Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Researchers at HiddenLayer have unveiled a series of vulnerabilities within Google’s Gemini AI that could allow attackers to manipulate user queries and control the output of the Large Language Models (LLMs). This revelation has raised concerns over the security and…

Read more →

An infostealer disguised as the Adobe Reader installation has been observed. The file is disseminated in PDF format and prompts users to download and run it. The fake PDF file, according to AhnLab Security Intelligence Center (ASEC), is written in Portuguese…

Read more →

A new threat actor, Magnet Goblin, emerged by rapidly exploiting recently disclosed vulnerabilities (CVE-2023-46805 & CVE-2023-21887) in Ivanti Connect Secure VPN, which allowed them to deploy custom Linux backdoors on vulnerable systems. Magnet Goblin has a history of targeting platforms…

Read more →

There are advantages to using standalone AI chatbots over cloud-based alternatives such as OpenAI; however, there are also some security risks. Research shows NextChat, a popular standalone chatbot with over 7500 exposed instances, is vulnerable to a critical SSRF vulnerability…

Read more →

An infostealer disguised as the Adobe Reader installation has been observed. The file is disseminated in PDF format and prompts users to download and run it. The fake PDF file, according to AhnLab Security Intelligence Center (ASEC), is written in Portuguese…

Read more →

CloudGrappler is an innovative open-source tool designed to detect the presence of notorious threat actors in cloud environments. This tool is a beacon of hope for security teams struggling to keep pace with the sophisticated tactics of groups like LUCR-3,…

Read more →

Cybersecurity experts have identified a new tool being promoted in the internet’s darker corners. Dubbed the “FUD APK Crypter,” this software claims to offer the ability to encrypt and obfuscate payloads created by Android Remote Administration Tools (RATs), making them…

Read more →

Threat actors use pentesting tools to identify vulnerabilities and weaknesses in target systems or networks. These tools provide a simulated environment for testing potential attack vectors that allow threat actors to exploit security gaps and gain unauthorized access.  By using…

Read more →

Several French government websites faced disruptions due to a severe Distributed Denial of Service (DDoS) attack, marking a concerning escalation in cyber threats against state infrastructure. The attack commenced in the early hours of Sunday, rapidly escalating in intensity. Cloudflare’s…

Read more →

The Italian Data Protection Authority (DPA) has initiated a thorough investigation into OpenAI, the American tech giant, following its recent announcement of a cutting-edge AI model named ‘Sora.’ This new model can generate dynamic, realistic, and imaginative scenes from simple…

Read more →

Over 200,000 websites have been left vulnerable to Cross-Site Scripting (XSS) attacks due to a flaw in the Ultimate Member plugin for WordPress. This vulnerability, discovered by a researcher known as stealthcopter, underscores the ongoing risks in the digital ecosystem…

Read more →

Cybercriminals usually use free apps to take advantage of the large number of people who use them freely.  The broader user base serves as a larger attack surface that ensures the effective distribution of malware.  In addition, this could happen…

Read more →

Recent developments within the cybersecurity landscape have included the emergence of KrustyLoader, a sophisticated Rust-based backdoor that has caught the attention of multiple industry experts. This malware, which boasts Windows and Linux variants, has been implicated in a series of…

Read more →

BianLian attackers exploited a TeamCity vulnerability (CVE-2024-27198 or CVE-2023-42793) to gain initial access and move laterally within the network.  They deployed a PowerShell backdoor disguised as legitimate tools that use two-layer obfuscation with encryption and string substitution to communicate with…

Read more →

BianLian attackers exploited a TeamCity vulnerability (CVE-2024-27198 or CVE-2023-42793) to gain initial access and move laterally within the network.  They deployed a PowerShell backdoor disguised as legitimate tools that use two-layer obfuscation with encryption and string substitution to communicate with…

Read more →

A recent surge in attacks from a new malware campaign exploits a known vulnerability in the WordPress plugin Popup Builder, infecting over 3,300 websites with XSS attacks. A recent Balada Injector campaign discovered in January exploited a cross-site scripting (XSS) vulnerability tracked…

Read more →

Threat actors target a niche group of internet users, security researchers, penetration testers, and even cybercriminals. The weapon of choice is malicious software known as CyberGate Remote Access Trojan (RAT), which has been lurking in the cyber realm for several…

Read more →

Threat actors target a niche group of internet users, security researchers, penetration testers, and even cybercriminals. The weapon of choice is malicious software known as CyberGate Remote Access Trojan (RAT), which has been lurking in the cyber realm for several…

Read more →

QNAP has disclosed a series of vulnerabilities within its operating systems and applications that could potentially allow attackers to compromise system security and execute malicious commands. These vulnerabilities, identified as CVE-2024-21899, CVE-2024-21900, and CVE-2024-21901, pose significant risks to users of…

Read more →

A Proof of Concept (PoC) exploit has been released for a vulnerability in the OpenEdge Authentication Gateway and AdminServer. This vulnerability, CVE-2024-1403, affects multiple versions of the OpenEdge platform and could potentially allow unauthorized access to sensitive systems. Understanding the…

Read more →