 2025, and has already…
Critical pgAdmin Flaw Allows Attackers to Execute Shell Commands on Host
A new critical vulnerability in pgAdmin 4 allows remote attackers to bypass security filters and execute arbitrary shell commands on the host server. The flaw, tracked as CVE-2025-13780, exploits a weakness in how the popular PostgreSQL management tool processes database…
Critical Plesk Vulnerability Allows Users to Gain Root-Level Access
A critical security vulnerability has been discovered in Plesk, a widely used web hosting control panel, that enables unauthorised users to escalate privileges and gain root-level access to affected systems. This flaw poses a significant threat to web hosting providers…
NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks
NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems. The security bulletin, published…