A critical security flaw in Microsoft Bing tracked as CVE-2025-21355, allowed unauthorized attackers to execute arbitrary code remotely, posing severe risks to organizations and users globally. The vulnerability, rooted in a missing authentication mechanism for a critical Bing function, enabled…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Russian CryptoBytes Hackers Target Windows Machines with UxCryptor Ransomware
The SonicWall Capture Labs threat research team has identified continued activity from the Russian cybercriminal group CryptoBytes, which has been active since at least 2023. This financially motivated group is leveraging a ransomware strain named UxCryptor, which has gained notoriety…
Snake Keylogger Targets Chrome, Edge, and Firefox Users in New Attack Campaign
A new variant of the Snake Keylogger, also known as 404 Keylogger, has been detected targeting users of popular web browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox. FortiGuard Labs identified this threat using FortiSandbox v5.0 (FSAv5), a…
Hackers Converting Stolen Payment Card Data into Apple & Google Wallets
Cybercriminal groups, primarily based in China, are leveraging advanced phishing techniques and mobile wallet technologies to convert stolen payment card data into fraudulent Apple and Google Wallet accounts. This innovative approach has revitalized the underground carding industry, which had been…
Hackers Exploit Jarsigner Tool to Deploy XLoader Malware
Security researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a new campaign leveraging the legitimate JAR signing tool, jarsigner.exe, to distribute the XLoader malware. The attack employs a DLL side-loading technique, where malicious DLL files are placed alongside legitimate…
Russian Hackers Target Signal Messenger Users to Steal Sensitive Data
Russian state-aligned threat actors have intensified their efforts to compromise Signal Messenger accounts, targeting individuals of strategic interest, according to the Google Threat Intelligence Group (GTIG). These campaigns, primarily linked to Russia’s ongoing military operations in Ukraine, aim to intercept…
Mozilla Addresses High-Severity Memory Safety Vulnerabilities in Firefox 135.0.1
Mozilla released Firefox 135.0.1 on February 18, 2025, as an emergency security update to patch multiple high-severity memory safety vulnerabilities. The update specifically addresses CVE-2025-1414, a critical flaw that could enable arbitrary code execution and compromise user systems. This marks the…
Raymond IT Systems Hit by Cyber Attack, Authorities Investigating
Textile and apparel conglomerate Raymond Limited confirmed a cybersecurity breach affecting portions of its IT infrastructure on Wednesday, February 19, 2025, according to regulatory filings submitted to the BSE and NSE stock exchanges. The Mumbai-based company, whose operations span fabric…
90,000 WordPress Sites Exposed to Local File Inclusion Attacks
A critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw enables authenticated attackers with contributor-level privileges to execute remote code via chained Local File Inclusion…
CISA Warns of Active Exploitation of SonicWall SonicOS RCE Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of critical remote code execution (RCE) vulnerability in SonicWall’s SonicOS, tracked as CVE-2024-53704. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 19,…
CISA Issues Warning on Palo Alto PAN-OS Security Flaw Under Attack
CISA and Palo Alto Networks are scrambling to contain widespread exploitation of a critical authentication bypass vulnerability (CVE-2025-0108) affecting firewall devices running unpatched PAN-OS software. The Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities…
Surge in IRS and Tax-Themed Cyber Attacks Driven by Fresh Domain Registrations
The months of January through April, marking the U.S. tax season, have seen a sharp rise in malicious cyber activity targeting taxpayers. Broadcom’s Symantec Security Center has identified a surge in IRS and tax-themed phishing campaigns, smishing attacks, and fraudulent…
Russian Government Proposes Stricter Penalties to Tackle Cybercrime
The Russian government has unveiled sweeping legislative reforms aimed at curbing cybercrime, introducing stricter penalties, expansive law enforcement powers, and novel judicial measures. Approved on February 10, 2025, the amendments seek to modernize the nation’s cybersecurity framework amid rising digital…
Critical Flaw in Apache Ignite (CVE-2024-52577) Allows Attackers to Execute Code Remotely
A severe security vulnerability (CVE-2024-52577) in Apache Ignite, the open-source distributed database and computing platform, has been disclosed. The flaw enables remote attackers to execute arbitrary code on vulnerable servers by exploiting insecure deserialization mechanisms in specific configurations. First reported…
GPT-4o Copilot Covers More Than 30 Popular Programming Languages
GitHub has launched GPT-4o Copilot, a refined code completion model now available to Visual Studio Code users. Built on the GPT-4o mini architecture and trained on over 275,000 high-quality public repositories, the update marks a leap in multi-language support, performance accuracy, and contextual understanding…
CISA Issues Two New ICS Advisories Addressing Exploits and Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated its cybersecurity alerts on February 18, 2025, releasing two critical Industrial Control Systems (ICS) advisories targeting vulnerabilities in Delta Electronics’ CNCSoft-G2 and Rockwell Automation’s GuardLogix controllers. These advisories flagged under ICSA-24-191-01…
Chrome Buffer Overflow Flaws Let Hackers Execute Arbitrary Code & Gain System Access
Google has rolled out an urgent security update for its Chrome browser, patching three vulnerabilities—including two critical heap buffer overflow flaws—that could enable attackers to execute arbitrary code and seize control of affected systems. The update (version 133.0.6943.126/.127 for Windows/Mac…
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension
SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using the .NET framework. This malware is notorious for its advanced obfuscation techniques, making it challenging to analyze and detect. Recently, cybersecurity researchers uncovered a new campaign…
Cybercriminals Embedded Credit Card Stealer Script Within ![]()
Tag
Cybersecurity researchers have uncovered a new MageCart malware campaign targeting e-commerce websites running on the Magento platform. This attack exploits <img> HTML tags to conceal malicious JavaScript skimmers, enabling cybercriminals to steal sensitive payment information while evading detection by security…
Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions
A sophisticated malware campaign leveraging the Lumma InfoStealer has been identified, targeting educational institutions to distribute malicious files disguised as PDF documents. This campaign employs compromised school infrastructure to deliver weaponized LNK (shortcut) files masquerading as legitimate PDFs, initiating a…