CoinDCX Hack Leads to $44.2 Million Loss
Major Indian cryptocurrency exchange CoinDCX has confirmed a significant security breach that resulted in approximately $44 million in losses, though company executives maintain that customer…
Category: GBHackers
Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks
A critical vulnerability discovered in Livewire, a popular full-stack framework for Laravel applications, exposes millions of web properties to unauthenticated remote command execution attacks. Tracked…
Microsoft AppLocker Flaw Lets Malicious Apps Bypass Security Restrictions
Security researchers at Varonis Threat Labs have identified a subtle but significant vulnerability in Microsoft’s AppLocker security feature that could allow malicious applications to bypass…
7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems
A critical denial-of-service vulnerability has been discovered in 7-Zip that allows attackers to crash systems using specially crafted RAR5 archive files. The vulnerability, tracked as…
CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical zero-day vulnerability in Microsoft SharePoint Server that is being…
CrushFTP 0-Day Vulnerability Actively Exploited to Breach Servers
A critical zero-day vulnerability in CrushFTP servers is being actively exploited by threat actors to compromise systems worldwide. The vulnerability, designated CVE-2025-54309, was first observed…
PoisonSeed Attack Tricks Users into Scanning Malicious MFA QR Codes
A sophisticated new cyber attack technique has emerged that exploits the cross-device sign-in features of FIDO keys, effectively bypassing one of the most secure forms…
SharePoint 0-Day RCE Flaw Actively Exploited for Full Server Takeover
A devastating new SharePoint vulnerability is being actively exploited in large-scale attacks worldwide, enabling attackers to gain complete control of on-premise servers without authentication. Security…
New Surge of Crypto-Jacking Hits Over 3,500 Websites
Cybersecurity experts at cside have discovered a clever campaign that infected over 3,500 websites with nefarious JavaScript miners, marking a startling return to crypto-jacking techniques…
Chinese Threat Actors Operate 2,800 Malicious Domains to Distribute Windows Malware
A sophisticated threat actor, dubbed “SilverFox,” has been orchestrating a large-scale malware distribution campaign since at least June 2023, primarily during Chinese time zone working…
New Veeam-Themed Phishing Attack Uses Weaponized WAV File to Target Users
Cybercriminals are now leveraging seemingly innocuous voicemail notifications to distribute malware, with a recent campaign impersonating Veeam Software to exploit users’ trust in enterprise backup…
Lumma Infostealer Steals Browser Data and Sells It as Logs on Underground Markets
Infostealers are specialized malware variants that routinely steal large amounts of sensitive data from compromised systems. This includes session tokens, login credentials, cryptocurrency wallet information,…