Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Exploit AutoIT Scripts to Deploy Malware Targeting Windows Systems
Cybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known for its deep integration with Windows operating systems. Often compared to .NET for its persistence in malicious campaigns, AutoIT’s simplicity and ability to interact with Windows…
New Report Finds 67% of Organizations Experienced Cyber Attacks in the Last Year
A disturbing 67% of businesses in eight worldwide markets—the US, UK, Spain, the Netherlands, Germany, France, Belgium, and Ireland—reported having experienced cyberattacks in the previous 12 months, according to the 2024 Hiscox Cyber Readiness Report. This marks the fourth consecutive…
Volkswagen Car Hack Exposes Owner’s Personal Data and Service Records
Tech-savvy Volkswagen owner has uncovered critical security flaws in the My Volkswagen app that potentially exposed sensitive personal data and vehicle information of thousands of customers. The vulnerabilities, which have since been patched, allowed anyone with access to a vehicle’s…
Investigating Cobalt Strike Beacons Using Shodan: A Researcher’s Guide
Security researcher has revealed a robust method for gathering threat intelligence on Cobalt Strike beacons using Shodan and PowerShell, filling the gap left by the popular @cobaltstrikebot Twitter account that went offline in June 2023. The technique allows security professionals…
Hacker Arrested for Taking Over SEC Social Media to Spread False Bitcoin News
Alabama man has been sentenced to 14 months in prison for orchestrating a sophisticated SIM swap attack that allowed him to hijack the U.S. Securities and Exchange Commission’s (SEC) social media account on X, formerly known as Twitter. The unauthorized…
Active Exploitation of Ivanti EPMM Zero-Day Vulnerability in the Wild
Security researchers at The Shadowserver Foundation have identified active exploitation attempts targeting a critical zero-day vulnerability in Ivanti’s Enterprise Mobility Management (EPMM) platform. The vulnerability, tracked as CVE-2025-4427, can be chained with CVE-2025-4428 to achieve remote code execution (RCE), posing…
Auth0-PHP Vulnerability Enables Unauthorized Access for Attackers
Critical security vulnerability has been discovered in the Auth0-PHP SDK that could potentially allow unauthorized access to applications through brute force attacks on session cookie authentication tags. The vulnerability specifically affects versions 8.0.0-BETA1 and newer of the SDK when configured…
Skitnet Malware Employs Stealth Techniques to Execute Payload and Maintain Persistence Techniques
A new and highly sophisticated multi-stage malware, known as Skitnet (or Bossnet), has been uncovered, showcasing advanced stealth techniques to execute its malicious payload and maintain persistent access on infected systems. Developed by the threat group LARVA-306, Skitnet has been…
Google Reveals Hackers Targeting US Following UK Retailer Attacks
The Google Threat Intelligence Group (GTIG) recently revealed that the well-known hacker collective UNC3944, which also overlaps with the widely publicized Scattered Spider, is a persistent and dynamic cyberthreat. Initially focused on telecommunications for SIM swap operations, UNC3944 has since…
New ModiLoader Malware Campaign Targets Windows PCs, Harvesting User Credentials
AhnLab Security Intelligence Center (ASEC) has recently uncovered a malicious campaign distributing ModiLoader (also known as DBatLoader) malware through phishing emails. These emails, crafted in Turkish and impersonating a Turkish bank, urge recipients to open a malicious attachment under the…
Confluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code Execution
Threat actors exploited a known vulnerability, CVE-2023-22527, a template injection flaw in Atlassian Confluence servers exposed to the internet. This exploit facilitated remote code execution (RCE), enabling attackers to gain initial access and establish a foothold within targeted networks. The…
Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems
A reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on May 13, 2025, to disseminate the sneaky Bumblebee loader virus, serving as a sobering reminder of the vulnerabilities present in software supply chains. This incident, detected…
CISA to Stop Publishing Cybersecurity Alerts and Advisories on Webpages
Cybersecurity and Infrastructure Security Agency (CISA) has announced significant changes to how it communicates cybersecurity updates and guidance to stakeholders. In a recent announcement, CISA revealed plans to shift away from listing advisories on its webpage to focus on more…
Critical Firefox 0-Day Flaws Allow Remote Code Execution
Mozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers to execute malicious code on user systems. The flaws, tracked as CVE-2025-4918 and CVE-2025-4919, were disclosed on May 17,…
Health Care Data Breach Costs BreachForums Admin $700,000 Fine
Conor Brian Fitzpatrick, the 22-year-old former administrator of cybercrime forum Breachforums, will forfeit approximately $700,000 to settle a civil lawsuit stemming from a healthcare data breach. The settlement marks a rare instance where a cybercriminal’s assets will directly compensate victims…
Pwn2Own Day 3: Zero-Day Exploits Windows 11, VMware ESXi, and Firefox
The Pwn2Own Berlin 2025 last day ended with impressive technological accomplishments, bringing the total prize money over one million dollars. Security researchers demonstrated sophisticated exploitation techniques against high-profile targets including Windows 11, VMware ESXi, and Mozilla Firefox, revealing critical zero-day…
Exploiting dMSA for Advanced Active Directory Persistence
Security researchers have identified new methods for achieving persistence in Active Directory environments by exploiting Delegated Managed Service Accounts (dMSAs), a new security feature introduced in Windows Server 2025. Despite being designed to enhance security through automated credential management, dMSAs…
GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems
Security researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially affecting millions of Linux systems worldwide. The flaw, identified as CVE-2025-4802, involves statically linked setuid binaries that incorrectly search library paths, potentially allowing attackers to execute…
VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2
Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms and earning $435,000 in bounties. The competition, now in its second day at the OffensiveCon conference in Berlin, has awarded…