Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU kernel that underpins macOS, iOS, iPadOS, tvOS, watchOS, and visionOS. The flaw, which carries a CVSS score of 8.8 (vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), enables local attackers to escalate…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Operation Endgame Crushes DanaBot Malware, Shuts Down 150 C2 Servers and Halts 1,000 Daily Attacks
Operation Endgame II has delivered a devastating strike against DanaBot, a notorious malware that has plagued systems since its emergence in 2018. Initially designed as a banking trojan targeting financial credentials, DanaBot evolved into a multi-purpose threat, facilitating information theft…
Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation
The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov, 48, of Moscow, Russia, alleging he led the development and deployment of the notorious Qakbot malware. This action, announced on May 22, 2025, marks a significant…
Fortinet Zero-Day Under Attack: PoC Now Publicly Available
FortiGuard Labs released an urgent advisory detailing a critical vulnerability, CVE-2025-32756, affecting several Fortinet products, including FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. The vulnerability is a stack-based buffer overflow located within the administrative API, specifically in the handling of session…
Global Crackdown Nets 270 Dark Web Vendors in Major Arrests
A sweeping international crackdown, codenamed Operation RapTor, has dealt a significant blow to the criminal underworld operating on the dark web. Coordinated by Europol and involving agencies across four continents, the operation resulted in the arrest of 270 individuals involved…
CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets
On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent advisory regarding active cyber threat activity targeting its Metallic software-as-a-service (SaaS) application, which is hosted in the Microsoft Azure cloud environment. The U.S. Cybersecurity and Infrastructure…
Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution
A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used enterprise password management solution, potentially allowing authenticated attackers to execute remote code on other users’ systems. Identified in versions up to 9.2.2, including the specific build…
Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage
Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI) Object Storage and Scaleway Object Storage to propagate sophisticated attacks using the Lumma Stealer malware. This malware-as-a-service (MaaS) infostealer, also known as LummaC2 Stealer, targets…
CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications
Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light on critical security flaws in .NET-based desktop applications leveraging CefSharp, a lightweight wrapper around the Chromium Embedded Framework (CEF). CefSharp enables developers to embed Chromium browsers…
Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers
A sophisticated social engineering campaign that leverages the viral power of TikTok to distribute dangerous information-stealing malware, specifically Vidar and StealC. This alarming trend marks a shift in cybercriminal tactics, moving away from traditional methods like fake CAPTCHA pages to…