A Bangalore-based technology professional has been arrested in connection with a massive cryptocurrency theft worth approximately ₹379 crore ($44 million) from the popular Indian crypto exchange CoinDCX, according to law enforcement officials. The arrest represents one of the most significant…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
LAMEHUG: First AI-Powered Malware Targets Organizations via Compromised Official Email Accounts
The Russian state-sponsored threat actor APT28, also known as Fancy Bear or Forest Blizzard, has deployed LameHug, the first publicly documented malware leveraging large language models (LLMs) for automated command generation and execution. According to a recent CERT-UA report, this…
Hacker Arrested for Data Theft Targeting Spanish Bank Customers
Spanish authorities have successfully apprehended a sophisticated cybercriminal who allegedly stole sensitive data from major financial institutions, educational organizations, and private companies across the country. The arrest represents a significant victory in the ongoing battle against cybercrime targeting Spanish citizens…
Chinese Silk Typhoon Hackers File Over 10 Patents for Advanced Intrusive Hacking Tools
A SentinelLABS investigation has revealed that businesses linked to the Chinese advanced persistent threat (APT) group Hafnium, also known as Silk Typhoon, have submitted more than ten patents for highly intrusive forensics and data exfiltration methods. These patents, registered by…
NOVABLIGHT Masquerades as Educational Tool to Steal Login Credentials and Compromise Crypto Wallets
A newly analyzed Malware-as-a-Service (MaaS) infostealer, NOVABLIGHT, has emerged as a significant cybersecurity threat, targeting unsuspecting users with advanced data theft capabilities. Developed and sold by the Sordeal Group, a threat actor demonstrating French-language proficiency, NOVABLIGHT is marketed as an…
Researchers Exploit 0-Day Flaws in Retired Netgear Router and BitDefender Box
Cybersecurity researchers successfully exploited critical zero-day vulnerabilities in two discontinued network security devices during DistrictCon’s inaugural Junkyard competition in February, earning runner-up recognition for Most Innovative Exploitation Technique. The findings highlight the persistent security risks posed by end-of-life hardware that…
UNC2891 Hackers Breach ATMs Using Raspberry Pi Devices for Network Access
A Raspberry Pi device that was directly attached to an internal network switch was used by the financially motivated threat actor group UNC2891 to breach ATM networks in a sophisticated cyber campaign that targeted banking infrastructure. This embedded hardware, equipped…
Critical SUSE Manager Vulnerability Allows Remote Command Execution as Root
A critical security vulnerability has been discovered in SUSE Manager that enables attackers to execute arbitrary commands with root privileges without any authentication. The flaw, designated as CVE-2025-46811, represents a severe threat to organizations using affected SUSE Manager deployments and…
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data
Sonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malware packages attributed…
CrushFTP Hit by Critical 0-Day RCE Vulnerability – Full Technical Details and PoC Published
Security researchers have disclosed a critical zero-day vulnerability in CrushFTP, a popular file transfer server solution, that allows attackers to execute arbitrary commands on affected systems without authentication. The vulnerability, tracked as CVE-2025-54309, has been assigned a maximum CVSS score of…