In today’s digital era, businesses are increasingly adopting cloud computing to store data, run applications, and manage infrastructure. However, as organizations shift to the cloud, they face new security challenges such as cyber threats, data breaches, and compliance risks. This…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Chinese Hackers Exploit Ivanti Connect Secure Flaw to Gain Unauthorized Access
In a sophisticated cyber-espionage operation, a group known as UNC5221, suspected to have China-nexus, has exploited a critical vulnerability in Ivanti Connect Secure VPN appliances. The exploit, identified as CVE-2025-22457, represents a stack-based buffer overflow affecting multiple Ivanti products, including…
Microsoft Warns of Ransomware Gangs Exploit Cloud Environments with New Techniques
In a comprehensive analysis of the ransomware landscape in the first quarter of 2025, Microsoft Threat Intelligence has highlighted significant shifts in tactics by threat actors, marking a strategic evolution in their operations. The analysis reveals a growing trend where…
Gorilla Android Malware Intercepts SMS to Steal One-Time Passwords
In a concerning development within the Android ecosystem, a new malware variant known as “Gorilla” has been identified, primarily targeting financial and personal information through SMS interception. Written in Kotlin, Gorilla appears to be in its developmental infancy, yet it…
SheByte PaaS Launches $199 Subscription Service for Cybercriminals
The landscape of cyber threats targeting Canadian financial institutions saw significant shifts after LabHost, a prominent phishing-as-a-service (PhaaS) platform, was shut down. LabHost, known for its extensive Interac-branded phishing kits, was responsible for around three-fourths of such phishing attempts. Its…
New Android SuperCard X Malware Uses NFC-Relay Technique for POS & ATM Transactions
A new malware strain known as SuperCard X has emerged, utilizing an innovative Near-Field Communication (NFC)-relay attack to execute unauthorized transactions at Point-of-Sale (POS) systems and Automated Teller Machines (ATMs). Detailed in a recent report by the Cleafy Threat Intelligence…
How To Hunt Web And Network-Based Threats From Packet Capture To Payload
Modern cyberattacks increasingly exploit network protocols and web applications to bypass traditional security controls. To counter these threats, security teams must adopt advanced techniques for analyzing raw network traffic, from packet-level metadata to payload content. This article provides a technical…
How SMBs Can Improve SOC Maturity With Limited Resources
Small and Medium-sized Businesses (SMBs) have become prime targets for cybercriminals, being three times more likely to be targeted by phishing attacks than larger organizations. These attacks often serve as entry points for ransomware infections that can devastate operations. As…
How Security Analysts Detect and Prevent DNS Tunneling Attack In Enterprise Networks
DNS tunneling represents one of the most sophisticated attack vectors targeting enterprise networks today, leveraging the trusted Domain Name System protocol to exfiltrate data and establish covert command and control channels. This technique exploits the fact that DNS traffic typically…
How To Detect Obfuscated Malware That Evades Static Analysis Tools
Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static analysis tools have become standard components of security defenses, malware authors have responded by developing increasingly sophisticated obfuscation techniques that can bypass these conventional detection methods.…
U.S DOGE Allegedly Breached – Whistleblower Leaked Most Sensitive Documents
A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a major cybersecurity breach at the National Labor Relations Board (NLRB), involving unauthorized data extraction, disabled security protocols, and attempted logins from a Russian IP address. The…
How to Conduct a Cloud Security Assessment
Cloud adoption has transformed organizations’ operations but introduces complex security challenges that demand proactive leadership and a thorough Cloud Security Assessment. A cloud security assessment systematically evaluates your cloud infrastructure to identify vulnerabilities, enforce compliance, and safeguard critical assets. For…
Building a Security First Culture – Advice from Industry CISOs
In today’s threat landscape, cybersecurity is no longer confined to firewalls and encryption it’s a cultural imperative. Chief Information Security Officers (CISOs) play a pivotal role in transforming organizations into security-first environments where every employee, from interns to executives, actively…
Critical AnythingLLM Vulnerability Exposes Systems to Remote Code Execution
A critical security flaw (CVE-2024-13059) in the open-source AI framework AnythingLLM has raised alarms across cybersecurity communities. The vulnerability, discovered in February 2025, allows attackers with administrative privileges to execute malicious code remotely, potentially compromising entire systems. Detail Description CVE ID CVE-2024-13059…
State Sponsored Hackers now Widely Using ClickFix Attack Technique in Espionage Campaigns
The state-sponsored hackers from North Korea, Iran, and Russia have begunp deploying the ClickFix social engineering technique, traditionally associated with cybercriminal activities, into their espionage operations. This shift was first documented by Proofpoint researchers over a three-month period from late…
Microsoft Prevents Billions of Dollars in Fraud and Scams
Microsoft has reported significant strides in thwarting financial fraud across its ecosystem. From April 2024 to April 2025, the tech giant managed to prevent approximately $4 billion in fraudulent transactions, a testament to its robust anti-fraud measures and AI-driven defenses.…
Gain Legends International Suffers Security Breach – Customers Data Stolen
Gain Legends International, a prominent name in sports, entertainment, and venue management, has confirmed a significant cybersecurity breach that has compromised the personal information of an undisclosed number of customers and associates. The incident was first identified on November 9,…
XorDDoS Malware Upgrade Enables Creation of Advanced DDoS Botnets
Cisco Talos has uncovered significant advancements in the XorDDoS malware ecosystem, revealing a multi-layered infrastructure enabling sophisticated distributed denial-of-service (DDoS) attacks through a new “VIP version” of its controller and a centralized command system. Between November 2023 and February 2025,…
Researchers Uncover Stealthy Tactics and Techniques of StrelaStealer Malware
Cybersecurity experts have recently shed light on the sophisticated operations of StrelaStealer, also known by its alias Strela, revealing a suite of stealthy tactics employed in its information theft campaigns. This malware, spotlighted by IBM Security X-Force for its association…
PoC Released for Linux Kernel Vulnerability Allowing Privilege Escalation
A security vulnerability, tracked as CVE-2024-53141, has recently come to light in the Linux kernel’s ipset component. This flaw enables out-of-bounds (OOB) write on the kernel heap, which threat actors can exploit to execute arbitrary code with elevated privileges. Security researchers…