The UK’s Co-op retailer has disclosed that all 6.5 million of its members had their personal data stolen during a devastating cyberattack in April 2024. Chief Executive Shirine Khoury-Haq confirmed the full extent of the breach in her first public…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Use DNS Queries to Evade Defenses and Exfiltrate Data
Cybercriminals are increasingly exploiting the Domain Name System (DNS) to bypass corporate security measures and steal sensitive data, according to new research from cybersecurity experts. This sophisticated technique, known as DNS tunneling, transforms the internet’s essential “phonebook” into a covert…
Iranian Threat Actors Use AI-Generated Emails to Target Cybersecurity Researchers and Academics
Iranian state-backed Advanced Persistent Threat (APT) groups and their hacktivist allies have stepped up operations that could spark worldwide cyber retaliation in the wake of Israeli and American strikes on Iranian nuclear and military facilities in June 2025. While kinetic…
Cisco Unified Intelligence Center Flaw Lets Remote Attackers Upload Arbitrary Files
A critical security vulnerability has been discovered in Cisco’s Unified Intelligence Center that allows authenticated remote attackers to upload arbitrary files to affected systems, potentially enabling complete system compromise. The flaw, tracked as CVE-2025-20274, carries a CVSS score of 6.3…
Hackers Actively Exploited CitrixBleed 2 Flaw Ahead of PoC Disclosure
Cybersecurity researchers have discovered that threat actors began exploiting the critical CitrixBleed 2 vulnerability nearly two weeks before a public proof-of-concept was released, highlighting the sophisticated nature of modern attack campaigns. The vulnerability, tracked as CVE-2025-5777, represents a significant security…
Critical SharePoint RCE Vulnerability Exploited via Malicious XML in Web Part
A severe remote code execution (RCE) vulnerability has been discovered in Microsoft SharePoint that allows attackers to execute arbitrary code through malicious XML content embedded within web parts. According to the recent report, the vulnerability, which affects the deserialization process…
PyPI Blocks Inbox.ru Domains After 1,500+ Fake Package Uploads
The Python Package Index (PyPI) has implemented an administrative block on the inbox.ru email domain, prohibiting its use for new user registrations and as additional verification addresses. This action stems from a recent campaign that exploited the domain to create…
Threat Actors Deploy 28+ Malicious Packages to Spread Protestware Scripts
Socket’s Threat Research Team has discovered a network of at least 28 malicious packages including protestware scripts, totaling approximately 2,000 copies, in a major escalation within the npm supply chain. These packages, initially flagged in two instances for hidden functionality…
Chinese ‘Salt Typhoon’ Hackers Infiltrated US National Guard Network for Almost a Year
The Department of Defense (DoD) revealed that an advanced persistent threat (APT) group, known as Salt Typhoon and publicly identified as Chinese state-sponsored actors, had successfully penetrated a U.S. state’s Army National Guard network in a major increase in cyberthreats.…
Samsung WLAN AP Flaws Let Remote Attackers Run Commands as Root
Security researchers have uncovered a critical chain of vulnerabilities in Samsung’s WEA453e wireless access point that allows unauthenticated remote attackers to execute commands with full administrative privileges. The flaws, discovered in August 2020, demonstrate how seemingly minor web interface oversights…