A critical privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 enables attackers to achieve full system control through a supply-chain attack. The flaw exploits the installer’s insecure search path behavior, allowing unprivileged users to escalate privileges to NT AUTHORITY\SYSTEM with minimal user interaction.…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Google Integrates GenAI to Counter Indirect Prompt Injection Attack Vectors
Google has revealed a thorough protection technique aimed at indirect prompt injection attacks, a subtle but powerful threat, marking a major advancement in cybersecurity in the age of generative AI. Unlike direct prompt injections, where malicious commands are overtly inserted…
UAC-0001 Hackers Target ICS Devices Running Windows-Based Server Systems
The national team for responding to cyber incidents, CERT-UA, has exposed a sophisticated cyberattack targeting the information and communication system (ICS) of a central executive body in March-April 2024. During the implementation of response measures, a technical device running a…
APT36 Hackers Target Indian Defense Personnel with Sophisticated Phishing Campaign
APT36, also known as Transparent Tribe, a Pakistan-based cyber espionage group, has launched a highly sophisticated phishing campaign targeting Indian defense personnel. According to recent findings by CYFIRMA, this group has meticulously crafted phishing emails that deliver malicious PDF attachments…
RapperBot Targets DVRs to Hijack Surveillance Cameras and Record Video
When the NICT CSRI analysis team presented their three-year investigation into the RapperBot virus at Botconf 1, an international conference on botnets and malware hosted in Angers, France in May 2025, they made a startling discovery. This Mirai variant has…
Shadow Vector Malware Uses SVG Images to Deliver AsyncRAT and RemcosRAT Payloads
Acronis Threat Research Unit (TRU) has discovered a startling development: a malicious campaign called “Shadow Vector” is actively targeting Colombian users using malicious Scalable Vector Graphics (SVG) files, a novel attack vector. Disguised as urgent court notifications, these SVG files…
McLaren Health Care Data Breach Exposes Personal Information of 743,000 Individuals
McLaren Health Care, a prominent healthcare provider based at One McLaren Parkway, Grand Blanc, MI, has disclosed a data breach that compromised the personal information of 743,131 individuals, including 25 residents of Maine. The breach, identified as an external system…
SparkKitty Targets iOS and Android Devices via App Store and Google Play Attacks
A sophisticated spyware campaign, dubbed SparkKitty, has emerged as a significant threat to both iOS and Android users, infiltrating even the official app stores like Google Play and the App Store. First detected in connection with the earlier SparkCat campaign…
DDoS Attack on Financial Sector Triggers Multi-Day Service Outages
In an analysis by FS-ISAC and Akamai, the financial services sector has emerged as the primary target of Distributed Denial of Service (DDoS) attacks, with a dramatic surge in both the frequency and volume of malicious traffic. These attacks, designed…
North Korean Hackers Weaponize GitHub Infrastructure to Distribute Malware
Cybersecurity researchers have uncovered a sophisticated spearphishing campaign orchestrated by the North Korean threat group Kimsuky, leveraging GitHub as a critical piece of attack infrastructure to distribute malware since March 2025. This operation, identified through analysis of a malicious PowerShell…