Kohler’s Smart Toilet Camera Not Truly End-to-End Encrypted
Kohler’s Dekota toilet camera, launched in October as a $600 health-monitoring device, is facing significant scrutiny over its privacy claims. The device promises to track…
Category: GBHackers
New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its “Predator”…
Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit
While preparing for Pwn2Own Ireland 2025, a security researcher revisiting N-day bugs in Synology NAS has demonstrated a powerful new twist on an existing Synology…
New Phishing Campaign Impersonates India’s Income Tax Department to Distribute AsyncRAT
In November 2025, security researchers at Raven AI identified a sophisticated zero-day phishing campaign impersonating the Income Tax Department of India, targeting enterprises across the…
Threat Actors Exploit Foxit PDF Reader to Seize System Access and Steal Data
A sophisticated malware campaign is leveraging a weaponized Foxit PDF Reader to target job seekers through email-based attacks, deploying ValleyRAT. This remote access trojan grants…
K7 Antivirus Flaw Lets Attackers Gain SYSTEM-Level Privileges
A critical security vulnerability has been discovered in K7 Ultimate Security antivirus software that allows attackers to gain the highest level of system access on…
CISA Issues Five New ICS Advisories on Emerging Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories on December 2, 2025, addressing high-severity vulnerabilities affecting industrial control systems across multiple vendors.…
WordPress Plugin Vulnerability Under Active Attack, Allowing Remote Code Execution
A severe remote code execution vulnerability in the Sneeit Framework WordPress plugin is under active exploitation, with attackers launching thousands of attacks within hours of…
Marquis Data Breach Exposes Dozens of U.S. Banks and Credit Unions
A significant cybersecurity incident affecting multiple U.S. financial institutions came to light on November 26, 2025, when Marquis Software Solutions notified affected customers of a…
Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment
Threat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks.…
Akamai Fixes HTTP Request Smuggling Flaw in Edge Servers
Akamai has fixed a vulnerability in its edge servers that could have allowed HTTP Request Smuggling attacks. The issue was entirely resolved on November 17,…
Sryxen’ Malware Uses Headless Browser Trick to Bypass Chrome Protections
A new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive…