Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Buffalo, N.Y. — U.S. Attorney Trini E. Ross announced today that Wul Isaac Chol, 27, of Buffalo, NY, pleaded guilty before the U.S. District Judge John L. Sinatra, Jr. to possessing 15 or more unauthorized access devices intending to defraud.…

Read more →

The Kali Linux team has announced the release of Kali Linux 2024.2, the latest version of their popular penetration testing and security auditing Linux distribution. Kali Linux is one of the most powerful Debian-based Linux distributions, developed and maintained by…

Read more →

Sophos Managed Detection and Response (MDR) has uncovered a sophisticated, long-running cyberespionage campaign dubbed “Crimson Palace,” attributed to Chinese state-sponsored actors. The operation targeted a high-profile government organization in Southeast Asia, with activities spanning from early 2022 to April 2024.…

Read more →

Phishing attackers are distributing malicious HTML files as email attachments, containing code designed to exploit users by prompting them to directly paste and execute the code, which leverages social engineering, as users are tricked into running the malicious code themselves…

Read more →

Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses, of which 151M had never been seen in Have I Been…

Read more →

Attackers are using malicious Excel files with VBA macros to deploy DLLs and ultimately install Cobalt Strike on compromised Windows machines, which use obfuscation and target specific processes to avoid detection by antivirus software.  The attacks appear to target Ukrainian…

Read more →

Generative AI systems comprise several components and models geared to enhancing human interactions with the system.  However, while being as realistic and useful as possible, these models are protected by defense layers against generating misuse or inappropriate content against the…

Read more →

Hackers use packers maliciously to make their code difficult to recognize, as most antivirus programs are coded to be able to recognize these packers.  The packers initialize and encrypt the original malware payload into a new form, which is hard…

Read more →

Cybersecurity experts have discovered that the widely used messaging application Signal is being exploited to deliver DarkCrystal RAT malware to high-profile targets, including government officials, military personnel, and representatives of defense enterprises in Ukraine. The Infection Process According to a…

Read more →

 The former command senior chief of the littoral combat ship Manchester’s gold crew, Senior Chief Grisel Marrero, has been convicted at a court-martial for installing an unauthorized Wi-Fi system aboard the ship and subsequently lying about it to her superiors.…

Read more →

Hackers have multiple reasons for abusing malicious npm packages, as they can first use popular open-source libraries as a medium for distributing malware or backdoors without the users’ knowledge. Secondly, allow threat actors to penetrate into developers’ and agencies’ networks…

Read more →

Hackers have multiple reasons for abusing malicious npm packages, as they can first use popular open-source libraries as a medium for distributing malware or backdoors without the users’ knowledge. Secondly, allow threat actors to penetrate into developers’ and agencies’ networks…

Read more →

The ransomware landscape is rapidly diversifying in 2024, with a surge in new extortion groups as established attackers continue to target large companies. A record number of smaller groups are emerging—22 in just five months compared to 22 in a…

Read more →

Russia is intensifying disinformation campaigns against France, President Macron, the IOC, and the 2024 Paris Olympics, blending decades-old tactics with AI, as the Microsoft Threat Analysis Center (MTAC) identifies two primary goals: tarnishing the IOC’s reputation and fostering expectations of…

Read more →

Zyxel has released patches addressing critical command injection and remote code execution vulnerabilities in two of its NAS products, NAS326 and NAS542, which have reached end-of-vulnerability support. Users are strongly advised to install these patches to ensure optimal protection. What…

Read more →

Over the past year, the ransomware actor known as “Underground” has been less active than other groups, yet they remain a threat in the cybersecurity landscape. Despite their reduced activity, Underground continues to target industries of various sizes, causing substantial…

Read more →

Hackers take advantage of Word documents as weapons due to their widespread use and trust. This is facilitated by the ease with which users can be deceived into opening them.  These documents may have macros or exploits that are dangerous…

Read more →

The Oracle WebLogic Server vulnerabilities enable hackers to access unauthorized systems that are used for business data and applications.  This can enable threat actors to bring in external programs and complete system control, consequently assuming admin privileges. The end result…

Read more →

Hugging Face, a leading AI and machine learning platform, has reported unauthorized access to its Spaces platform, explicitly targeting Spaces secrets. This breach has raised concerns about the security of sensitive information and the potential impact on users. Unauthorized Access…

Read more →

A critical security vulnerability has been discovered in the wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, a popular plugin used by WordPress websites to create dynamic tables and charts. The vulnerability, CVE-2024-3820, allows attackers to perform…

Read more →