Google has recently rolled out a critical security update for its Chrome browser, addressing vulnerabilities that could potentially allow attackers to execute arbitrary code. This update is part of a broader effort to ensure user safety in an increasingly threat-ridden…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
North Korea Launches Military Research Facility to Strengthen Cyber Warfare Operations
North Korea has taken a significant step in enhancing its cyber warfare capabilities by establishing a new research center, known as Research Center 227, under the military’s Reconnaissance General Bureau (RGB). This move is part of a broader strategy to…
SvcStealer Malware Strikes, Harvesting Sensitive Data from Browsers and Applications
A new strain of malware, known as SvcStealer, has emerged as a significant threat in the cybersecurity landscape. This malware is primarily delivered through spear phishing attacks, where malicious attachments are sent via email to unsuspecting victims. The SvcStealer campaign…
Cloudflare Reveals AI Labyrinth to Counter Automated AI Attacks
Cloudflare has unveiled AI Labyrinth, an innovative platform designed to combat AI-powered bots that relentlessly crawl and scrape data from websites without permission. By employing AI-generated content, AI Labyrinth cleverly slows down and misdirects these bots, safeguarding legitimate websites while enhancing…
WordPress Plugin Flaw Exposes 200,000+ Sites at Risk of Code Execution
A critical security vulnerability has been discovered in the popular WordPress plugin, WP Ghost, which boasts over 200,000 active installations. This flaw, tracked as CVE-2025-26909, concerns an unauthenticated Local File Inclusion (LFI) vulnerability that could potentially lead to Remote Code…
China’s Baidu Compromised in Data Leak, Affecting Users
Chinese tech giant Baidu has faced severe scrutiny after allegations emerged that a top executive’s teenage daughter had accessed and shared personal details of internet users online. The incident has raised significant concerns about data privacy and security at one…
Critical Next.js Middleware Vulnerability Allows Attackers to Bypass Authorization
A severe vulnerability has been identified in Next.js, a popular React framework used for building web applications, under the designation CVE-2025-29927. This critical flaw allows attackers to bypass security controls implemented by middleware, posing significant risks to authentication, authorization, and…
New Browser-Based RDP Tool Enables Secure Remote Access to Windows Servers
Cloudflare has introduced a groundbreaking browser-based Remote Desktop Protocol (RDP) solution. This innovative tool allows users to securely access Windows servers directly from their web browsers, eliminating the need for native RDP clients or VPNs. Cloudflare’s browser-based RDP solution is…
Hackers Use Fake Meta Emails to Steal Ad Account Credentials
A recent phishing campaign uncovered by the Cofense Phishing Defense Center (PDC) has been exploiting fake Meta emails to deceive users into surrendering their Meta Business account credentials. The attackers initiate the phishing attempt by sending fraudulent emails disguised as…
JumpServer Flaws Allow Attackers to Bypass Authentication and Gain Full Control
JumpServer, a widely used open-source Privileged Access Management (PAM) tool developed by Fit2Cloud, has been found to have critical security vulnerabilities. These flaws, recently highlighted by SonarSource’s vulnerability research team, allow attackers to bypass authentication and potentially gain full control…
Researchers Reveal macOS Vulnerability Exposing System Passwords
A recent article by Noah Gregory has highlighted a significant vulnerability in macOS, identified as CVE-2024-54471, which was patched in the latest security updates for macOS Sequoia 15.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1. This vulnerability could potentially expose…
Researchers Uncover FIN7’s Stealthy Python-Based Anubis Backdoor
Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily…
Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA challenges to trick users into executing malicious PowerShell commands, leading to malware infections. This tactic, highlighted in the HP Wolf Security Threat Insights Report for March…
Threat Actors Leverage Reddit to Spread AMOS and Lumma Stealers
In a recent surge of cyber threats, threat actors have been exploiting Reddit to distribute two potent malware variants: AMOS (Atomic Stealer) and Lumma Stealer. These malware types are specifically designed to target cryptocurrency traders by offering cracked versions of…
Albabat Ransomware Targets Windows, Linux, and macOS via GitHub Abuse
Recent research by Trend Micro has uncovered a significant evolution in the Albabat ransomware, which now targets not only Windows but also Linux and macOS systems. This expansion highlights the increasing sophistication of ransomware groups in exploiting multiple operating systems…
Over 150 US Government Database Servers Vulnerable to Internet Exposure
A recent open-source investigation has uncovered one of the largest exposures of US government data to cyber threats. More than 150 government database servers are currently exposed to the internet, leaving sensitive personal and national security information at an unprecedented…
UAT-5918 Hackers Exploit N-Day Vulnerabilities in Exposed Web and Application Servers
A recent cybersecurity threat, identified as UAT-5918, has been actively targeting entities in Taiwan, particularly those in critical infrastructure sectors such as telecommunications, healthcare, and information technology. This advanced persistent threat (APT) group is believed to be motivated by establishing…
Hackers Actively Exploit Apache Tomcat Servers via CVE-2025-24813 – Patch Now
A concerning development has emerged with the active exploitation of Apache Tomcat servers through the recently disclosed vulnerability, CVE-2025-24813. This vulnerability allows attackers to potentially execute remote code (RCE) if successfully exploited. The cybersecurity firm GreyNoise has identified multiple IPs…
Veeam RCE Vulnerability Allows Domain Users to Hack Backup Servers
Researchers uncovered critical Remote Code Execution (RCE) vulnerabilities in the Veeam Backup & Replication solution. These vulnerabilities, which include CVE-2025-23120, exploit weaknesses in deserialization mechanisms, potentially allowing any domain user to gain SYSTEM access to Veeam backup servers. This is…
MEDUSA Ransomware Deploys Malicious ABYSSWORKER Driver to Disable EDR
In a recent analysis by Elastic Security Labs, a malicious driver known as ABYSSWORKER has been identified as a key component in the MEDUSA ransomware attack chain. This driver is specifically designed to disable endpoint detection and response (EDR) systems,…
I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
In a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to…
VanHelsing Ransomware Targets Windows Systems with New Evasion Tactics and File Extension
The cybersecurity landscape has been recently disrupted by the emergence of the VanHelsing ransomware, a sophisticated strain identified by the CYFIRMA Research and Advisory Team. This ransomware targets Windows systems, employing advanced encryption techniques and appending a unique “.vanhelsing” extension…
Apple Sued in Federal Court for Delaying Apple Intelligence Features
Tech giant Apple has found itself at the center of a new legal battle after a class-action lawsuit was filed in the U.S. District Court in San Jose. The suit accuses Apple of false advertising and unfair competition related to…
Caido v0.47.0 Released – A Web Pentesting Tool Alternative to Burp Suite
Caido has unveiled version 0.47.0 of its web pentesting tool, cementing its position as a robust alternative to Burp Suite. This release is marked by several key enhancements that improve user experience and expand the tool’s capabilities in web application…
Infosys to Pay $17.5M in Settlement for 2023 Data Breach
Infosys, a leading IT services company, has announced that it has reached an agreement in principle to settle a series of class action lawsuits related to a data breach incident involving its subsidiary, Infosys McCamish Systems LLC. The proposed settlement…
Tomcat RCE Vulnerability Exploited in the Wild – Mitigation Steps Outlined
A recent vulnerability in Apache Tomcat, identified as CVE-2025-24813, has sparked concerns among cybersecurity professionals due to its potential for exploitation in unauthenticated remote code execution (RCE), severe information leakage, and malicious content injection. This vulnerability was publicly disclosed on…
CISA Issues Five Advisories on Industrial Control System Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories related to vulnerabilities and exploits affecting Industrial Control Systems (ICS). These advisories highlight significant security issues across various industrial equipment and software, underscoring users’ and administrators’ need for immediate…
Cloudflare Shifts to HTTPS-Only for APIs, Closing All HTTP Ports
Cloudflare has announced that it will shift its APIs to HTTPS-only connections, effectively closing all HTTP ports. This strategic decision aims to protect sensitive data from being intercepted by unauthorized parties during transmission. The change marks a crucial step forward…
New Arcane Stealer Spreads via YouTube, Stealing VPN and Browser Login Credentials
A new malware campaign has been uncovered, involving a sophisticated stealer known as Arcane, which is distributed through YouTube videos promoting game cheats. This campaign highlights the evolving tactics of cybercriminals, who continue to exploit popular platforms to spread malware.…
RansomHub Affiliate Deploys New Custom Backdoor “Betruger” for Persistent Access
Symantec’s Threat Hunter team has identified a sophisticated custom backdoor named “Betruger” linked to a RansomHub affiliate. This newly discovered backdoor appears to be purpose-built for ransomware operations, consolidating multiple attack functions into a single tool, likely to minimize the…
New Steganographic Malware Hides in JPEG Files to Spread Infostealers
A recent cybersecurity threat has been identified, where steganographic malware is being distributed through seemingly innocuous JPEG image files. This sophisticated campaign involves luring users into downloading obfuscated JPEG files that contain hidden malicious scripts and executables. Once these files…
North Korean IT Workers Exploit GitHub to Launch Global Cyberattacks
A recent investigation by cybersecurity firm Nisos has uncovered a coordinated effort by North Korean IT workers to exploit GitHub for creating fake personas, enabling them to secure remote jobs in Japan and the United States. These individuals, posing as…
Dragon RaaS Leading “Five Families” Crimeware with New Initial Access & Exploitation Tactics
Dragon RaaS, a ransomware group known for its blend of hacktivism and cybercrime, has emerged as a significant player in the “Five Families” crimeware syndicate. This group, which includes ThreatSec, GhostSec, Blackforums, and SiegedSec, has been making waves since its…
Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Surge by 130%
Menlo Security, a leader in Secure Enterprise Browsers, has released its annual State of Browser Security Report, revealing a sharp rise in browser-based cyberattacks. The report highlights a 130% surge in zero-hour phishing attacks and a significant increase in the…
Cisco Smart Licensing Utility Vulnerabilities Under Hacker Exploitation
Recent reports indicate that hackers are actively trying to exploit two critical vulnerabilities in the Cisco Smart Licensing Utility. These vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, were disclosed by Cisco in September. The first vulnerability involves a static credential issue,…
Massive “DollyWay” Malware Attack Compromises 20,000+ WordPress Sites Worldwide
A significant malware operation, dubbed “DollyWay,” has been uncovered by GoDaddy Security researchers, revealing a sophisticated campaign that has compromised over 20,000 WordPress sites globally. This operation, which began in 2016, leverages a distributed network of compromised WordPress sites as…
Babuk2 Ransomware Issues Fake Extortion Demands Using Data from Old Breaches
Recent investigations by the Halcyon RISE Team have uncovered a concerning trend in the ransomware landscape: the Babuk2 group is issuing extortion demands based on false claims. Despite announcing numerous attacks, there is no third-party confirmation or evidence from victims…
IBM Warns of AIX Vulnerabilities Allowing Arbitrary Command Execution
IBM has recently issued a critical security warning regarding vulnerabilities in its AIX operating system that could allow remote attackers to execute arbitrary commands. The vulnerabilities, identified as CVE-2024-56346 and CVE-2024-56347, were discovered in the IBM AIX nimesis NIM master…
Dell Alerts on Critical Secure Connect Gateway Vulnerabilities
Dell has issued several critical security alerts regarding vulnerabilities in its Secure Connect Gateway (SCG) products. These vulnerabilities pose significant risks to users, including potential data breaches and unauthorized access to sensitive information. This article will delve into the details…
Signal Messenger Exploited in Targeted Attacks on Defense Industry Employees
The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a series of targeted cyberattacks against employees of the defense-industrial complex and members of the Defense Forces of Ukraine. These attacks have been ongoing since at least the summer of…
Chinese “Salt Typhoon” Hackers Exploit Exchange Vulnerabilities to Target Organizations
The Chinese Advanced Persistent Threat (APT) group known as Salt Typhoon, also referred to as FamousSparrow, GhostEmperor, Earth Estries, and UNC2286, has been actively targeting critical sectors worldwide. This group has been particularly focused on telecommunications and government entities across…
CISA Alerts on Edimax IP Camera OS Command Injection Exploit
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability found in Edimax IC-7100 IP cameras. The alert centers on an OS command injection vulnerability due to improper input sanitization, which allows malicious actors…
Babuk Ransomware Group Claims Attack on Telecommunication Firm Orange
The Babuk ransomware group has recently claimed responsibility for a sophisticated cyberattack on Orange, a leading global telecommunications company. According to an exclusive interview with SuspectFile.com, Babuk exploited a zero-day vulnerability in Orange’s systems to gain initial access to the…
CISA Warns of NAKIVO Backup Flaw Exploited in Attacks with PoC Released
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability in the NAKIVO Backup and Replication software, known as CVE-2024-48248. This vulnerability allows attackers to exploit an absolute path traversal flaw, enabling them to…
SpyX Data Breach Exposes Personal Information of Nearly 2 Million Users
SpyX, a company known for developing spyware, has experienced a data breach that compromised the personal information of nearly 2 million users. As per a report posted by Have I been Pwned, the breach, which occurred on June 24, 2024,…
Critical Veeam Backup & Replication Vulnerability Allows Remote Execution of Malicious Code
A critical vulnerability in Veeam Backup & Replication software has been disclosed, posing a significant risk to users. This vulnerability, identified as CVE-2025-23120, allows remote code execution (RCE) by authenticated domain users. The severity of this issue is underscored by…
Kali Linux 2025.1a Released: New Tools and Desktop Environment Upgrades
Kali Linux, the renowned cybersecurity-focused Linux distribution, has just ushered in the new year with the release of Kali Linux 2025.1a. This update builds upon the existing features, offering myriad enhancements and improvements designed to give users a streamlined experience.…
Linux Kernel Vulnerability Allows Attackers to Escalate Privileges via Out-of-Bounds Write
A recently discovered vulnerability in the Linux kernel, identified as CVE-2025-0927, poses a significant threat to system security. This flaw, present in the HFS+ file system driver, allows attackers to exploit an out-of-bounds write condition, potentially leading to local privilege…
Hackers Use RMM Tools to Maintain Persistence and Navigate Networks Undetected
Threat actors have increasingly been leveraging legitimate remote monitoring and management (RMM) software to infiltrate and navigate through networks undetected. RMM tools, such as AnyDesk, Atera Agent, MeshAgent, NetSupport Manager, Quick Assist, ScreenConnect, Splashtop, and TeamViewer, are widely used by…
mySCADA myPRO Manager RCE Vulnerabilities Allow Remote Attackers to Take Control of ICS Devices
In a significant discovery, PRODAFT’s security research team has identified two critical vulnerabilities in the mySCADA myPRO Manager, a widely used Supervisory Control and Data Acquisition (SCADA) management solution. These vulnerabilities, if exploited, could grant unauthorized access to industrial control…
41% of Successful Logins Across Websites Involve Compromised Passwords
A recent analysis by Cloudflare reveals a concerning trend in online security: nearly 41% of successful logins across websites involve compromised passwords. This issue is exacerbated by the widespread practice of password reuse among users. Despite growing awareness about online…
Microsoft Windows NTLM File Explorer Vulnerability Exploited in The Wild – PoC Released
A significant vulnerability in Microsoft Windows File Explorer, identified as CVE-2025-24071, has been discovered and is being actively exploited in the wild. This vulnerability allows attackers to capture NTLM hashes, potentially leading to network spoofing attacks and credential theft. The…
VPN Vulnerabilities Become a Primary Weapon for Threat Actors Targeting Organizations
In recent years, VPN vulnerabilities have emerged as a critical threat vector for organizations worldwide. Threat actors, including both cybercriminal groups and state-sponsored entities, are increasingly exploiting these vulnerabilities to gain unauthorized access to sensitive networks. Two notable vulnerabilities, CVE-2018-13379…
Threat Actors Steal 3.2 Billion Login Credentials and Infect 23 Million Devices Worldwide
In a stark revelation of the escalating cyber threat landscape, Flashpoint’s latest intelligence report highlights the alarming rise in compromised credentials and malware infections. In 2024, threat actors managed to steal an unprecedented 3.2 billion login credentials, marking a 33%…
Threat Actors Leverage Legacy Drivers to Circumvent TLS Certificate Validation
Threat actors have recently been exploiting legacy drivers to bypass certificate validation, leveraging a technique known as “Legacy Driver Exploitation.” This method involves using vulnerable drivers to evade security measures and distribute malware, as highlighted in a recent security advisory.…
mySCADA myPRO RCE Vulnerabilities Expose ICS Devices to Remote Control
Supervisory Control and Data Acquisition (SCADA) systems play a pivotal role in managing critical infrastructure across sectors like energy, manufacturing, and more. However, this digital transformation also brings with it a heightened vulnerability to cyber threats. Recent research by our…
Attackers Hide Malicious Word Files Inside PDFs to Evade Detection
A newly identified cybersecurity threat involves attackers embedding malicious Word files within PDFs to deceive detection systems. This technique, confirmed by JPCERT/CC, exploits the fact that files created using MalDoc in PDF can be opened in Microsoft Word, even though…
Sante PACS Server Flaws Allow Remote Attackers to Download Arbitrary Files
Recently, several critical vulnerabilities were discovered in Sante PACS Server version 4.1.0, leaving it susceptible to severe security breaches. These vulnerabilities, identified by CVE-2025-2263, CVE-2025-2264, CVE-2025-2265, and CVE-2025-2284, expose the server to potential attacks that can lead to unauthorized access, data breaches, and denial-of-service…
Cloudflare Introduces Cloudforce One to Detect and Analyze IoCs, IPs, and Domains
Cloudflare, a leading web infrastructure and security company, has launched the Cloudforce One threat events platform, designed to revolutionize how security professionals detect and analyze indicators of compromise (IOCs), including IP addresses, domains, and other critical metadata. The proliferation of…
US Sperm Donor Giant California Cryobank Hit by Data Breach
California Cryobank, a leading sperm donation facility based in Los Angeles, has been impacted by a significant data breach, potentially affecting both its clients and donors. The breach was reported, involving personal identifiers which could include names in combination with…
Hackers Exploit Azure App Proxy Pre-Authentication to Access Private Networks
Hackers are exploiting a vulnerability in Microsoft’s Azure App Proxy by manipulating the pre-authentication settings to gain unauthorized access to private networks. The Azure App Proxy is designed to securely publish on-premises applications to the public internet without requiring firewall…
New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware
A threat intelligence researcher from Cato CTRL, part of Cato Networks, has successfully exploited a vulnerability in three leading generative AI (GenAI) models: OpenAI’s ChatGPT, Microsoft’s Copilot, and DeepSeek. The researcher developed a novel Large Language Model (LLM) jailbreak technique,…
Hackers Exploit Cobalt Strike, SQLMap, and Other Tools to Target Web Applications
A recent cybersecurity incident has highlighted the sophisticated methods used by hackers to target web applications, particularly in South Korea. The attackers leveraged a combination of tools, including Cobalt Strike, SQLMap, dirsearch, and Web-SurvivalScan, to exploit vulnerabilities and gain unauthorized…
Severe AMI BMC Vulnerability Enables Remote Authentication Bypass by Attackers
A critical vulnerability has been discovered in AMI’s MegaRAC software, which is used in Baseboard Management Controllers (BMCs) across various server hardware. This vulnerability, identified as CVE-2024-54085, allows attackers to bypass authentication remotely, posing a significant risk to cloud infrastructure…
11 State-Sponsored Threat Actors Exploit 8-Year-Old Windows Shortcut Flaw
Cybersecurity researchers have discovered that multiple state-sponsored threat actors have been exploiting an eight-year-old vulnerability in Windows shortcut files. This security flaw, identified as ZDI-CAN-25373, allows malicious actors to embed hidden commands within .lnk files, which can execute when opened,…
MirrorFace Hackers Modify AsyncRAT Execution for Stealthy Deployment in Windows Sandbox
In a significant development, the China-aligned advanced persistent threat (APT) group known as MirrorFace has been observed employing sophisticated tactics to enhance the stealthiness of its attacks. Recently, MirrorFace modified the execution of AsyncRAT, a publicly available remote access trojan…
CISA Warns of Supply-Chain Attack Exploiting GitHub Action Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical supply-chain attack affecting a widely used third-party GitHub Action: tj-actions/changed-files. This action, exploited under CVE-2025-30066, is designed to identify changes in files during pull requests or…
Advanced Cyber Attack Exploits Booking Websites to Deploy LummaStealer Malware
A sophisticated cyberattack has been uncovered, targeting booking websites to spread the LummaStealer malware. This campaign leverages fake CAPTCHA prompts and social engineering techniques to deceive users into executing malicious commands on their systems. LummaStealer, an info-stealer malware operating under…
Critical Synology Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A critical vulnerability affecting Synology’s DiskStation Manager (DSM) has been disclosed, allowing remote attackers to execute arbitrary code on vulnerable systems. This severe issue, identified as CVE-2024-10441, has been reported in multiple DSM versions, including DSM 6.2, 7.1, 7.2, and…
Windows File Explorer Vulnerability Enables Network Spoofing Attacks: PoC Released
A critical vulnerability in Windows File Explorer has been discovered, allowing attackers to capture NTLM hashes and potentially exploit them for network spoofing attacks. The vulnerability, identified as CVE-2025-24071, involves the automatic processing of specially crafted .library-ms files within compressed archives like…
CISA Issues Security Warning on Fortinet FortiOS Authentication Bypass Exploit
The Cybersecurity and Infrastructure Security Agency (CISA) issued a critical security warning regarding a severe vulnerability in Fortinet’s FortiOS and FortiProxy systems. Specifically, CVE-2025-24472, an authentication bypass vulnerability, poses a significant threat as it allows remote attackers to gain super-admin…
New ClearFake Variant Uses Fake reCAPTCHA to Deploy Malicious PowerShell Code
A recent variant of the ClearFake malware framework has been identified, leveraging fake reCAPTCHA and Cloudflare Turnstile verifications to deceive users into executing malicious PowerShell code. This evolution marks a significant shift in how ClearFake exploits Web3 capabilities to deliver…
MirrorGuard: Adaptive Defense Mechanism Against Jailbreak Attacks for Secure Deployments
A novel defense strategy, MirrorGuard, has been proposed to enhance the security of large language models (LLMs) against jailbreak attacks. This approach introduces a dynamic and adaptive method to detect and mitigate malicious inputs by leveraging the concept of “mirrors.”…
Electromagnetic Side-Channel Analysis of Cryptographically Secured Devices
Electromagnetic (EM) side-channel analysis has emerged as a significant threat to cryptographically secured devices, particularly in the era of the Internet of Things (IoT). These attacks exploit information leakages through physical parameters such as EM radiation, which is emitted by…
Fake Coinbase Migration Messages Target Users to Steal Wallet Credentials
A sophisticated phishing campaign is currently targeting cryptocurrency investors with fraudulent emails claiming to be from Coinbase. The scam attempts to trick users into transferring their funds to wallets controlled by attackers through a deceptive “mandatory wallet migration” scheme. How…
Hackers Exploit Hard Disk Image Files to Deploy VenomRAT
In a recent cybersecurity threat, hackers have been using virtual hard disk image files (.vhd) to distribute the VenomRAT malware, exploiting a novel technique to bypass security measures. This campaign begins with a phishing email that uses a purchase order…
New BitM Attack Enables Hackers to Hijack User Sessions in Seconds
A recent threat intelligence report highlights the emergence of a sophisticated cyberattack technique known as Browser-in-the-Middle (BitM), which allows hackers to hijack user sessions across various web applications in a matter of seconds. This method exploits the inherent functionalities of…
Microsoft Warns of StilachiRAT Stealing Remote Desktop Protocol Session Data
Microsoft has recently issued a warning about a novel remote access trojan (RAT) known as StilachiRAT, which poses significant threats to system security by stealing sensitive data, including credentials and cryptocurrency information. This sophisticated malware was discovered by Microsoft Incident…
DocSwap Malware Masquerades as Security Document Viewer to Attack Android Users Worldwide
The cybersecurity landscape has witnessed a new threat with the emergence of the DocSwap malware, which disguises itself as a “Document Viewing Authentication App” to deceive users into installing it on their Android devices. This sophisticated malware is suspected to…
Squid Werewolf Mimics Recruiters to Target Job Seekers and Steal Personal Data
In a sophisticated phishing campaign uncovered by the BI.ZONE Threat Intelligence team, the Squid Werewolf group, also known as APT37, has been impersonating recruiters to target key employees in various organizations. This espionage cluster uses fake job opportunities to lure…
Hackers Use DLL Side-Loading to Deploy Malicious Python Code
A recent discovery by Xavier Mertens, a senior handler at the Internet Storm Center, has highlighted a sophisticated attack where hackers utilize DLL side-loading to deploy malicious Python code. This technique involves tricking an application into loading a malicious DLL…
Bybit Hack: Details of Sophisticated Multi-Stage Attack Uncovered
The Bybit hack, which occurred on February 21, 2025, has been extensively analyzed by multiple cybersecurity teams, including Sygnia. This attack exposed significant security vulnerabilities across various domains, including macOS malware, AWS cloud compromise, application security, and smart contract security.…
Google’s Parent Alphabet in Talks to Acquire Cybersecurity Firm Wiz for $30 Billion
Alphabet, the parent company of Google, is reportedly in discussions to acquire Wiz, a leading cybersecurity firm, for a staggering $30 billion. This potential acquisition highlights Alphabet’s strategic expansion into the cybersecurity sector, which has become increasingly crucial for businesses…
Amazon Ends Local Voice Processing, Transitions Fully to Cloud
Amazon announced that it will discontinue the local voice processing feature for its AI assistant Alexa. This change, set to take effect on March 28, means that all voice commands will be processed in the cloud instead of on the…
Cloudflare Adopts Post-Quantum Cryptography to Combat Future Quantum Attacks
Cloudflare has announced the implementation of post-quantum cryptography across its services. This advancement is part of a broader effort to protect customers from potential quantum attacks that could compromise conventional cryptographic systems in the future. Quantum computers, which are rapidly…
Hackers Exploit SSRF Vulnerability to Attack OpenAI’s ChatGPT Infrastructure
A critical cybersecurity alert has been issued following the active exploitation of a Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT infrastructure. According to the Veriti report, the vulnerability, identified as CVE-2024-27564, has been weaponized by attackers in real-world attacks,…
TruffleHog: New Burp Suite Extension for Secret Scanning Released
A new extension for Burp Suite has been released, integrating the powerful secret scanning capabilities of TruffleHog. This innovative integration aims to enhance the detection of live, exploitable credentials within HTTP traffic, making it a valuable tool for security professionals.…
Top 10 Best Penetration Testing Companies in 2025
Penetration testing companies play a vital role in strengthening the cybersecurity defenses of organizations by identifying vulnerabilities in their systems, applications, and networks. These firms simulate real-world cyberattacks to uncover weaknesses that could be exploited by malicious actors, helping businesses…
Crypto Platform OKX Suspends Tool Abused by North Korean Hackers
Cryptocurrency platform OKX has announced the temporary suspension of its Decentralized Exchange (DEX) aggregator tool. This decision comes on the heels of coordinated attacks by certain media outlets and unsuccessful attempts by the notorious Lazarus Group—a hacking entity linked to…
Cobalt Strike 4.11 Released with Built-In Evasion Features for Red Teams
Cobalt Strike, a highly advanced threat emulation tool, has released version 4.11, packing a robust suite of features designed to enhance evasion capabilities for red teams. This latest update introduces several novel technologies and improvements, solidifying Cobalt Strike’s position as…
PoC Exploit Released for Linux Kernel Use-After-Free Vulnerability
A proof-of-concept (PoC) exploit has been released for a use-after-free vulnerability in the Linux kernel, identified as CVE-2024-36904. This vulnerability is located in the TCP subsystem of the Linux kernel and is caused by the inet_twsk_hashdance() function inserting the time-wait socket into…
Denmark Issues Warning on Major Cyber Attacks Targeting Telecom Sector
Denmark has announced a heightened alert status for the telecommunications sector due to an increased threat from cyber attacks. According to a recent threat assessment by the Danish Agency for Social Security, the risk level for cyber espionage against the…
Google Launches Open-Source OSV-Scanner for Detecting Security Vulnerabilities
Google has announced the launch of OSV-Scanner V2, an open-source tool designed to enhance vulnerability scanning and remediation across various software ecosystems. This update follows the recent release of OSV-SCALIBR, another powerful tool in the OSV suite, which together form a comprehensive…
SocGholish Exploits Compromised Websites to Deliver RansomHub Ransomware
SocGholish, a sophisticated malware-as-a-service (MaaS) framework, has been identified as a key enabler in the distribution of RansomHub ransomware. This malicious framework exploits compromised websites by injecting them with obfuscated JavaScript loaders, which redirect users to fake browser update notifications.…
MassJacker Clipper Malware Targets Users Installing Pirated Software
A recent investigation has uncovered previously unknown cryptojacking malware, dubbed MassJacker, which primarily targets users who download pirated software from sites like pesktop.com. This malware operates by replacing cryptocurrency wallet addresses copied by users with those belonging to the attackers,…
Beware! Malware Hidden in Free Word-to-PDF Converters
The FBI has issued a warning about a growing threat involving free file conversion tools, which are being used to spread malware. This scam, described as “rampant” by the FBI’s Denver Field Office, targets users who seek online tools to…
Supply Chain Attack Targets 23,000 GitHub Repositories
A critical security incident has been uncovered involving the popular GitHub Action tj-actions/changed-files, which is used in over 23,000 repositories. The attack involves a malicious modification of the Action’s code, leading to the exposure of CI/CD secrets in GitHub Actions…
Hackers Rapidly Adopt ClickFix Technique for Sophisticated Attacks
In recent months, a sophisticated social engineering technique known as ClickFix has gained significant traction among cybercriminals and nation-state-sponsored groups. This method exploits human psychology by presenting users with fake prompts that appear to resolve a non-existent issue, effectively bypassing…
Wazuh SIEM Vulnerability Enables Remote Malicious Code Execution
A critical vulnerability, identified as CVE-2025-24016, has been discovered in the Wazuh Security Information and Event Management (SIEM) platform. This vulnerability affects versions 4.4.0 to 4.9.0 and allows attackers with API access to execute arbitrary Python code remotely, potentially leading…
Kentico Xperience CMS Vulnerability Enables Remote Code Execution
In recent security research, vulnerabilities in the Kentico Xperience CMS have come to light, highlighting significant risks for users who rely on this Content Management System (CMS). Specifically, two primary issues were identified: an Authentication Bypass vulnerability and a Post-Authentication Remote Code Execution…