A series of misconfigured web servers have been uncovered, revealing a treasure trove of publicly accessible tools and tactics employed by malicious actors targeting critical infrastructure. These exposed open directories, discovered through Hunt’s advanced scanning capabilities, highlight a significant security…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Surge in XSS Cyberattacks Targets Popular Webmail Platforms, ESET Reports
A recent report from ESET has uncovered a sophisticated cyber espionage campaign by the Russia-aligned Sednit group, targeting high-value webmail platforms through cross-site scripting (XSS) attacks. Dubbed Operation RoundPress, this operation has compromised popular webmail services such as Roundcube, Horde,…
Microsoft Announces New Graph Powered Detection of Hybrid Attack Targeting Organizations
Microsoft has unveiled a groundbreaking advancement in cybersecurity with the integration of the Enterprise Exposure Graph into its threat detection and response capabilities. This cutting-edge solution, part of Microsoft Defender XDR and Microsoft Security Exposure Management (MSEM), is designed to…
Iranian Hacktivist Attacking Israeli Military, Government, and Infrastructure Targets
Over 35 different pro-Iranian hacktivist organizations launched a coordinated attack on Israeli military, government, and key infrastructure targets in a dramatic escalation of cyberwarfare. This surge in activity starkly contrasts with the limited response from just 4-5 identified pro-Israeli groups,…
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware
China’s National Cybersecurity Notification Center has issued an urgent warning about critical vulnerabilities in ComfyUI, a widely used image-generation framework for large AI models. These flaws, already under active exploitation by hacker groups, have compromised at least 695 servers worldwide,…
Cyberattack Disrupts Russian Dairy Supply Chain by Targeting Animal Certification System
In a Russia’s dairy supply chain, a suspected cyberattack has targeted the Mercury component of the national veterinary certification system, forcing it into emergency operation mode. This critical system, integral to the processing of veterinary accompanying documents, ensures the traceability…
Prometei Botnet Targets Linux Servers for Cryptocurrency Mining Operations
Unit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting Linux servers, as of March 2025. Initially discovered in July 2020 with a focus on Windows systems, Prometei has since…
Beware of Weaponized MSI Installer Masquerading as WhatsApp to Deliver XWorm RAT
A newly identified cyber threat linked to a China-based threat actor has emerged, targeting users across East and Southeast Asia with a trojanized MSI installer disguised as a legitimate WhatsApp setup file. This deceptive campaign delivers a customized version of…
Mocha Manakin Uses Paste-and-Run Technique to Deceive Users into Downloading Malware
A malicious campaign tracked as Mocha Manakin has been identified employing the deceptive “paste-and-run” technique to trick unsuspecting users into executing harmful scripts. First observed in August 2024 and actively monitored since January 2025 by security researchers at Red Canary,…
Threat Actors Manipulate Google Search Results to Display Scammer’s Phone Number Instead of Real Number
Threat actors are increasingly exploiting the trust users place in sponsored search results on platforms like Google to orchestrate sophisticated scams. These malicious entities craft deceptive advertisements that mimic legitimate websites, particularly targeting popular brands and tech support services. By…
Insomnia API Client Vulnerability Enables Arbitrary Code Execution via Template Injection
A severe security vulnerability in the Insomnia API Client, a widely used tool by developers and security testers for interacting with APIs, has been uncovered by researchers at an offensive security consultancy. Discovered by Technical Director Marcio Almeida and Head…
Threat Actors Exploit Vercel Hosting Platform to Distribute Remote Access Malware
CyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform, to distribute a malicious variant of LogMeIn, a legitimate remote access tool. Over the past two months, threat actors have orchestrated at least 28 distinct…
TxTag Phishing Campaign Exploits .gov Domain to Deceive Employees
A new and alarming phishing campaign has surfaced, leveraging the credibility of a .gov domain to deceive employees into believing they owe unpaid tolls. Identified by the Cofense Phishing Defense Center (PDC), this campaign manipulates the GovDelivery system a legitimate…
PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection
A recent threat hunting session has revealed a sophisticated PowerShell script, named y1.ps1, hosted in an open directory on a Chinese server (IP: 123.207.215.76). First detected on June 1, 2025, this script operates as a shellcode loader, employing advanced in-memory…
Massive DDoS Attack Hits 7.3 Tbps Delivering 37.4 Terabytes in 45 Seconds
The internet witnessed a new record in cyberattacks last month as Cloudflare, blocked the largest distributed denial-of-service (DDoS) attack ever recorded. The attack peaked at an astonishing 7.3 terabits per second (Tbps), overwhelming its target with 37.4 terabytes of data…
Azure Misconfiguration Lets Attackers Take Over Cloud Infrastructure
A recent security analysis has revealed how a chain of misconfigurations in Microsoft Azure can allow attackers to gain complete control over an organization’s cloud infrastructure, from initial access to full tenant takeover. The attack path, demonstrated using real-world tools…
AntiDot 3-in-1 Android Botnet Malware Grants Attackers Full Control Over Victim Devices
A new Android botnet malware named AntiDot has emerged as a formidable threat, granting cybercriminals unprecedented control over infected devices. Operated and sold by LARVA-398 as a Malware-as-a-Service (MaaS) on underground forums like XSS, AntiDot is marketed as a “3-in-1”…
Oxford City Council Hit by Cyberattack Exposing Employee Personal Data
Oxford City Council has confirmed it was the target of a sophisticated cyberattack that resulted in the exposure of personal data belonging to employees, including those involved in council-administered elections over the past two decades. The council detected an unauthorised…
GodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking Apps
Zimperium zLabs has uncovered a highly advanced iteration of the GodFather Android banking malware, which employs a groundbreaking on-device virtualization technique to compromise legitimate mobile banking and cryptocurrency applications. Unlike traditional overlay attacks that merely mimic login screens, this malware…
Versa Director Flaws Let Attackers Execute Arbitrary Commands
A newly disclosed set of vulnerabilities in Versa Networks’ SD-WAN orchestration platform, Versa Director, with the flaws enabling authenticated attackers to upload malicious files and execute arbitrary commands on affected systems. The vulnerabilities, tracked as CVE-2025-23171 and CVE-2025-23172, stem from…