Microsoft has fortified its Exchange Server and SharePoint Server security by integrating advanced Antimalware Scan Interface (AMSI) capabilities. This measure, aimed at countering sophisticated attack vectors, represents a crucial step to safeguard on-premises infrastructure that serves as the backbone of…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Calix Devices Vulnerable to Pre-Auth RCE on Port 6998, Root Access Possible
A severe security flaw enabling unauthenticated remote code execution (RCE) with root privileges has been uncovered in select Calix networking devices, raising alarms for organizations using legacy hardware. The vulnerability resides in TCP port 6998 and impacts end-of-life (EOL) devices…
Chinese eCrime Group Targets Users in 120+ Countries to Steal Banking Credentials
Smishing Triad, a Chinese eCrime group, has launched an extensive operation targeting users across more than 121 countries. This campaign, primarily focused on stealing banking credentials, has evolved to include diverse industries, from postal and logistics to finance and retail…
AMD CPU Signature Verification Vulnerability Enables Unauthorized Microcode Execution
A vulnerability in AMD CPUs has been uncovered, enabling attackers with administrative privileges to bypass microcode signature verification and execute malicious code. Designated as CVE-2024-36347 (CVSS score: 6.4, Medium), the flaw impacts multiple generations of AMD EPYC™ server processors and select consumer…
Ivanti 0-Day RCE Flaw Exploitation Details Revealed
A critical unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-22457, has been disclosed by Ivanti, sparking concerns across the cybersecurity industry. The flaw, which affects several Ivanti products, allows attackers to execute arbitrary code remotely, potentially compromising sensitive enterprise environments. Researchers, including the Rapid7…
Researchers Exploit Windows Defender with XOR and System Calls
A recent cybersecurity revelation has demonstrated how researchers successfully bypassed Windows Defender antivirus mechanisms using advanced techniques involving XOR encryption and direct system calls. This breakthrough has sparked discussions about the effectiveness of traditional antivirus measures against increasingly sophisticated attack…
Jenkins Docker Vulnerability Allows Hackers to Hijack Network Traffic
A newly disclosed vulnerability affecting Jenkins Docker images has raised serious concerns about network security. The vulnerability, stemming from the reuse of SSH host keys, could allow attackers to impersonate Jenkins build agents and hijack sensitive network traffic. Vulnerability Details…
Microsoft Issues Urgent Patch to Fix Office Update Crash
Microsoft has released an urgent patch for Office 2016 to address a critical issue causing key applications like Word, Excel, and Outlook to crash unexpectedly. The new update, KB5002623, was issued on April 10, 2025, following widespread reports of performance…
Shuckworm Group Leverages GammaSteel Malware in Targeted PowerShell Attacks
The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been observed targeting a Western country’s military mission located within Ukraine, employing an updated, PowerShell-based version of its GammaSteel infostealer malware. This campaign, which began in…
ViperSoftX Malware Spreads Through Cracked Software, Targeting Unsuspecting Users
AhnLab Security Intelligence Center (ASEC) has unearthed a complex cyber campaign in which attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware to unsuspecting Korean users. This operation has employed cracked software and torrents as vectors for spreading…
RansomHub RaaS in Disarray After Affiliate Chat Access Suddenly Revoked
RansomHub, a leading Ransomware-as-a-Service (RaaS) group that emerged in early 2024, has found itself grappling with internal turmoil. The instability came to light on April 1st, 2025, when several of its client chat portals, critical for ransomware negotiations, went offline,…
A Seven‑Year‑Old Cisco Flaw Now Lets Hackers Execute Code Remotely on Network Gear
A Cisco’s Smart Install protocol (CVE-2018-0171), first patched in 2018, remains a pervasive threat to global network infrastructure due to widespread misconfigurations and exploitation by state-sponsored threat actors. The flaw allows unauthenticated attackers to execute arbitrary code on Cisco switches…
GOFFEE Deploys PowerModul in Coordinated Strikes on Government and Energy Networks
The threat actor known as GOFFEE has launched a series of targeted attacks against critical sectors within the Russian Federation, utilizing advanced malware and phishing techniques. The group’s latest campaign involves the deployment of PowerModul, a PowerShell-based implant, to escalate…
Rogue Account‑Creation Flaw Leaves 100 K WordPress Sites Exposed
A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave over 100,000 websites at risk. The issue, discovered by security researcher mikemyers, allows attackers to create rogue administrative users on sites where the plugin is not…
The State of AI Malware and Defenses Against It
AI has recently been added to the list of things that keep cybersecurity leaders awake. The increasing popularity of and easy access to large language models (LLMs), such as ChatGPT, DeepSeek, and Gemini, have enabled threat actors to scale and…
Malicious ‘mParivahan’ App Circulates on WhatsApp, Skimming Sensitive Mobile Data
A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing…
SonicWall Patches Multiple Vulnerabilities in NetExtender Windows Client
SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client. These vulnerabilities, identified via several Common Vulnerabilities and Exposures (CVEs), could allow malicious actors to exploit privilege management flaws, trigger local privilege escalation, or manipulate…
Dell Alerts Users to Critical PowerScale OneFS Flaws Enabling Account Takeover
Dell Technologies has issued an urgent security advisory to its users, warning of several critical vulnerabilities in its PowerScale OneFS operating system. These flaws, if exploited, could allow attackers to take over high-privileged user accounts, bypass authorization controls, and disrupt…
Langflow AI Builder Vulnerability Allows Remote Server Takeover by Attackers
A critical security vulnerability has been discovered in the Langflow AI Builder, a popular tool for creating agentic AI workflows. The flaw, tracked as CVE-2025-3248, enables unauthenticated remote attackers to compromise servers running Langflow, potentially leading to full server control. Security…
Cable: Powerful Post-Exploitation Toolkit for Active Directory Attacks
Cybersecurity researchers are raising alarms about Cable, a potent open-source post-exploitation toolkit designed to exploit Active Directory (AD) vulnerabilities. With 298 GitHub stars and 33 forks since its release, this .NET-based tool is rapidly gaining traction among threat actors for its…