Security researchers have uncovered a critical vulnerability (CVE-2025-3155) in Ubuntu’s default help browser Yelp that could expose sensitive system files including SSH private keys. The flaw impacts Ubuntu desktop installations and stems from improper handling of XML content in GNOME’s…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Everest Ransomware Gang’s Leak Site Hacked and Defaced
TechCrunch has uncovered a concerning development in consumer-grade spyware: a stealthy Android monitoring app that employs password-protected uninstallation to prevent removal. This app, which abuses built-in Android features like overlay permissions and device admin access, exemplifies the escalating technical sophistication…
Threat Actors Exploit Toll Payment Services in Widespread Hacking Campaign
In a sophisticated cybercrime operation, the Smishing Triad, a China-based group, has been identified as the orchestrator behind a surge in smishing campaigns targeting consumers in the US and UK. These campaigns exploit toll payment services like FasTrak, E-ZPass, and…
Auto-Color Linux Backdoor: TTPs and Internal Architecture Exposed
A newly identified Linux backdoor named “Auto-Color,” first observed between November and December 2024, has been targeting government organizations and universities across North America and Asia. This malware, initially disguised as a benign color-enhancement tool, employs sophisticated tactics, techniques, and…
Threat Actors Use VPS Hosting Providers to Deliver Malware and Evade Detection
Cybercriminals are intensifying phishing campaigns to spread the Grandoreiro banking trojan, targeting users primarily in Mexico, Argentina, and Spain. A detailed analysis by Forcepoint X-Labs reveals the sophisticated techniques employed by these attackers to evade detection and deliver malware. Phishing…
ToddyCat Attackers Exploited ESET Command Line Scanner Vulnerability to Conceal Their Tool
In a sophisticated cyberattack, the notorious ToddyCat APT group utilized a previously unknown vulnerability in ESET’s Command Line Scanner (ecls) to mask their malicious activities. The attack came to light when researchers detected a suspicious file named version.dll in the…
Threat Actors Exploit Fake CAPTCHAs and Cloudflare Turnstile to Distribute LegionLoader
In a sophisticated attack targeting individuals searching for PDF documents online, cybercriminals are using deceptive CAPTCHA mechanisms combined with Cloudflare’s Turnstile to distribute the LegionLoader malware. According to Netskope Threat Labs, this campaign, which started in February 2025, has affected…
Threat Actors Use Windows Screensaver Files as Malware Delivery Method
Cybersecurity experts at Symantec have uncovered a sophisticated phishing campaign targeting various sectors across multiple countries, leveraging the Windows screensaver file format (.scr) as a vector for malware distribution. This method, while seemingly innocuous, allows attackers to execute malicious code…
AI Surpasses Elite Red Teams in Crafting Effective Spear Phishing Attacks
In a groundbreaking development in the field of cybersecurity, AI has reached a pivotal moment, surpassing elite human red teams in the creation of effective spear phishing attacks. According to research conducted by Hoxhunt, AI agents have demonstrated a 24%…
HellCat, Rey, and Grep Groups Dispute Claims in Orange and HighWire Press Cases
SuspectFile.com has uncovered a complex web of overlapping claims and accusations within the cybercrime underworld, highlighting a case involving the ransomware groups HellCat, Rey, and grep, along with the controversial group Babuk2. The investigation delves into two significant cyberattacks: one…
EDR & Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections – SpyCloud Research
Deep visibility into malware-siphoned data can help close gaps in traditional defenses before they evolve into major cyber threats like ransomware and account takeover SpyCloud, the leading identity threat protection company, today released new analysis of its recaptured darknet data…
20-Year-Old Scattered Spider Hacker Pleads Guilty in Major Ransomware Case
A 20-year-old Noah Urban, a resident of Palm Coast, Florida, pleaded guilty to a series of federal charges in a Jacksonville courtroom. Urban, linked to the infamous Scattered Spider hacking group, admitted to charges of conspiracy, wire fraud, and aggravated…
NEPTUNE RAT Targets Windows Users, Steals Passwords from 270+ Applications
A recent cyber threat named Neptune RAT has emerged as a rising concern for Windows users, targeting sensitive data and exhibiting advanced malicious capabilities. CYFIRMA researchers have identified the latest version of this Remote Access Trojan (RAT), revealing alarming details…
MediaTek Releases Security Patch to Fix Vulnerabilities in Mobile and IoT Devices
MediaTek, a prominent semiconductor company specializing in mobile, IoT, and multimedia chipsets, has announced the release of critical software patches to address multiple security vulnerabilities uncovered in its products. These vulnerabilities have the potential to compromise devices running MediaTek-powered chipsets,…
Malicious Python Packages Target Popular Cryptocurrency Library to Steal Sensitive Data
In a recent development, the ReversingLabs research team has uncovered a sophisticated software supply chain attack targeting developers of cryptocurrency applications. The attack involved the creation of two malicious Python packages, bitcoinlibdbfix and bitcoinlib-dev, which were uploaded to the Python…
50,000+ WordPress Sites Vulnerable to Privilege Escalation Attacks
In a recent cybersecurity development, over 50,000 WordPress websites using the Uncanny Automator plugin have been identified as vulnerable to a critical privilege escalation attack. This vulnerability, discovered by security researcher mikemyers through the Wordfence Bug Bounty Program, allows authenticated…
Lazarus Adds New Malicious npm Using Hexadecimal String Encoding to Evade Detection Systems
North Korean state-sponsored threat actors associated with the Lazarus Group have intensified their Contagious Interview campaign by deploying novel malicious npm packages leveraging hexadecimal string encoding to bypass detection mechanisms. These packages deliver BeaverTail infostealers and remote access trojan (RAT)…
Python JSON Logger Vulnerability Enables Remote Code Execution – PoC Released
A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in the Python JSON Logger package, affecting versions between 3.2.0 and 3.2.1. This vulnerability arises from a missing dependency, “msgspec-python313-pre,” which could be exploited by malicious actors…
Critical pgAdmin Flaw Allows Remote Code Execution
A severe Remote Code Execution (RCE) vulnerability in pgAdmin (CVE-2025-2945), the popular PostgreSQL database management tool, has been patched after researchers discovered attackers could hijack servers through malicious API requests. The flaw affects pgAdmin versions ≤9.1 and allows authenticated users…
Dell PowerProtect Flaw Allows Remote Attackers to Execute Arbitrary Commands
Dell Technologies has released a security update addressing a critical vulnerability (CVE-2025-29987) in its PowerProtect Data Domain Operating System (DD OS). The vulnerability allows authenticated attackers to execute arbitrary commands with root privileges, posing a high security risk. Users are…