Oracle Corporation has officially confirmed a cybersecurity breach in which hackers infiltrated its systems and stole client login credentials. This marks the second security incident disclosed by the software giant in less than a month, raising alarm among customers and…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Linux 6.15-rc1 Released: Better Drivers, Faster Performance
The Linux kernel community has witnessed another milestone with the release of Linux 6.15-rc1, the first release candidate for the forthcoming Linux 6.15 stable release. Announced by Linus Torvalds on April 6, 2025, in Phoronix blog, this marks the conclusion…
Hackers Abuse Windows .RDP Files to Launch Unauthorized Remote Desktop Sessions
The Google Threat Intelligence Group (GTIG) has unearthed a novel phishing campaign leveraging Windows Remote Desktop Protocol (.RDP) files to facilitate unauthorized remote access. Dubbed “Rogue RDP,” this campaign specifically targeted European government and military organizations in late 2024. The…
Morphing Meerkat: A PhaaS Utilizing DNS Reconnaissance to Generate Targeted Phishing Pages
Originally discovered in 2020 as a Phishing-as-a-Service (PhaaS) platform, Morphing Meerkat has since evolved into a sophisticated cybercriminal tool. Initially capable of mimicking login pages for only five email services, the platform has expanded its capabilities, now encompassing over 100…
Threat Actor Leaks Data from Major Bulletproof Hosting Provider Medialand
A threat actor disclosed internal data from Medialand, a prominent bulletproof hosting (BPH) provider long associated with Yalishanda, a cybercriminal organization tracked as LARVA-34. The breach has exposed the backend systems and operational infrastructure of Medialand, which has historically facilitated…
Google Patches Actively Exploited Android 0-Day Vulnerability
Google has issued critical security updates to address a recently discovered zero-day vulnerability actively exploited in Android devices. The Android Security Bulletin for April 2025 highlights the details of multiple security vulnerabilities, including high-profile issues such as CVE-2024-53150 and CVE-2024-53197, which have reportedly…
Kellogg’s Servers Breached, Hackers Steal Sensitive Data
WK Kellogg Co., one of the world’s leading cereal and snack manufacturers, has fallen victim to a significant data breach, exposing the sensitive information of an undisclosed number of individuals. The breach, which occurred on December 7, 2024, was only…
Xanthorox AI: New Automated Hacking Tool Surfaces on Hacker Forums
A new malicious AI tool, Xanthorox AI, has emerged on underground hacker forums. Dubbed the “Killer of WormGPT and all EvilGPT variants,” Xanthorox AI is poised to outpace previous AI-powered cyber tools in its versatility, stealth, and offensive capabilities, making it…
Apollo Router Vulnerability Enables Resource Exhaustion via Optimization Bypass
A critical vulnerability (CVE-2025-32032) has been identified in Apollo Router, a widely used GraphQL federation tool, allowing attackers to trigger resource exhaustion and denial-of-service (DoS) conditions. Rated 7.5 (High) on the CVSS v3.1 scale, the flaw impacts users running unpatched versions of…
WhatsApp for Windows Flaw Allowed Remote Code Execution via File Attachments
A critical vulnerability identified as CVE-2025-30401 was recently disclosed, highlighting a major security flaw in WhatsApp for Windows. This issue, which primarily affects desktop application versions prior to 2.2450.6, allowed attackers to exploit mismatched file metadata to execute arbitrary code on unsuspecting…
PoC Exploit Reveals SSH Key Exposure via Yelp Vulnerability on Ubuntu
Security researchers have uncovered a critical vulnerability (CVE-2025-3155) in Ubuntu’s default help browser Yelp that could expose sensitive system files including SSH private keys. The flaw impacts Ubuntu desktop installations and stems from improper handling of XML content in GNOME’s…
Everest Ransomware Gang’s Leak Site Hacked and Defaced
TechCrunch has uncovered a concerning development in consumer-grade spyware: a stealthy Android monitoring app that employs password-protected uninstallation to prevent removal. This app, which abuses built-in Android features like overlay permissions and device admin access, exemplifies the escalating technical sophistication…
Threat Actors Exploit Toll Payment Services in Widespread Hacking Campaign
In a sophisticated cybercrime operation, the Smishing Triad, a China-based group, has been identified as the orchestrator behind a surge in smishing campaigns targeting consumers in the US and UK. These campaigns exploit toll payment services like FasTrak, E-ZPass, and…
Auto-Color Linux Backdoor: TTPs and Internal Architecture Exposed
A newly identified Linux backdoor named “Auto-Color,” first observed between November and December 2024, has been targeting government organizations and universities across North America and Asia. This malware, initially disguised as a benign color-enhancement tool, employs sophisticated tactics, techniques, and…
Threat Actors Use VPS Hosting Providers to Deliver Malware and Evade Detection
Cybercriminals are intensifying phishing campaigns to spread the Grandoreiro banking trojan, targeting users primarily in Mexico, Argentina, and Spain. A detailed analysis by Forcepoint X-Labs reveals the sophisticated techniques employed by these attackers to evade detection and deliver malware. Phishing…
ToddyCat Attackers Exploited ESET Command Line Scanner Vulnerability to Conceal Their Tool
In a sophisticated cyberattack, the notorious ToddyCat APT group utilized a previously unknown vulnerability in ESET’s Command Line Scanner (ecls) to mask their malicious activities. The attack came to light when researchers detected a suspicious file named version.dll in the…
Threat Actors Exploit Fake CAPTCHAs and Cloudflare Turnstile to Distribute LegionLoader
In a sophisticated attack targeting individuals searching for PDF documents online, cybercriminals are using deceptive CAPTCHA mechanisms combined with Cloudflare’s Turnstile to distribute the LegionLoader malware. According to Netskope Threat Labs, this campaign, which started in February 2025, has affected…
Threat Actors Use Windows Screensaver Files as Malware Delivery Method
Cybersecurity experts at Symantec have uncovered a sophisticated phishing campaign targeting various sectors across multiple countries, leveraging the Windows screensaver file format (.scr) as a vector for malware distribution. This method, while seemingly innocuous, allows attackers to execute malicious code…
AI Surpasses Elite Red Teams in Crafting Effective Spear Phishing Attacks
In a groundbreaking development in the field of cybersecurity, AI has reached a pivotal moment, surpassing elite human red teams in the creation of effective spear phishing attacks. According to research conducted by Hoxhunt, AI agents have demonstrated a 24%…
HellCat, Rey, and Grep Groups Dispute Claims in Orange and HighWire Press Cases
SuspectFile.com has uncovered a complex web of overlapping claims and accusations within the cybercrime underworld, highlighting a case involving the ransomware groups HellCat, Rey, and grep, along with the controversial group Babuk2. The investigation delves into two significant cyberattacks: one…
EDR & Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections – SpyCloud Research
Deep visibility into malware-siphoned data can help close gaps in traditional defenses before they evolve into major cyber threats like ransomware and account takeover SpyCloud, the leading identity threat protection company, today released new analysis of its recaptured darknet data…
20-Year-Old Scattered Spider Hacker Pleads Guilty in Major Ransomware Case
A 20-year-old Noah Urban, a resident of Palm Coast, Florida, pleaded guilty to a series of federal charges in a Jacksonville courtroom. Urban, linked to the infamous Scattered Spider hacking group, admitted to charges of conspiracy, wire fraud, and aggravated…
NEPTUNE RAT Targets Windows Users, Steals Passwords from 270+ Applications
A recent cyber threat named Neptune RAT has emerged as a rising concern for Windows users, targeting sensitive data and exhibiting advanced malicious capabilities. CYFIRMA researchers have identified the latest version of this Remote Access Trojan (RAT), revealing alarming details…
MediaTek Releases Security Patch to Fix Vulnerabilities in Mobile and IoT Devices
MediaTek, a prominent semiconductor company specializing in mobile, IoT, and multimedia chipsets, has announced the release of critical software patches to address multiple security vulnerabilities uncovered in its products. These vulnerabilities have the potential to compromise devices running MediaTek-powered chipsets,…
Malicious Python Packages Target Popular Cryptocurrency Library to Steal Sensitive Data
In a recent development, the ReversingLabs research team has uncovered a sophisticated software supply chain attack targeting developers of cryptocurrency applications. The attack involved the creation of two malicious Python packages, bitcoinlibdbfix and bitcoinlib-dev, which were uploaded to the Python…
Lazarus Adds New Malicious npm Using Hexadecimal String Encoding to Evade Detection Systems
North Korean state-sponsored threat actors associated with the Lazarus Group have intensified their Contagious Interview campaign by deploying novel malicious npm packages leveraging hexadecimal string encoding to bypass detection mechanisms. These packages deliver BeaverTail infostealers and remote access trojan (RAT)…
Python JSON Logger Vulnerability Enables Remote Code Execution – PoC Released
A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in the Python JSON Logger package, affecting versions between 3.2.0 and 3.2.1. This vulnerability arises from a missing dependency, “msgspec-python313-pre,” which could be exploited by malicious actors…
Critical pgAdmin Flaw Allows Remote Code Execution
A severe Remote Code Execution (RCE) vulnerability in pgAdmin (CVE-2025-2945), the popular PostgreSQL database management tool, has been patched after researchers discovered attackers could hijack servers through malicious API requests. The flaw affects pgAdmin versions ≤9.1 and allows authenticated users…
Dell PowerProtect Flaw Allows Remote Attackers to Execute Arbitrary Commands
Dell Technologies has released a security update addressing a critical vulnerability (CVE-2025-29987) in its PowerProtect Data Domain Operating System (DD OS). The vulnerability allows authenticated attackers to execute arbitrary commands with root privileges, posing a high security risk. Users are…
Sakura RAT Released on GitHub Can Bypass Antivirus and EDR Tools
A newly developed remote administration tool (RAT) named “Sakura RAT” has been released on GitHub, raising alarms for its powerful capabilities and ability to bypass modern detection systems like antivirus (AV) software and endpoint detection and response (EDR) tools. Tagged…
Bitdefender GravityZone Console PHP Vulnerability Lets Hackers Execute Arbitrary Commands
Cybersecurity firm Bitdefender has patched a severe flaw (CVE-2025-2244) in its GravityZone Console, which could allow unauthenticated attackers to execute arbitrary commands on vulnerable systems. The vulnerability, discovered by researcher Nicolas Verdier (@n1nj4sec), has a near-maximum CVSSv4 score of 9.5, highlighting…
10 Best XDR (Extended Detection & Response) Solutions 2025
As cyber threats grow increasingly sophisticated, traditional security tools often fall short in providing comprehensive protection. Extended Detection and Response (XDR) has emerged as a next-generation cybersecurity solution designed to unify and enhance threat detection, investigation, and response across an…
NICE Workforce Framework 2.0.0 Released: Everything New and Improved
The National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity has undergone a significant update, with the release of its version 2.0.0 introducing numerous enhancements aimed at standardizing how cybersecurity work and competencies are understood and managed. This major…
Hack The box “Ghost” Challenge Cracked – A Detailed Technical Exploit
Cybersecurity researcher “0xdf” has cracked the “Ghost” challenge on Hack The Box (HTB), a premier platform for honing penetration testing skills, and shared an exhaustive technical breakdown on their GitLab blog. The write-up chronicles a sophisticated attack that navigates through…
Sec-Gemini v1 – Google’s New AI Model for Cybersecurity Threat Intelligence
Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering defenders with advanced threat analysis, vulnerability assessment, and incident response capabilities. The experimental system, developed by a team led by Elie Burzstein and Marianna Tishchenko,…
U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi, 28, from Kosovo to face charges in the Western District of Pennsylvania for their alleged roles as administrators of the Rydox cybercrime marketplace. The Rydox…
Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild
April 5, 2025 – Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways. Rated at a CVSS score of 9.0, this stack-based buffer overflow…
Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
A surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation. These scams, which have been hitting users’ phones in waves, are part of a sophisticated campaign leveraging a platform called Lucid. Cybercriminals…
PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack
A sophisticated phishing campaign, dubbed “PoisonSeed,” has been identified targeting customer relationship management (CRM) and bulk email providers to facilitate cryptocurrency-related scams. The threat actors behind this campaign are leveraging compromised credentials to export email lists and send bulk phishing…
EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor has been linked to ransomware campaigns, data theft, and the…
Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors are leveraging fake recruitment emails to distribute malicious payloads. The attackers impersonated Dev.to, a prominent developer community, and lured victims with promises of…
Malicious PyPI Package Targets E-commerce Sites with Automated Carding Script
Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike conventional supply chain attacks that rely on deception or typosquatting, disgrasya was overtly malicious, leveraging…
DeepSeek-R1 Prompts Abused to Generate Advanced Malware and Phishing Sites
The release of DeepSeek-R1, a 671-billion-parameter large language model (LLM), has sparked significant interest due to its innovative use of Chain-of-Thought (CoT) reasoning. CoT reasoning enables the model to break down complex problems into intermediate steps, enhancing performance on tasks…
Beware of Clickfix: ‘Fix Now’ and ‘Bot Verification’ Lures Deliver and Execute Malware
A sophisticated browser-based malware delivery method, dubbed ClickFix, has emerged as a significant threat to cybersecurity. Leveraging deceptive prompts like “Fix Now” and “Bot Verification,” ClickFix tricks users into executing malicious commands by exploiting familiar system actions. This technique bypasses…
Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks
As the United States approaches Tax Day on April 15, cybersecurity experts have uncovered a series of sophisticated phishing campaigns leveraging tax-related themes to exploit unsuspecting users. Microsoft has identified these campaigns as employing advanced redirection techniques such as URL…
State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers
The State Bar of Texas has confirmed a data breach following the detection of unauthorized activity on its network earlier this year. According to an official notice, the breach occurred between January 28, 2025, and February 9, 2025, during which…
Chinese Hackers Exploit Ivanti VPN Vulnerability to Deliver Malware Payloads
Ivanti disclosed a critical security vulnerability, CVE-2025-22457, affecting its Connect Secure (ICS) VPN appliances, particularly versions 22.7R2.5 and earlier. This buffer overflow vulnerability enables attackers to achieve remote code execution when exploited successfully. Security researchers from Mandiant and Ivanti have…
Top 20 Best Open-Source SOC Tools in 2025
As cyber threats continue to evolve, Security Operations Centers (SOCs) require robust tools to detect, analyze, and respond to incidents effectively. Open-source SOC tools provide cost-effective, customizable, and community-supported solutions for organizations of all sizes. In this article, we’ll explore…
Hackers Exploit Fast Flux to Evade Detection and Obscure Malicious Servers
Cybersecurity agencies worldwide have issued a joint advisory warning against the growing threat posed by “fast flux,” a sophisticated technique used by malicious actors to evade detection and obscure the locations of their command-and-control (C2) servers. The advisory, released by…
Oracle Reports Data Breach, Initiates Client Notifications
Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking its second cybersecurity incident disclosed in recent weeks. This breach underscores vulnerabilities in legacy systems and raises concerns about the company’s ability to safeguard sensitive client…
Vite Development Server Flaw Allows Attackers Bypass Path Restrictions
A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server. Due to improper path verification during URL request processing, attackers can bypass path restrictions and gain unauthorized access to arbitrary files on affected servers. This flaw is particularly…
Malicious PDFs Responsible for 22% of All Email-Based Cyber Threats
Malicious PDF files have emerged as a dominant threat vector in email-based cyberattacks, accounting for 22% of all malicious email attachments, according to a recent report by Check Point Research. With over 87% of organizations relying on PDFs for business…
New Android Spyware Tricks Users by Demanding Passwords for Uninstallation
A newly identified Android spyware app is elevating its tactics to remain hidden and unremovable by leveraging a password prompt for uninstallation. This unsettling feature effectively blocks users from removing the app unless the correct password—set by the person who…
Critical Apache Parquet Vulnerability Allows Remote Code Execution
A severe vulnerability has been identified in the Apache Parquet Java library, specifically within its parquet-avro module. This flaw, tracked as CVE-2025-30065, exposes systems to potential Remote Code Execution (RCE) attacks. It has been rated Critical with a CVSS score of 10.0, indicating the highest level of…
Ex-ASML Russian Employee Smuggled Trade Secrets to Moscow via USB
A former employee of Dutch semiconductor firm ASML, identified as German A. (43), stands accused of smuggling sensitive trade secrets to Russia over a span of nearly nine years. The engineer, originally from Russia, reportedly transferred confidential information using USB…
Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code
A critical security flaw has been discovered in Halo ITSM, an IT support management software widely deployed across cloud and on-premise environments. The vulnerability, which allows attackers to inject malicious SQL code, poses a significant threat to organizations relying on the…
Australian Pension Funds Hacked: Members Face Financial Losses
Several of Australia’s largest superannuation funds have been targeted in a coordinated cyberattack, leading to unauthorized access to customer accounts and financial losses for some members. Among those affected are major funds such as REST, Hostplus, AustralianSuper, Australian Retirement Trust,…
Frida Penetration Testing Toolkit Updated with Advanced Threat Monitoring APIs
In a significant update to the popular dynamic instrumentation toolkit Frida, developers have introduced powerful new APIs for advanced threat monitoring and software analysis. These enhancements, released on April 4, 2025, offer security researchers and penetration testers unprecedented capabilities in…
Apache Traffic Server Flaw Allows Request Smuggling Attacks
A critical vulnerability has been discovered in Apache Traffic Server (ATS), an open-source caching proxy server. Identified as CVE-2024-53868, this flaw enables attackers to exploit request smuggling via malformed chunked messages. Users of Apache Traffic Server are urged to upgrade to…
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code
OpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security vulnerability that could allow attackers to crash servers and potentially execute remote code under certain conditions. The flaw, identified as CVE-2025-2704, affects OpenVPN servers using specific configurations…
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
A newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with…
Qilin Operators Imitate ScreenConnect Login Page to Deploy Ransomware and Gain Admin Access
In a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a Managed Service Provider (MSP) by mimicking the login page of ScreenConnect, a popular Remote Monitoring and Management (RMM) tool. The attack, which occurred in January…
Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems
Hunters International, a ransomware group suspected to be a rebrand of the infamous Hive ransomware, has been linked to widespread attacks targeting Windows, Linux, FreeBSD, SunOS, and ESXi systems. Emerging in October 2023, the group has gained notoriety for its…
UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers
In a concerning development, CERT-UA, Ukraine’s Computer Emergency Response Team, has reported a series of cyberattacks attributed to the hacker group identified as UAC-0219. These attacks, which have been ongoing since the fall of 2024, utilize an advanced PowerShell-based malware…
New Phishing Campaign Targets Investors to Steal Login Credentials
Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券), a prominent online securities company in Japan formed through the merger of Monex, Inc. and Nikko Beans, Inc. The company provides individual investors with a range…
SonicWall Firewall Vulnerability Enables Unauthorized Access
Researchers from Bishop Fox have successfully exploited CVE-2024-53704, an authentication bypass vulnerability that affects SonicWall firewalls. This critical flaw allows remote attackers to hijack active SSL VPN sessions, enabling unauthorized network access without requiring user credentials. If left unpatched, the vulnerability…
DarkCloud Stealer Uses Weaponized .TAR Archives to Target Organizations and Steal Passwords
A recent cyberattack campaign leveraging the DarkCloud stealer has been identified, targeting Spanish companies and local offices of international organizations across various industries. The attackers are spoofing a legitimate Spanish company specializing in mountain and skiing equipment to deliver malicious…
New Trinda Malware Targets Android Devices by Replacing Phone Numbers During Calls
Kaspersky Lab has uncovered a new version of the Triada Trojan, a sophisticated malware targeting Android devices. This variant has been found pre-installed in the firmware of counterfeit smartphones mimicking popular models, often sold at discounted prices through unauthorized online…
Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS
Cisco has disclosed a significant vulnerability in its AnyConnect VPN Server for Meraki MX and Z Series devices, allowing authenticated attackers to trigger denial-of-service (DoS) conditions. The flaw (CVE-2025-20212) stems from an uninitialized variable during SSL VPN session establishment and affects over 20 hardware…
Hackers Exploit Apache Tomcat Flaw to Hijack Servers and Steal SSH Credentials
A newly discovered attack campaign has exposed vulnerabilities in Apache Tomcat servers, allowing hackers to hijack resources and steal SSH credentials. Researchers from Aqua Nautilus revealed that these attacks, which weaponized botnets within 30 hours of discovery, employ encrypted payloads…
New Web Skimming Attack Exploits Legacy Stripe API to Validate Stolen Card Data
A sophisticated web-skimming campaign has been discovered, leveraging a deprecated Stripe API to validate stolen credit card data before exfiltration. This novel strategy ensures that only valid and usable card details are exfiltrated, making the operation highly efficient and harder…
AI-Powered Gray Bots Target Web Applications with Over 17,000 Requests Per Hours
Web applications are facing a growing challenge from “gray bots,” a category of automated programs that exploit generative AI to scrape vast amounts of data. Unlike traditional malicious bots, gray bots occupy a middle ground, engaging in activities that, while…
EvilCorp and RansomHub Collaborate to Launch Worldwide Attacks on Organizations
EvilCorp, a sanctioned Russia-based cybercriminal enterprise, has been observed collaborating with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This partnership has heightened the threat landscape, as both entities leverage advanced tools and techniques to target organizations across the…
Russian Seashell Blizzard Targets Organizations Using Custom-Built Hacking Tools
Seashell Blizzard, also known as APT44, Sandworm, and Voodoo Bear, has emerged as a sophisticated adversary targeting critical sectors worldwide. Associated with Russia’s Military Intelligence Unit 74455 (GRU), this group has been active since at least 2009, focusing on sectors…
Multiple Jenkins Plugin Vulnerabilities Expose Sensitive Information to Attackers
Jenkins, the widely used open-source automation server, faces heightened security risks after researchers disclosed 11 critical vulnerabilities across its core software and eight plugins. These flaws expose sensitive data, enable code execution, and allow unauthorized configuration changes. Key Vulnerabilities and Risks Affected…
Google’s Quick Share for Windows Vulnerability Allows Remote Code Execution
Cybersecurity researchers from SafeBreach Labs have revealed new vulnerabilities in Google’s Quick Share file-transfer utility for Windows, including a critical flaw that allows attackers to execute code on targeted devices. The findings, disclosed this week, highlight risks in the widely…
Hackers Selling SnowDog RAT Malware With Remote Control Capabilities Online
A sophisticated remote access trojan (RAT) dubbed SnowDog has surfaced on underground cybercrime forums, prompting alarms among cybersecurity experts. Advertised as a tool for “corporate espionage and advanced intrusions,” the malware is being sold by an unidentified threat actor with claims of…
Authorities Shut Down Kidflix Child Abuse Platform in Major Takedown
In one of the most significant operations against child sexual exploitation in recent history, authorities have announced the shutdown of “Kidflix,” one of the world’s largest platforms for the distribution of child sexual abuse material (CSAM). The meticulously planned international…
Massive GitHub Leak: 39M API Keys & Credentials Exposed – How to Strengthen Security
Over 39 million API keys, credentials, and other sensitive secrets were exposed on GitHub in 2024, raising considerable alarm within the developer community and enterprises globally. The scale and impact of this leak have underscored the growing risks tied to…
GoResolver: A Powerful New Tool for Analyzing Golang Malware
Analyzing malware has become increasingly challenging, especially with the growing popularity of programming languages like Golang. Golang, or Go, has captivated developers for its extensive features but has also proven to be an attractive choice for malware authors, thanks to…
Verizon Call Filter App Vulnerability Exposed Call Log Data of Customers
A vulnerability in Verizon’s Call Filter app for iOS has been discovered, allowing unauthorized access to customer call logs. This flaw allowed any individual with the requisite technical knowledge to retrieve incoming call data—complete with timestamps—for any Verizon phone number,…
Cisco Smart Licensing Utility Flaws Allowed Attackers to Gain Admin Access
Cisco has disclosed critical vulnerabilities in its Smart Licensing Utility software, identified as CVE-2024-20439 and CVE-2024-20440, which could allow unauthenticated, remote attackers to gain administrative access or collect sensitive information from compromised systems. These flaws, rated with a severity score…
Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack
A sophisticated malware campaign has compromised over 1,500 PostgreSQL servers, leveraging fileless techniques to deploy cryptomining payloads. The attack, identified by Wiz Threat Research and attributed to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances configured with weak…
Hackers Exploit Cloudflare for Advanced Phishing Attacks
A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the abuse of Cloudflare services and Telegram for malicious purposes. Researchers at Hunt.io have identified this new wave of attacks, which employs Cloudflare-branded phishing pages and…
New Malware Targets Magic Enthusiasts to Steal Logins
A newly discovered malware, dubbed Trojan.Arcanum, is targeting enthusiasts of tarot, astrology, and other esoteric practices. Disguised as a legitimate fortune-telling application, this Trojan infiltrates devices to steal sensitive data, manipulate users through social engineering, and even deploy cryptocurrency mining…
SmokeLoader Malware Uses Weaponized 7z Archives to Deliver Infostealers
A recent malware campaign has been observed targeting the First Ukrainian International Bank (PUMB), utilizing a stealthy malware loader, Emmenhtal, in conjunction with the SmokeLoader malware. This campaign demonstrates advanced tactics by financially motivated threat actors to distribute infostealers like…
Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware
A recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the DeepSeek LLM and popular remote desktop applications to distribute the Trojan-Downloader.Win32.TookPS malware. The attackers targeted both individual users and organizations by disguising malicious software as legitimate…
Firefox 137 Launches with Patches for High-Severity Security Flaws
Mozilla has officially launched Firefox 137 with crucial security fixes aimed at addressing several high-severity vulnerabilities reported by security researchers. As part of its April 1, 2025, Mozilla Foundation Security Advisory (MFSA 2025-20), the foundation detailed three significant Common Vulnerabilities…
Google Cloud Platform Vulnerability Exposes Sensitive Data to Attackers
A privilege escalation vulnerability in Google Cloud Platform (GCP), dubbed “ImageRunner,” was recently discovered and fixed. The flaw, which Tenable Research brought to light, potentially allowed attackers to exploit Google Cloud Run permissions and access sensitive data stored in private…
20,000 WordPress Sites at Risk of File Upload & Deletion Exploits
A critical security alert has been issued to WordPress site administrators following the discovery of two high-severity vulnerabilities in the “WP Ultimate CSV Importer” plugin. With over 20,000 active installations, the plugin’s flaws pose a significant risk to affected websites,…
Apple Fined $162 Million by France Authorities for Mobile Ad Market Domination
French antitrust regulators have imposed a hefty fine of €150 million ($162.4 million) on tech giant Apple for abusing its dominant position in mobile app advertising through its App Tracking Transparency (ATT) tool. The ruling marks the first fine by…
QR Code Phishing (Quishing) Attack Your Smartphones To Steal Microsoft Accounts Credentials
Cybersecurity researchers have identified a growing trend in phishing attacks leveraging QR codes, a tactic known as “quishing.” These attacks exploit the widespread use of smartphones to deceive users into exposing sensitive credentials, particularly targeting Microsoft accounts. According to recent…
Prince Ransomware – An Automated Open-Source Ransomware Builder Freely Available on GitHub
The cybersecurity landscape has witnessed a concerning development with the emergence of “Prince Ransomware,” an open-source ransomware builder that was freely accessible on GitHub until recently. This tool, written in the Go programming language, has been exploited by cybercriminals to…
Gootloader Malware Spreads via Google Ads with Weaponized Documents
The notorious Gootloader malware has resurfaced with a new campaign that combines old tactics with modern delivery methods. This latest iteration leverages Google Ads to target users searching for legal document templates, such as non-disclosure agreements (NDAs) or lease agreements.…
Hackers Hijack Telegram Accounts via Default Voicemail Passwords
The Israeli Internet Association has issued a public warning about a surge in cyberattacks targeting Telegram accounts in Israel. The campaign, traced to hackers in Bangladesh and Indonesia, exploits vulnerabilities in voicemail systems to hijack accounts and, in some cases,…
North Korea IT Workers Expand Their Employment Across Europe To Infiltrate the Company Networks
North Korean IT workers have intensified their global operations, expanding their employment footprint across Europe to infiltrate corporate networks and generate revenue for the regime. According to the latest report by Google Threat Intelligence Group (GTIG), these workers pose as…
Google Introduces End-to-End Encryption for Gmail Business Users
Google has unveiled end-to-end encryption (E2EE) capabilities for Gmail enterprise users, simplifying encrypted email communication for businesses of all sizes. This feature, launched in beta today to coincide with Gmail’s birthday, aims to bridge the gap between robust security and…
New Outlaw Linux Malware Using SSH brute-forcing To Maintain Botnet Activities for long Time
A persistent Linux malware known as “Outlaw” has been identified leveraging unsophisticated yet effective techniques to maintain a long-running botnet. Despite its lack of advanced evasion mechanisms, Outlaw continues to propagate and monetize its activities by employing SSH brute-forcing, cron-based…
Hackers Exploit JavaScript & CSS Tricks to Steal Browsing History
The web browsing history feature, designed to enhance user convenience by styling visited links differently, has inadvertently created a privacy vulnerability. Hackers have exploited this feature, using JavaScript and CSS techniques to deduce users’ online habits, revealing a concerning loophole…
Hackers Exploiting Vulnerabilities in SonicWall, Zoho, F5 & Ivanti Systems
A surge in cyber activity targeting critical edge technologies and management tools, including SonicWall, Zoho, F5, Ivanti, and other systems, has been flagged by cybersecurity intelligence firm GreyNoise. The sudden spike in probing and exploitation attempts highlights an alarming trend:…