A sophisticated Trojan malware campaign has been targeting mobile device users across iOS and Android platforms since February 2024, with cybersecurity researchers identifying a significant escalation in photo theft capabilities that poses particular risks to cryptocurrency users and individuals storing…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server
Microsoft has released critical security updates addressing a severe remote code execution vulnerability that could allow attackers to execute malicious code across networks without user interaction. The vulnerability, tracked as CVE-2025-47981, affects Windows client machines running Windows 10 version 1607…
TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions
A new Android vulnerability called TapTrap that allows malicious apps to bypass the operating system’s permission system without requiring any special permissions themselves. The attack exploits activity transition animations—a core feature of Android’s user interface—to trick users into unknowingly granting…
FUNNULL Uses Amazon and Microsoft Cloud to Hide Malicious Infrastructure
A sophisticated threat network called “Triad Nexus,” which operates through the FUNNULL content delivery network (CDN) to hide malicious infrastructure within major Western cloud providers including Amazon and Microsoft. The operation, led by sanctioned individual Lizhi Liu, has facilitated over…
Google Launches Advanced Protection for Vulnerable Users via Chrome on Android
Google has announced the expansion of its Advanced Protection Program to Chrome on Android, providing enhanced security features specifically designed for high-risk users including journalists, elected officials, and public figures. The new device-level security setting, available on Android 16 with…
Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk
A critical security vulnerability in Microsoft 365’s PDF export functionality has been discovered and subsequently patched, highlighting significant risks to sensitive enterprise data. The vulnerability, which earned its discoverer a $3,000 bounty from Microsoft’s Security Response Center (MSRC), exposed a…
Hackers Exploit IIS Machine Keys to Breach Organizations
A sophisticated campaign by an initial access broker (IAB) group exploiting leaked Machine Keys from ASP.NET websites to gain unauthorized access to targeted organizations. The threat group, tracked as TGR-CRI-0045, has been active since October 2024 with a significant surge…
XwormRAT Hackers Leverage Code Injection for Sophisticated Malware Deployment
A sophisticated new distribution method for XwormRAT malware that leverages steganography techniques to hide malicious code within legitimate files. This discovery highlights the evolving tactics of cybercriminals who are increasingly using advanced obfuscation methods to bypass security detection systems and…
Citrix Windows Virtual Delivery Agent Vulnerability Lets Attackers Escalate to SYSTEM Privileges
A critical security vulnerability has been discovered in Citrix’s Windows Virtual Delivery Agent that could allow attackers with low-level system access to escalate their privileges to SYSTEM level, potentially granting them complete control over affected systems. The vulnerability, tracked as…
Splunk Enterprise Addresses Vulnerabilities in Bundled Third-Party Packages – Update Now
Splunk has released critical security updates for its Enterprise platform, addressing multiple vulnerabilities in bundled third-party packages across several product versions. The company issued Advisory SVD-2025-0710 on July 7, 2025, urging immediate updates to protect against various security exposures ranging…