Silent Watcher Targets Windows Systems, Steals Data via Discord Webhooks
K7 Labs investigated the Cmimai Stealer, a Visual Basic Script (VBS)-based infostealer that surfaced in June 2025 and uses PowerShell and native Windows scripting to…
Category: GBHackers
Smart Bus System Flaw Allows Hackers to Remotely Track and Control Vehicles
A critical security vulnerability in smart bus systems has been discovered that enables hackers to remotely track vehicle locations and potentially take control of essential…
CastleLoader Malware Hits 400+ Devices via Cloudflare-Themed ClickFix Phishing Attack
CastleLoader, a sophisticated malware loader, has compromised over 400 devices since its debut in early 2025, with cybersecurity firm PRODAFT reporting 469 infections out of…
Legitimate System Functions Exploited to Steal Secrets in Shared Linux Setups
Security researcher Ionuț Cernica revealed how commonplace Linux utilities can be weaponized to siphon sensitive data in multi-tenant environments. His talk, “Silent Leaks: Harvesting Secrets…
Multiple Critical Flaws Hit Zero Trust Products from Check Point, Zscaler, and Netskope
Security researchers at AmberWolf have uncovered critical vulnerabilities in leading Zero Trust Network Access (ZTNA) solutions from major cybersecurity vendors, potentially exposing thousands of organizations…
Malware Campaign Masquerades as Tesla in Poisoned Google Ads
A malware operation has surfaced in the context of a complex cyber threat landscape, using tainted Google Ads to pose as Tesla and trick consumers…
Windows RPC Protocol Exploited to Launch Server Spoofing Attacks
A vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) protocol has been discovered that allows attackers to manipulate core system communications and launch sophisticated server…
Linux Kernel Vulnerability Allows Attackers to Gain Full Kernel-Level Control From Chrome Sandbox
August 9, 2025: A severe security vulnerability in the Linux kernel, dubbed CVE-2025-38236, has been uncovered by Google Project Zero researcher Jann Horn, exposing a…
Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data
Microsoft security researchers have uncovered four critical vulnerabilities in Windows BitLocker that could allow attackers with physical access to bypass the encryption system and extract…
Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability
The cybersecurity community faces a significant threat as scanning data reveals over 28,000 unpatched Microsoft Exchange servers remain exposed on the public internet, vulnerable to…
A Cobalt Strike Like Tool That Turns Chrome into C2 Platform
At DEF CON 33, security researcher Mike Weber of Praetorian Security unveiled ChromeAlone — a Chromium-based browser Command & Control (C2) framework capable of replacing…
CastleBot MaaS Unleashes Diverse Payloads in Coordinated Ransomware Attacks
IBM X-Force has uncovered CastleBot, a nascent malware framework operating as a Malware-as-a-Service (MaaS) platform, enabling cybercriminals to deploy a spectrum of payloads ranging from…