GBHackers On Security

In today’s fast-paced software development world, where applications are released at an unprecedented rate, ensuring their security is more critical than ever. Dynamic Application Security Testing (DAST) has emerged as a fundamental practice for modern development teams. DAST tools, often referred to as “black box” scanners, test a running application from the outside, simulating the The post Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

RevengeHotels, also known as TA558, has escalated its long-standing cybercrime campaign by incorporating artificial intelligence into its infection chains, deploying the potent VenomRAT malware against Windows users. Active since 2015, this threat actor has traditionally targeted hotel guests and travelers, stealing payment card data through phishing emails. Recent campaigns, however, demonstrate a marked shift: AI-generated The post Windows Users Hit by VenomRAT in AI-Driven RevengeHotels Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In an increasingly complex digital landscape, where cloud migrations, remote work, and a distributed workforce have become the norm, the traditional security perimeter has all but disappeared. The most valuable and vulnerable assets of any organization are the privileged accounts those with elevated permissions to access critical systems and sensitive data. Think of accounts for The post Top 10 Best Privileged Access Management (PAM) Companies in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and careless users can exploit these capabilities to inject backdoors, leak sensitive data, and produce harmful code. Indirect prompt injection attacks exploit context-attachment features by contaminating public data sources with hidden instructions. When unsuspecting developers feed The post Threat Actors and Code Assistants: The Hidden Risks of Backdoor Injections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A security vulnerability has been discovered in LG WebOS TV systems that allows attackers to gain complete control over affected devices by bypassing authentication mechanisms. The vulnerability, disclosed during the TyphoonPWN 2025 LG Category competition where it won first place, affects LG WebOS 43UT8050 and potentially other versions of the smart TV platform. Vulnerability Mechanics The post LG WebOS TV Vulnerability Enables Full Device Takeover by Bypassing Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Sekoia.io’s Threat Detection and Response (TDR) team has uncovered a sophisticated campaign by APT28 that weaponizes Signal Messenger to deploy two previously undocumented malware families—BeardShell and the Covenant framework. In early 2025, a trusted partner supplied samples that did not match any known infection chain, prompting a joint investigation. On 21 June 2025, CERT-UA published The post APT28 Exploits Signal Messenger to Deploy eardShell and Covenant Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new supply chain attack has compromised multiple npm packages maintained by the crowdstrike-publisher account, marking a worrying continuation of the so-called “Shai-Halud attack.” Developers and organizations using these packages should take immediate action to safeguard credentials and prevent unauthorized code execution. The Shai-Halud attack first drew attention when it infiltrated tinycolor and over 40 The post CrowdStrike npm Packages Hit by Supply Chain Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A major data breach at American First Finance, LLC has exposed sensitive information for nearly 700,000 customers. The breach, which occurred on May 31, 2024, was discovered over a year later on June 18, 2025. An ex-employee of the financial services firm is responsible for the unauthorized access, raising serious questions about insider threats and The post FinWise Data Breach: 700K Customer Records Accessed by Ex-Employee appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Luxury retail giant Kering has confirmed a major data breach affecting its top fashion houses, including Gucci, Balenciaga, and Alexander McQueen. The cybercriminal group known as Shiny Hunters claims to have stolen private details tied to as many as 7.4 million unique email addresses. Potentially millions of customers around the world may now be at The post Millions of Customer Records Stolen in Cyberattack on Gucci, Balenciaga, and Alexander McQueen appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

As more companies move their critical systems and data to Amazon Web Services (AWS), attackers are finding new ways to stay hidden inside cloud environments. AWSDoor is a tool designed to simplify and automate persistence techniques in AWS. Persistence lets an attacker maintain access even after initial breach remedies IAM-Based Persistence AWS Identity and Access The post AWSDoor: New Persistence Technique Attackers Use to Hide in AWS Cloud Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.