GBHackers On Security

In a striking evolution of its tactics, the Sidewinder advanced persistent threat (APT) group—also known as APT-C-24 or “Rattlesnake”—has adopted a novel delivery mechanism leveraging Windows shortcut (LNK) files to orchestrate complex, multi-stage intrusions across South Asia. Active since at least 2012 and targeting governments, energy utilities, military installations, and mining operations in Pakistan, Afghanistan, The post Sidewinder Hackers Exploit LNK Files to Deploy Malicious Scripts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered in the popular Axios HTTP client library that allows attackers to crash Node.js applications through malicious data URL handling. The flaw, tracked as CVE-2025-58754, affects all versions of Axios before 1.11.0 and has been assigned a CVSS 3.1 score of 7.5, indicating high severity. Vulnerability Mechanics The vulnerability stems The post Axios Vulnerability Enables Attackers to Crash Node.js Applications via Data Handle Abuse appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a startling development on September 8, the Telegram channel “scattered LAPSUS$ hunters 4.0” declared its intention to “go dark” after taunting law enforcement for repeated missteps. With an audacious message aimed squarely at the FBI and French authorities, the group claimed victory in evading capture and vowed that no future activity would follow their The post LAPSUS$ Hunters 4.0 Announce Permanent Shutdown appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft announced the phased deprecation of VBScript in Windows, significantly impacting VBA developers who rely on VBScript libraries for regular expressions and external script execution. The company outlined a comprehensive timeline and provided migration guidance to help developers future-proof their projects. Three-Phase Deprecation Timeline VBScript deprecation will occur in three distinct phases over the coming The post Microsoft to Deprecate VBScript in Windows, Urges Developers to Update Projects appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Apple has issued urgent warnings about sophisticated spyware attacks targeting specific users worldwide, including journalists, activists, politicians, and diplomats. Mercenary spyware attacks differ significantly from regular cybercriminal activity. These attacks cost millions of dollars and target only a small number of individuals based on their profession or status. The attacks are often linked to state The post Apple Warns of Mercenary Spyware Attacks Targeting User Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A groundbreaking vulnerability has emerged in the newly released K2 Think AI model from UAE’s Mohamed bin Zayed University of Artificial Intelligence (MBZUAI) in collaboration with G42. Security researchers have successfully jailbroken the advanced reasoning system within hours of its public release, exposing a critical flaw that transforms the model’s transparency features into an attack The post New K2 Think AI Model Falls to Jailbreak in Record Time appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The latest ToneShell variant introduces a notable advancement in its persistence strategy by leveraging the Windows Task Scheduler COM service. This lightweight backdoor, traditionally delivered through DLL sideloading techniques, now incorporates enhanced persistence mechanisms and sophisticated anti-analysis capabilities that pose significant challenges to security teams. Cybersecurity researchers have identified a new variant of the ToneShell The post New ToneShell Variant Uses Task Scheduler COM Service to Maintain Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Oracle has released VirtualBox 7.2.2, a critical maintenance update that addresses multiple GUI crashes and stability issues affecting users across Windows, Linux, and macOS platforms. Released on September 10, 2025, this update represents a significant improvement in the virtualization software’s reliability and user experience. Critical GUI Crash Fixes Implemented The most significant improvements in VirtualBox The post VirtualBox 7.2.2 Update Released with Fix for Guest GUI Crashes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security flaw in Daikin Security Gateway systems has been discovered that could enable attackers to bypass authentication and gain unauthorized access to industrial control systems. The vulnerability, tracked as CVE-2025-10127, affects organizations worldwide that rely on Daikin’s security infrastructure for protecting critical energy sector operations. Critical Authentication Bypass Discovered The vulnerability stems from a The post Daikin Security Gateway Vulnerability Allows Unauthorized System Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers at ETH Zurich have disclosed a critical new Spectre-based attack called VMSCAPE that exploits incomplete branch predictor isolation in virtualized cloud environments. The attack, tracked as CVE-2025-40300, affects multiple generations of AMD and Intel processors and enables malicious virtual machines to steal sensitive data from hypervisor processes. Attack Methodology and Impact VMSCAPE represents the first practical The post New VMScape Spectre-BTI Attack Targets Isolation Flaws in AMD and Intel CPUs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.