GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A severe vulnerability has been identified in Next.js, a popular React framework used for building web applications, under the designation CVE-2025-29927. This critical flaw allows attackers to bypass security controls implemented by middleware, posing significant risks to authentication, authorization, and security header implementations, as per a report by Zeropath. CVE-2025-29927: Overview The exploit works by […]

The post Critical Next.js Middleware Vulnerability Allows Attackers to Bypass Authorization appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Think about it – everything’s online these days, right? Your photos, your bank stuff, your emails, and even your fridge probably connect to the internet now. It’s fantastic, but it also means there’s a whole bunch of sneaky folks out there – cybercriminals – trying to mess with it all. They want your data, your […]

The post The Role of AI in Cybersecurity: Boon or Threat? appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA challenges to trick users into executing malicious PowerShell commands, leading to malware infections. This tactic, highlighted in the HP Wolf Security Threat Insights Report for March 2025, involves directing potential victims to malicious websites where they are prompted to complete verification […]

The post Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily targeting the financial and hospitality sectors. The Anubis Backdoor represents a significant evolution in FIN7’s […]

The post Researchers Uncover FIN7’s Stealthy Python-Based Anubis Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent article by Noah Gregory has highlighted a significant vulnerability in macOS, identified as CVE-2024-54471, which was patched in the latest security updates for macOS Sequoia 15.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1. This vulnerability could potentially expose system passwords, emphasizing the importance of updating macOS devices to the latest versions. Background and […]

The post Researchers Reveal macOS Vulnerability Exposing System Passwords appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

JumpServer, a widely used open-source Privileged Access Management (PAM) tool developed by Fit2Cloud, has been found to have critical security vulnerabilities. These flaws, recently highlighted by SonarSource’s vulnerability research team, allow attackers to bypass authentication and potentially gain full control over the JumpServer infrastructure. JumpServer acts as a centralized gateway to internal networks, offering features […]

The post JumpServer Flaws Allow Attackers to Bypass Authentication and Gain Full Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent phishing campaign uncovered by the Cofense Phishing Defense Center (PDC) has been exploiting fake Meta emails to deceive users into surrendering their Meta Business account credentials. The attackers initiate the phishing attempt by sending fraudulent emails disguised as official Instagram notifications, alerting users that their advertising accounts have been temporarily suspended due to […]

The post Hackers Use Fake Meta Emails to Steal Ad Account Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Recent research by Trend Micro has uncovered a significant evolution in the Albabat ransomware, which now targets not only Windows but also Linux and macOS systems. This expansion highlights the increasing sophistication of ransomware groups in exploiting multiple operating systems to maximize their impact. The Albabat group has been leveraging GitHub to streamline its operations, […]

The post Albabat Ransomware Targets Windows, Linux, and macOS via GitHub Abuse appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a recent surge of cyber threats, threat actors have been exploiting Reddit to distribute two potent malware variants: AMOS (Atomic Stealer) and Lumma Stealer. These malware types are specifically designed to target cryptocurrency traders by offering cracked versions of popular trading software, such as TradingView. The attackers engage actively with potential victims on Reddit, […]

The post Threat Actors Leverage Reddit to Spread AMOS and Lumma Stealers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent open-source investigation has uncovered one of the largest exposures of US government data to cyber threats. More than 150 government database servers are currently exposed to the internet, leaving sensitive personal and national security information at an unprecedented risk of cyberattacks. The Scope of the Problem The investigation, conducted using data from Shodan, […]

The post Over 150 US Government Database Servers Vulnerable to Internet Exposure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A concerning development has emerged with the active exploitation of Apache Tomcat servers through the recently disclosed vulnerability, CVE-2025-24813. This vulnerability allows attackers to potentially execute remote code (RCE) if successfully exploited. The cybersecurity firm GreyNoise has identified multiple IPs involved in these attacks across several regions, highlighting the urgency for organizations to update their […]

The post Hackers Actively Exploit Apache Tomcat Servers via CVE-2025-24813 – Patch Now appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent cybersecurity threat, identified as UAT-5918, has been actively targeting entities in Taiwan, particularly those in critical infrastructure sectors such as telecommunications, healthcare, and information technology. This advanced persistent threat (APT) group is believed to be motivated by establishing long-term access for information theft and credential harvesting. UAT-5918 gains initial access by exploiting known […]

The post UAT-5918 Hackers Exploit N-Day Vulnerabilities in Exposed Web and Application Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity landscape has been recently disrupted by the emergence of the VanHelsing ransomware, a sophisticated strain identified by the CYFIRMA Research and Advisory Team. This ransomware targets Windows systems, employing advanced encryption techniques and appending a unique “.vanhelsing” extension to compromised files. It also utilizes double extortion tactics, threatening to leak stolen data unless […]

The post VanHelsing Ransomware Targets Windows Systems with New Evasion Tactics and File Extension appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to be I-SOON’s operational arm. The group, also known as Earth Lusca, TAG-22, Aquatic Panda, or […]

The post I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Tech giant Apple has found itself at the center of a new legal battle after a class-action lawsuit was filed in the U.S. District Court in San Jose. The suit accuses Apple of false advertising and unfair competition related to its much-anticipated Apple Intelligence features, which were heavily promoted as part of the iPhone 16 […]

The post Apple Sued in Federal Court for Delaying Apple Intelligence Features   appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Caido has unveiled version 0.47.0 of its web pentesting tool, cementing its position as a robust alternative to Burp Suite. This release is marked by several key enhancements that improve user experience and expand the tool’s capabilities in web application testing. The updates include a complete overhaul of the Match & Replace feature, the introduction […]

The post Caido v0.47.0 Released – A Web Pentesting Tool Alternative to Burp Suite appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Infosys, a leading IT services company, has announced that it has reached an agreement in principle to settle a series of class action lawsuits related to a data breach incident involving its subsidiary, Infosys McCamish Systems LLC. The proposed settlement involves a payment of $17.5 million to resolve all allegations without admitting liability. Background of […]

The post Infosys to Pay $17.5M in Settlement for 2023 Data Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent vulnerability in Apache Tomcat, identified as CVE-2025-24813, has sparked concerns among cybersecurity professionals due to its potential for exploitation in unauthenticated remote code execution (RCE), severe information leakage, and malicious content injection. This vulnerability was publicly disclosed on March 10, 2025, along with a patch, and has already seen initial exploit attempts by […]

The post Tomcat RCE Vulnerability Exploited in the Wild – Mitigation Steps Outlined appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cloudflare has announced that it will shift its APIs to HTTPS-only connections, effectively closing all HTTP ports. This strategic decision aims to protect sensitive data from being intercepted by unauthorized parties during transmission. The change marks a crucial step forward in the company’s mission to safeguard users’ privacy and ensure the integrity of online communications. […]

The post Cloudflare Shifts to HTTPS-Only for APIs, Closing All HTTP Ports appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories related to vulnerabilities and exploits affecting Industrial Control Systems (ICS). These advisories highlight significant security issues across various industrial equipment and software, underscoring users’ and administrators’ need for immediate attention and mitigation. Overview of the Advisories CISA’s release of these advisories emphasizes the pressing […]

The post CISA Issues Five Advisories on Industrial Control System Vulnerabilities and Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.