Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Espressif Systems Flaws Allow Hackers to Execute Arbitrary Code

A series of vulnerabilities has been discovered in Espressif Systems’ ESP32 devices, specifically affecting the BluFi module within the ESP-IDF framework. BluFi is designed to simplify WiFi configuration using a Bluetooth interface. These flaws, identified by the NCC Group, enable…

AI Operator Agents Helping Hackers Generate Malicious Code

Symantec’s Threat Hunter Team has demonstrated how AI agents like OpenAI’s Operator can now perform end-to-end phishing attacks with minimal human intervention, marking a significant evolution in AI-enabled threats. A year ago, Large Language Model (LLM) AIs were primarily passive…

Researchers Remotely Hack Commercial Trucks & Buses to Unlock Them

Security researchers have issued an urgent warning that commercial trucks and buses are significantly more vulnerable to cybersecurity attacks than passenger vehicles, potentially leading to catastrophic consequences. According to a comprehensive analysis by security experts, trucks represent more attractive targets…

Zoom Team Chat Decrypted, Exposing User Activity Data

Cybersecurity experts have successfully decrypted Zoom Team Chat data, revealing a wealth of information about user activities. This achievement underscores the importance of digital forensics in uncovering hidden digital evidence. The focus on Zoom Team Chat artifacts has shown that,…

Hackers Exploit Tomcat Vulnerability to Hijack Apache Servers

A recent and significant cybersecurity threat has emerged involving a critical vulnerability in Apache Tomcat, identified as CVE-2025-24813. This vulnerability allows for remote code execution, potentially allowing hackers to hijack servers running Apache Tomcat. The exploitation of this vulnerability is…

Adobe Acrobat Vulnerabilities Enable Remote Code Execution

A recent disclosure by Cisco Talos’ Vulnerability Discovery & Research team highlighted several vulnerability issues in Adobe Acrobat. All of these vulnerabilities have been addressed by their respective vendors, aligning with Cisco’s third-party vulnerability disclosure policy. For detection of these…

Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers

Cado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting both Windows and Linux systems. The attack utilizes multiple stages of obfuscation, including encrypted payloads and COM object manipulation, to ultimately deploy miners for various cryptocurrencies…

AWS SNS Exploited for Data Exfiltration and Phishing Attacks

Amazon Web Services’ Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service that facilitates communication between applications and users. While its scalability and integration capabilities make it a powerful tool for organizations, its misuse by adversaries for malicious…

New Context Compliance Exploit Jailbreaks Major AI Models

Microsoft researchers have uncovered a surprisingly straightforward method that can bypass safety guardrails in most leading AI systems. In a technical blog post published on March 13, 2025, Microsoft’s Mark Russinovich detailed the “Context Compliance Attack” (CCA), which exploits the…

Cisco Warns of Critical IOS XR Vulnerability Enabling DoS Attacks

Cisco has issued a security advisory warning of a vulnerability in its IOS XR Software that could allow attackers to launch denial-of-service (DoS) attacks.  The vulnerability, identified as CVE-2025-20115, affects the Border Gateway Protocol (BGP) confederation implementation. The CVE-2025-20115 vulnerability…

CISA Releases Security Advisory on 13 Industrial Control System Threats

CISA issued thirteen Industrial Control Systems (ICS) advisories, highlighting current security issues and vulnerabilities in various systems. These advisories are crucial for maintaining the security and integrity of industrial operations. The affected products primarily include several Siemens systems, along with…

New Microsoft 365 Attack Leverages OAuth Redirection for Credential Theft

Threat researchers at Proofpoint are currently tracking two sophisticated and highly targeted cyber-attack campaigns that are utilizing OAuth redirection mechanisms to compromise user credentials. These attacks combine advanced brand impersonation techniques with malware proliferation, focusing on Microsoft 365-themed credential phishing…

Hackers Exploiting JSPSpy To Manage Malicious Webshell Networks

Cybersecurity researchers have recently identified a cluster of JSPSpy web shell servers featuring an unexpected addition, Filebroser, a rebranded version of the open-source File Browser file management tool. This discovery sheds light on how attackers continue to leverage web shells…

Hackers Exploit Microsoft Copilot for Advanced Phishing Attacks

Hackers have been targeting Microsoft Copilot, a newly launched Generative AI assistant, to carry out sophisticated phishing attacks. This campaign highlights the risks associated with the widespread adoption of Microsoft services and the challenges that come with introducing new technologies…

New DCRat Campaign Uses YouTube Videos to Target Users

A new campaign involving the DCRat backdoor has recently been uncovered, leveraging YouTube as a primary distribution channel. Since the beginning of the year, attackers have been using the popular video-sharing platform to target users by creating fake or stolen…

Chinese Hacked Exploit Juniper Networks Routers to Implant Backdoor

Cybersecurity researchers have uncovered a sophisticated cyber espionage campaign targeting critical network infrastructure, marking a significant evolution in tactics by Chinese state-sponsored hackers. Mandiant, a leading cybersecurity firm, has discovered multiple custom backdoors deployed on Juniper Networks‘ routers, attributing the…

CISA Issues Advisory on Windows NTFS Flaw Enabling Local Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding a significant vulnerability in the Microsoft Windows New Technology File System (NTFS). This security flaw, identified as CVE-2025-24993, involves a heap-based buffer overflow vulnerability. The vulnerability could…

CISA Issues Security Alert on Windows NTFS Exploit Risk

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a recently discovered vulnerability in Microsoft’s Windows New Technology File System (NTFS).  Identified as CVE-2025-24991, this security flaw could potentially lead to unauthorized access to sensitive data…

CISA Warns of Microsoft Windows Win32 Kernel Subsystem Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) highlighted a critical vulnerability affecting the Microsoft Windows Win32 kernel subsystem. Identified as CVE-2025-24983, this use-after-free vulnerability in the Win32k component could potentially allow an authorized attacker to locally elevate privileges. The vulnerability…

DCRat Malware Spreading via YouTube to Steal Login Credentials

Cybersecurity researchers have identified a renewed wave of attacks involving the Dark Crystal RAT (DCRat), a dangerous remote access Trojan that has resurfaced through a Malware-as-a-Service (MaaS) model. Attackers are actively targeting gamers by distributing malicious software disguised as gaming…

CISA Warns of Windows NTFS Vulnerability Exploited for Data Theft

The Cybersecurity and Infrastructure Security Agency (CISA) highlighted a critical vulnerability in Microsoft Windows’ New Technology File System (NTFS). The vulnerability, designated as CVE-2025-24984, pertains to an information disclosure issue that could potentially allow attackers to access sensitive data stored…

Zoom Client Security Flaws Could Lead to Data Breaches

Recent security bulletins from Zoom have highlighted several high-severity vulnerabilities in their client software, raising concerns about potential data breaches for users. The latest security updates, issued on March 11, 2025, address multiple critical issues that could impact the privacy…

Apache Camel Vulnerability Allows Attackers to Inject Arbitrary Headers

A newly disclosed security vulnerability in Apache Camel, tracked as CVE-2025-27636, has raised alarms across the cybersecurity community. The flaw allows attackers to inject arbitrary headers into Camel Exec component configurations, potentially enabling remote code execution (RCE). The vulnerability impacts several…

AI-Generated Fake GitHub Repositories Steal Login Credentials

A concerning cybersecurity threat has emerged with the discovery of AI-generated fake GitHub repositories designed to distribute malware, including the notorious SmartLoader and Lumma Stealer. These malicious repositories, crafted to appear legitimate, exploit GitHub’s trusted reputation to deceive users into…

Google Warns Chromecast Owners Against Factory Reset

Google has issued a warning to Chromecast owners regarding the potential risks of performing a factory reset on their devices. This advisory comes as users have reported complications with device authentication after restoring their Chromecasts to factory settings. The warning…

“Eleven11bot” Botnet Compromises 30,000 Webcams in Massive Attack

Cybersecurity experts have uncovered a massive Distributed Denial-of-Service (DDoS) botnet known as “Eleven11bot.” This new threat, discovered by Nokia’s Deepfield Emergency Response Team (ERT), shared in LinkedIn, has compromised a staggering 30,000 network devices, predominantly webcams and Network Video Recorders…

Hackers Compromise Windows Systems Using 5000+ Malicious Packages

A recent analysis by FortiGuard Labs has revealed a significant increase in malicious software packages, with over 5,000 identified since November 2024. These packages employ sophisticated techniques to evade detection and exploit system vulnerabilities, posing a substantial threat to Windows…

Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials

North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded…

Apache Pinot Vulnerability Allows Attackers to Bypass Authentication

A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for real-time analytics, has been publicly disclosed. The flaw, identified as CVE-2024-56325, allows remote attackers to bypass authentication on vulnerable installations, posing a critical threat to affected systems.…

SAP Security Update Released to Fix Multiple Vulnerabilities

SAP announced 21 new Security Notes and updates to 3 previously released notes on its latest Security Patch Day. This release addresses critical vulnerabilities within SAP products, underscoring the company’s commitment to safeguarding enterprise software. SAP strongly recommends customers prioritize…

Apache Tomcat Flaw Could Allow RCE Attacks on Servers

Apache Tomcat, a widely used open-source web server software, has faced numerous security vulnerabilities in recent years. Some critical issues put servers at risk of remote code execution (RCE) and other attacks. These vulnerabilities highlight the importance of keeping software…

Apple iOS 18.4 Beta 3 Released – What’s New!

Apple has rolled out iOS 18.4 Beta 3, available to developers as of March 10, 2025, with the build number 22E5222f. This release is part of the ongoing beta testing phase, with the final version anticipated in early April 2025.…

Researcher Hacks Embedded Devices to Uncover Firmware Secrets

In a recent exploration of embedded device hacking, a researcher demonstrated how to extract firmware from flash memory using the flashrom tool. This process is crucial for understanding device operation and identifying potential vulnerabilities. However, it involves risks that can…

Threat Actors Exploit EncryptHub for Multi-Stage Malware Attacks

EncryptHub, a rising cybercriminal entity, has been under scrutiny by multiple threat intelligence teams, including Outpost24’s KrakenLabs. Recent investigations have uncovered previously unseen aspects of EncryptHub’s infrastructure and tactics, revealing a sophisticated multi-stage malware campaign. The threat actor’s operational security…

Critical Vulnerabilities in Moxa Switches Enable Unauthorized Access

A critical vulnerability identified as CVE-2024-12297 has been discovered in Moxa’s PT series of network switches, affecting multiple models across different product lines. This security flaw involves an authorization logic disclosure that can be exploited to bypass authentication mechanisms, allowing…

Cobalt Strike Exploitation by Hackers Drops, Report Reveals

A collaborative initiative involving Microsoft’s Digital Crimes Unit (DCU), Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) has reported a major drop in the use of unauthorized versions of the cyber tool Cobalt Strike by hackers. Since the…

WinDbg Vulnerability Allows Attackers to Execute Remote Code

Microsoft recently disclosed a critical vulnerability impacting its debugging tool, WinDbg, and associated .NET packages. Tracked CVE-2025-24043, this flaw allows remote code execution (RCE) due to improper cryptographic signature verification in the SOS debugging extension. According to Github’s Post, Developers…