The United States government announced coordinated actions across multiple departments today, offering rewards totaling up to $15 million for information leading to the arrests and convictions of North Korean nationals involved in extensive revenue generation schemes targeting American companies and…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Bloomberg’s Comdb2 Vulnerable to DoS Through Malicious Packets
Cisco Talos’ Vulnerability Discovery & Research team has disclosed five critical security vulnerabilities in Bloomberg’s Comdb2 open-source database that could allow attackers to cause denial-of-service conditions through specially crafted network packets. The vulnerabilities, all affecting version 8.1 of the high-availability…
Critical VGAuth Flaw in VMware Tools Grants Full System Access
Security researchers have uncovered critical vulnerabilities in VMware Tools’ Guest Authentication Service (VGAuth) that allow attackers to escalate privileges from any user account to full SYSTEM access on Windows virtual machines. The flaws, tracked as CVE-2025-22230 and CVE-2025-22247, affect VMware…
Tridium Niagara Framework Flaws Expose Sensitive Network Data
Cybersecurity researchers at Nozomi Networks Labs have discovered 13 critical vulnerabilities in Tridium’s widely-used Niagara Framework, potentially exposing sensitive network data across building management, industrial automation, and smart infrastructure systems worldwide. The vulnerabilities, consolidated into 10 distinct CVEs, could allow…
Malware Campaign Uses YouTube and Discord to Harvest Credentials from Computers
The Acronis Threat Research Unit (TRU) has uncovered a sophisticated malware campaign deploying infostealers like Leet Stealer, its modified variant RMC Stealer, and Sniffer Stealer, leveraging social engineering tactics centered on gaming hype. These threats masquerade as indie game installers,…
New VoIP Botnet Targets Routers Using Default Passwords
Cybersecurity researchers have uncovered a sophisticated botnet operation exploiting VoIP-enabled routers through default password attacks, with initial activity concentrated in rural New Mexico before expanding globally to compromise approximately 500 devices. The discovery began when GreyNoise Intelligence engineers noticed an…
New CastleLoader Attack Uses Cloudflare-Themed Clickfix Method to Compromise Windows Systems
A newly identified loader malware dubbed CastleLoader has emerged as a significant threat since early 2025, rapidly evolving into a distribution platform for various information stealers and remote access trojans (RATs). Leveraging sophisticated phishing tactics under T1566 and drive-by compromise…
xonPlus Launches Real-Time Breach Alerting Platform For Enterprise Credential Exposure
Chennai, India, July 25th, 2025, CyberNewsWire xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly.…
Multiple Hacker Groups Exploit SharePoint 0-Day Vulnerability in the Wild
Microsoft has confirmed that a pair of zero-day vulnerabilities in on-premises SharePoint Server, collectively dubbed ToolShell, are under active exploitation by diverse threat actors ranging from opportunistic cybercriminals to sophisticated nation-state advanced persistent threat (APT) groups. ToolShell encompasses CVE-2025-53770, a…
Bulletproof Host Aeza Group Moves Infrastructure to New Autonomous System
Threat analysts at Silent Push announced the discovery of a major infrastructure shift by the bulletproof hosting provider Aeza Group, which was designated and sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on July…