A recent cybersecurity incident has highlighted the sophisticated methods used by hackers to target web applications, particularly in South Korea. The attackers leveraged a combination of tools, including Cobalt Strike, SQLMap, dirsearch, and Web-SurvivalScan, to exploit vulnerabilities and gain unauthorized…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Severe AMI BMC Vulnerability Enables Remote Authentication Bypass by Attackers
A critical vulnerability has been discovered in AMI’s MegaRAC software, which is used in Baseboard Management Controllers (BMCs) across various server hardware. This vulnerability, identified as CVE-2024-54085, allows attackers to bypass authentication remotely, posing a significant risk to cloud infrastructure…
11 State-Sponsored Threat Actors Exploit 8-Year-Old Windows Shortcut Flaw
Cybersecurity researchers have discovered that multiple state-sponsored threat actors have been exploiting an eight-year-old vulnerability in Windows shortcut files. This security flaw, identified as ZDI-CAN-25373, allows malicious actors to embed hidden commands within .lnk files, which can execute when opened,…
MirrorFace Hackers Modify AsyncRAT Execution for Stealthy Deployment in Windows Sandbox
In a significant development, the China-aligned advanced persistent threat (APT) group known as MirrorFace has been observed employing sophisticated tactics to enhance the stealthiness of its attacks. Recently, MirrorFace modified the execution of AsyncRAT, a publicly available remote access trojan…
CISA Warns of Supply-Chain Attack Exploiting GitHub Action Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical supply-chain attack affecting a widely used third-party GitHub Action: tj-actions/changed-files. This action, exploited under CVE-2025-30066, is designed to identify changes in files during pull requests or…
Advanced Cyber Attack Exploits Booking Websites to Deploy LummaStealer Malware
A sophisticated cyberattack has been uncovered, targeting booking websites to spread the LummaStealer malware. This campaign leverages fake CAPTCHA prompts and social engineering techniques to deceive users into executing malicious commands on their systems. LummaStealer, an info-stealer malware operating under…
Critical Synology Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A critical vulnerability affecting Synology’s DiskStation Manager (DSM) has been disclosed, allowing remote attackers to execute arbitrary code on vulnerable systems. This severe issue, identified as CVE-2024-10441, has been reported in multiple DSM versions, including DSM 6.2, 7.1, 7.2, and…
Windows File Explorer Vulnerability Enables Network Spoofing Attacks: PoC Released
A critical vulnerability in Windows File Explorer has been discovered, allowing attackers to capture NTLM hashes and potentially exploit them for network spoofing attacks. The vulnerability, identified as CVE-2025-24071, involves the automatic processing of specially crafted .library-ms files within compressed archives like…
CISA Issues Security Warning on Fortinet FortiOS Authentication Bypass Exploit
The Cybersecurity and Infrastructure Security Agency (CISA) issued a critical security warning regarding a severe vulnerability in Fortinet’s FortiOS and FortiProxy systems. Specifically, CVE-2025-24472, an authentication bypass vulnerability, poses a significant threat as it allows remote attackers to gain super-admin…
New ClearFake Variant Uses Fake reCAPTCHA to Deploy Malicious PowerShell Code
A recent variant of the ClearFake malware framework has been identified, leveraging fake reCAPTCHA and Cloudflare Turnstile verifications to deceive users into executing malicious PowerShell code. This evolution marks a significant shift in how ClearFake exploits Web3 capabilities to deliver…
MirrorGuard: Adaptive Defense Mechanism Against Jailbreak Attacks for Secure Deployments
A novel defense strategy, MirrorGuard, has been proposed to enhance the security of large language models (LLMs) against jailbreak attacks. This approach introduces a dynamic and adaptive method to detect and mitigate malicious inputs by leveraging the concept of “mirrors.”…
Electromagnetic Side-Channel Analysis of Cryptographically Secured Devices
Electromagnetic (EM) side-channel analysis has emerged as a significant threat to cryptographically secured devices, particularly in the era of the Internet of Things (IoT). These attacks exploit information leakages through physical parameters such as EM radiation, which is emitted by…
Fake Coinbase Migration Messages Target Users to Steal Wallet Credentials
A sophisticated phishing campaign is currently targeting cryptocurrency investors with fraudulent emails claiming to be from Coinbase. The scam attempts to trick users into transferring their funds to wallets controlled by attackers through a deceptive “mandatory wallet migration” scheme. How…
Hackers Exploit Hard Disk Image Files to Deploy VenomRAT
In a recent cybersecurity threat, hackers have been using virtual hard disk image files (.vhd) to distribute the VenomRAT malware, exploiting a novel technique to bypass security measures. This campaign begins with a phishing email that uses a purchase order…
New BitM Attack Enables Hackers to Hijack User Sessions in Seconds
A recent threat intelligence report highlights the emergence of a sophisticated cyberattack technique known as Browser-in-the-Middle (BitM), which allows hackers to hijack user sessions across various web applications in a matter of seconds. This method exploits the inherent functionalities of…
Microsoft Warns of StilachiRAT Stealing Remote Desktop Protocol Session Data
Microsoft has recently issued a warning about a novel remote access trojan (RAT) known as StilachiRAT, which poses significant threats to system security by stealing sensitive data, including credentials and cryptocurrency information. This sophisticated malware was discovered by Microsoft Incident…
DocSwap Malware Masquerades as Security Document Viewer to Attack Android Users Worldwide
The cybersecurity landscape has witnessed a new threat with the emergence of the DocSwap malware, which disguises itself as a “Document Viewing Authentication App” to deceive users into installing it on their Android devices. This sophisticated malware is suspected to…
Squid Werewolf Mimics Recruiters to Target Job Seekers and Steal Personal Data
In a sophisticated phishing campaign uncovered by the BI.ZONE Threat Intelligence team, the Squid Werewolf group, also known as APT37, has been impersonating recruiters to target key employees in various organizations. This espionage cluster uses fake job opportunities to lure…
Hackers Use DLL Side-Loading to Deploy Malicious Python Code
A recent discovery by Xavier Mertens, a senior handler at the Internet Storm Center, has highlighted a sophisticated attack where hackers utilize DLL side-loading to deploy malicious Python code. This technique involves tricking an application into loading a malicious DLL…
Bybit Hack: Details of Sophisticated Multi-Stage Attack Uncovered
The Bybit hack, which occurred on February 21, 2025, has been extensively analyzed by multiple cybersecurity teams, including Sygnia. This attack exposed significant security vulnerabilities across various domains, including macOS malware, AWS cloud compromise, application security, and smart contract security.…