A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, posing a significant security threat to websites deployed using the Cloudflare adapter for Open Next. The flaw, now tracked as CVE-2025-6087, allows unauthenticated attackers to proxy…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
AI Revolutionizes PLA Military Intelligence with Rapid Deployment Across Operations
The People’s Liberation Army (PLA) of China has adopted generative artificial intelligence (AI) to revolutionize its intelligence capabilities, marking a major step in modernizing military operations. According to recent analyses, the PLA has shown a clear intent to integrate generative…
Chollima Hackers Target Windows and MacOS with New GolangGhost RAT Malware
A North Korean-affiliated threat actor called Famous Chollima (also known as Wagemole) has launched a sophisticated remote access trojan (RAT) campaign against Windows and MacOS devices, a concerning development discovered by Cisco Talos in May 2025. This group, suspected to…
Russia’s Digital Arsenal: The Strategic Use of Private Companies and Hacktivists in Cyber Operations
Russia’s sophisticated cyber warfare strategy emerges as a calculated blend of state power and non-state agility, leveraging private companies, hacktivists, and criminal proxies to amplify its digital dominance. The roots of this hybrid model trace back to the collapse of…
MITRE and Splunk Expose Critical Vulnerabilities in Open Source GitHub Actions
The Sysdig TRT has uncovered critical vulnerabilities in the GitHub Actions workflows of several high-profile open source projects, including those maintained by MITRE and Splunk. GitHub Actions, a popular platform for automating CI/CD pipelines, offers immense flexibility for developers but…
Microsoft Enhances Office 365 Defender to Stop Email Bombing Campaigns
Microsoft has announced a significant enhancement to its Office 365 Defender suite with the introduction of Mail Bombing Detection, a new feature designed to combat the rising threat of email bombing attacks. This capability will be rolled out globally, starting…
Hackers Exploit Transit Mode in Apple Pay and GPay to Steal Money
Mobile wallets like Apple Pay and Google Pay (GPay) have revolutionized the way we pay, offering speed and convenience that traditional cards can’t match. But as recent research and real-world incidents show, these digital wallets are not immune to attack.…
Zyxel NWA50AX Pro Hit by N-Day Flaw Allowing Arbitrary File Deletion
A recent vulnerability has been discovered in the Zyxel NWA50AX Pro, a WiFi 6 access point for small businesses, exposing it to an n-day flaw that allows arbitrary file deletion via a misconfigured CGI endpoint. This issue, tracked as CVE-2024-29974,…
SuperCard Malware Hijacks Android Devices to Steal Payment Card Data and Relay it to Attackers
F6, a leading developer of technologies to combat cybercrime, has reported the emergence of SuperCard, a malicious modification of the legitimate NFCGate program, now targeting Android users globally, with recent attacks recorded in Russia. Initially detected in Europe during spring…
DMV-Style Phishing Scams Target U.S. Citizens to Harvest Sensitive Information
A highly coordinated phishing campaign surfaced, targeting U.S. citizens by impersonating various state Departments of Motor Vehicles (DMVs). This widespread attack utilized SMS phishing, or “smishing,” as its primary delivery vector, bombarding victims with alarming text messages about fictitious unpaid…