The Datadog Security Research team has uncovered the Mimo threat actor also known as Mimo’lette or Hezb expanding its operations from Craft CMS to Magento CMS. Previously documented for deploying cryptominers via public-facing vulnerabilities, Mimo now exploits undetermined PHP-FPM flaws…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Cyberattack on Germany’s AMEOS Hospital Network Exposes Patient Data
Germany’s AMEOS Hospital Network has confirmed a sophisticated cyberattack that compromised its IT infrastructure, leading to unauthorized access and potential exposure of sensitive data. Despite robust defenses including multi-factor authentication, intrusion detection systems, and regular vulnerability assessments, attackers managed to…
Silicon Valley Engineer Pleads Guilty in U.S. Missile Detection Data Theft Case
A Silicon Valley engineer with dual U.S.-China citizenship pleaded guilty to stealing critical defense technologies worth hundreds of millions of dollars, including classified systems designed to detect nuclear missile launches and track hypersonic weapons. The case highlights growing concerns about…
Malicious LNK File Posing as Credit Card Security Email Steals User Data
Threat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named “card_detail_20250610.html.lnk,” cleverly disguises itself as a legitimate HTML document from a financial institution, exploiting…
US Nuclear Weapons Data Compromised via SharePoint Zero-Day Attack
A significant cybersecurity breach has exposed vulnerabilities in critical US government infrastructure, as the National Nuclear Security Administration (NNSA) was reportedly compromised through a Microsoft SharePoint zero-day exploit linked to Chinese government-affiliated hacking groups. Chinese Hackers Target Critical Infrastructure The…
Lumma Stealer Masquerades as Pirated Apps to Steal Logins and Data
Lumma Stealer, a notorious information-stealing malware-as-a-service (MaaS) platform, has swiftly reemerged after a coordinated global law enforcement operation in May 2025. The U.S. Department of Justice, alongside international partners, seized approximately 2,300 malicious domains integral to Lumma’s command-and-control (C&C) infrastructure,…
Windows 11 Introduces Powerful New AI Features – What’s New!
Microsoft today unveiled a sweeping set of artificial intelligence enhancements for Windows 11, marking the most ambitious infusion of AI tools into its flagship operating system to date. Building on recent findings that nearly 60 percent of PC users have…
New ZuRu Malware Variant Targets macOS via Termius SSH Exploit
A sophisticated new variant of the macOS.ZuRu malware, originally identified in 2021, has resurfaced, employing a trojanized version of the Termius SSH client to deploy a modified Khepri command-and-control (C2) beacon. This iteration, detected in late May 2025, demonstrates advanced…
Synology BeeDrive for Desktop on Windows Vulnerabilities Let Hackers Run Malicious Code
Synology has issued an urgent security advisory addressing critical vulnerabilities in its BeeDrive desktop application for Windows that could allow attackers to execute malicious code and delete arbitrary files. The company disclosed three separate Common Vulnerabilities and Exposures (CVE) identifiers…
Critical JavaScript Library Vulnerability Exposes Apps to Remote Attacks
A critical security vulnerability has been discovered in the widely-used form-data JavaScript package, potentially exposing thousands of applications to remote attacks through predictable boundary value generation. The vulnerability, designated as CVE-2025-7783, was published five days ago by Jordan Harband (ljharb), a prominent…
Brave Browser Block Microsoft Recall Over Privacy Issues
Brave Software today announced that, beginning with version 1.81 for Windows 11 and newer, the Brave browser will automatically disable Microsoft’s Recall feature by default. Recall, introduced by Microsoft in May 2024 as a Copilot PC utility that periodically captures full-screen snapshots of user activity, faced immediate criticism for its potential to expose sensitive browsing habits through an unencrypted,…
Coyote Malware Targets WILS, Abusing Microsoft UI Automation to Exfiltrate Logins
Akamai security researchers have uncovered a novel variant of the Coyote banking trojan that marks the inaugural documented instance of malicious actors exploiting Microsoft’s UI Automation (UIA) framework in real-world attacks. Initially detailed in a December 2024 Akamai blog post…
CISA Alerts on Chinese Hackers Actively Exploiting SharePoint 0-Day
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of critical SharePoint vulnerabilities by threat actors, with security researchers attributing the attacks to Chinese hackers. The agency warns that malicious actors are leveraging a…
Ransomware Groups Weaponize RMM Tools to Infiltrate Networks and Exfiltrate Data
Ransomware gangs have increasingly co-opted Remote Monitoring and Management (RMM) tools originally designed for IT operations to orchestrate sophisticated network intrusions, persistence, lateral movement, and data exfiltration. Investigations conducted in the second half of 2024 and the first quarter of…
Researchers Expose Russia’s Most Secretive FSB Spy Network
Researchers have pierced the veil of secrecy surrounding the Federal Security Service’s (FSB) 16th Center, a unit inheriting the Soviet KGB’s primary signals intelligence (SIGINT) capabilities. By leveraging open-source intelligence (OSINT) techniques combined with phaleristics the study of military medals…
Windows 11 Introduces Black Screen of Death and Auto Recovery
Microsoft has unveiled significant updates to Windows 11’s system recovery capabilities, introducing a redesigned “Black Screen of Death” interface alongside new automated recovery features designed to minimize downtime and improve user experience during system failures. These enhancements represent a major…
Chrome High-Severity Vulnerabilities Allow Hackers to Gain Full Control
Google has released an urgent security update for Chrome, addressing critical vulnerabilities that could potentially allow attackers to gain complete control over users’ systems. The stable channel has been updated to version 138.0.7204.168 for Windows and Mac, and 138.0.7204.168 for…
Kali Linux Introduces Two New Tools for Raspberry Pi to Boost Wi-Fi Performance
Kali Linux maintainers have unveiled two new packages designed to unleash the full potential of the Raspberry Pi’s onboard wireless chipset, enabling native monitor-mode and packet-injection capabilities without the need for external adapters. Arriving as part of the recent Kali…
Mozilla Launches Firefox 141 With Critical Security Fixes – Update Immediately
Mozilla has today released Firefox 141, addressing a broad spectrum of security vulnerabilities that range from high-impact memory safety bugs to moderate issues in URL handling and sandboxing. The new release, announced on July 22, 2025, under Mozilla Foundation Security…
CISA Alerts on Active Exploitation of Microsoft SharePoint Code Injection and Authentication Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent alerts regarding the active exploitation of two critical Microsoft SharePoint vulnerabilities, with organizations facing a same-day deadline to implement protective measures. The alert, released yesterday, July 22, 2025, targets vulnerabilities…