GBhackers

Node.js Vulnerability Enables Attackers to Crash Processes and Disrupt Services

Node.js has released critical security updates addressing three vulnerabilities—CVE-2025-23166, CVE-2025-23167, and CVE-2025-23165—that could allow attackers to crash server processes and disrupt services.

Katz Stealer Malware Hits 78+ Chromium and Gecko-Based Browsers

Katz Stealer is a newly identified infostealer malware targeting over 78 Chromium and Gecko-based browser variants. It is capable of extracting sensitive data including credentials, cookies, CVV2 codes, OAuth tokens, and cryptocurrency wallets.

Critical Heap Overflow Vulnerabilities in Windows RDP and RD Gateway Allow Remote Code Execution

Microsoft has disclosed two critical vulnerabilities in its Windows Remote Desktop services that could allow attackers to execute arbitrary code on vulnerable systems over a network.

F5 BIG-IP Vulnerability Allows Remote Command Execution

A critical command injection vulnerability (CVE-2025-31644) has been identified in F5 BIG-IP systems operating in Appliance mode. The flaw allows authenticated administrators to execute arbitrary system commands, bypassing security boundaries.

“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram

A newly identified .NET-based infostealer named PupkinStealer has emerged as a significant threat targeting Windows systems. First observed in April 2025, this malware is designed to harvest sensitive data.

New Attack Exploits X/Twitter Ad URL Feature to Deceive Users

A newly uncovered scam campaign exploits X/Twitter’s ad URL preview feature to deceive users into visiting fraudulent cryptocurrency sites. By manipulating how metadata is fetched for preview cards, attackers display trusted domains.

Cybercriminals Hide Undetectable Ransomware Inside JPG Images

A new ransomware delivery technique has emerged, embedding malicious code within JPEG images to execute fully undetectable (FUD) ransomware. This method bypasses traditional antivirus systems and exploits user trust in common file types.

Phishing Scams on the Rise with Sophisticated PhaaS Toolkits and Realistic Fake Pages

The latest wave of attacks leverages PhaaS toolkits that automate the creation of dynamic phishing pages, eliminating the need for manual cloning of websites. These toolkits allow attackers to generate real-time replicas of legitimate websites.

Hackers Exploit Windows Remote Management to Evade Detection in AD Networks

A new wave of cyberattacks is exploiting WinRM to conduct stealthy lateral movement within AD environments. By leveraging this legitimate administrative tool, attackers evade detection and blend into normal network activity.

Microsoft Bookings Vulnerability Allows Unauthorized Changes to Meeting Details

A critical input validation vulnerability has been discovered in Microsoft Bookings, a scheduling tool integrated with Microsoft 365. The flaw allows attackers to inject arbitrary HTML into appointment fields.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags