Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

The popular cookie management extension EditThisCookie has been the target of a malicious impersonation. Originally a trusted tool for Chrome users, EditThisCookie allowed users to manage cookie data in their browsers. However, after significant scrutiny, the legitimate version has been…

Read more →

A critical vulnerability has been identified in the popular UpdraftPlus: WP Backup & Migration Plugin, potentially impacting over 3 million WordPress websites. This security flaw allows unauthenticated attackers to exploit a PHP Object Injection vulnerability through deserialization of untrusted input.…

Read more →

A recent blog post by developer Jeff Johnson has brought to light a new feature in Apple’s Photos app within the recently launched iOS 18. Titled “Enhanced Visual Search,” this toggle permits iPhones to transmit photo data to Apple by…

Read more →

BARWM, a novel backdoor attack approach for real-world deep learning (DL) models deployed on mobile devices. Existing backdoor attacks often suffer from limitations such as altering the model structure or relying on easily detectable, sample-agnostic triggers.  By utilizing DNN-based steganography…

Read more →

An attacker with physical access can abruptly restart the device and dump RAM, as analysis of this memory may reveal FVEK keys from recently running Windows instances, compromising data encryption.  The effectiveness of this attack is, however, limited because the…

Read more →

The Python script leverages low-level interactions with the Windows operating system, which imports crucial libraries like `System.Reflection`, `ctypes`, and `wintypes`, enabling it to directly invoke Windows APIs.  It allows the script to manipulate system behavior at a fundamental level, potentially…

Read more →

The researcher proposes a game-theoretic approach to analyze the interaction between the model defender and attacker in trigger-based black-box model watermarking.  They design payoff functions for both players and determine the optimal strategies for each player, which provides a theoretical…

Read more →

Garak is a free, open-source tool specifically designed to test the robustness and reliability of Large Language Models (LLMs). Inspired by utilities like Nmap or Metasploit, Garak identifies potential weak points in LLMs by probing for issues such as hallucinations,…

Read more →

Attackers published 20 malicious npm packages impersonating legitimate Nomic Foundation and Hardhat plugins, where these packages, downloaded over 1,000 times, compromised development environments and potentially backdoored production systems and resulted in financial losses. They are utilizing Ethereum smart contracts, such…

Read more →

Tenable Holdings, Inc. has confirmed the passing of its esteemed Chairman and Chief Executive Officer, Amit Yoran, who succumbed to cancer on January 3, 2025. Yoran, aged 54, was a distinguished figure in the cybersecurity realm, known for his visionary…

Read more →

Researchers have released a proof of concept (PoC) exploit for a critical privilege escalation vulnerability affecting Microsoft Windows. This vulnerability, CVE-2024-43452, allows attackers to gain elevated privileges on a compromised system, potentially leading to unchecked access to sensitive data and…

Read more →

Within today’s fast-changing global society, effective training is vital for personal and professional success. However, traditional methods often do not provide enough flexibility or personalization options. In light of this, learning experience platforms (LXPs) have revolutionized how organizations and individuals…

Read more →

Tenable Holdings, Inc. has announced with profound sadness the unexpected passing of its Chairman and Chief Executive Officer, Amit Yoran, who succumbed to a battle with cancer on January 5, 2025. A visionary leader, Yoran was a pioneer in the…

Read more →

Cybersecurity experts have uncovered a new wave of cyberattacks linked to North Korean threat actors targeting cryptocurrency wallets in an operation dubbed the “Contagious Interview” campaign. The attackers employ sophisticated phishing tactics under the guise of job interviews, exploiting platforms…

Read more →

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome extensions, which can manipulate emails, track browsing, and even transform infected browsers into proxies for attackers, enabling them to browse the web with the victim’s credentials.…

Read more →

Security researchers have observed consistent activity from a threat actor dubbed “EC2 Grouper,” which is responsible for numerous cloud compromises and exhibits a distinct modus operandi.  EC2 Grouper consistently employs specific user agents and adheres to a unique security group…

Read more →

In a recent security advisory, ASUS has alerted users to critical vulnerabilities affecting several of its router models.  These flaws, tracked as CVE-2024-12912 and CVE-2024-13062, pose severe risks by allowing attackers to execute arbitrary commands on compromised devices. ASUS has advised users to…

Read more →

Apple Inc. has agreed to pay $95 million to settle a proposed class-action lawsuit alleging that its Siri voice assistant infringed on users’ privacy by recording private conversations without their consent. The preliminary settlement, filed in federal court in Oakland,…

Read more →

NTT Docomo, one of Japan’s leading telecommunications and IT service providers, experienced a massive disruption on January 2, 2025, after a Distributed Denial of Service (DDoS) attack targeted its network infrastructure. The attack resulted in widespread service irregularities affecting customers…

Read more →

 A critical vulnerability discovered in the popular macOS terminal emulator iTerm2 has raised concerns among cybersecurity experts and software users. The flaw, which could allow malicious attackers to access sensitive user data, underscores the importance of timely updates and vigilant…

Read more →

PLAYFULGHOST, a Gh0st RAT variant, leverages distinct traffic patterns and encryption, which spread via phishing emails and SEO poisoning of bundled applications, enabling keylogging, screen capture, and other malicious remote access capabilities. A phishing campaign employed a .jpg file as…

Read more →

The CVE-2024-49112 vulnerability in Windows LDAP allows remote code execution on unpatched Domain Controllers, as a zero-click exploit leverages this by crafting malicious LDAP requests, which, sent without any user interaction, exploit a memory corruption vulnerability within the LDAP service. …

Read more →

A cybersecurity researcher has demonstrated a method to bypass BitLocker encryption on Windows 11 (version 24H2) by extracting full volume encryption keys (FVEK) from memory. Using a custom-built tool named Memory-Dump-UEFI, the researcher was able to retrieve sensitive cryptographic keys to…

Read more →

The Tycoon 2FA platform is a Phishing-as-a-Service (PhaaS) tool that enables cybercriminals to easily launch sophisticated phishing attacks targeting two-factor authentication (2FA).  It provides a service that simplifies the process for attackers. and offers an intuitive interface, allowing for the…

Read more →

SmuggleShield, a recently launched browser extension, is gaining attention in the cybersecurity space for its innovative approach to mitigating HTML smuggling attacks. With its stable version (2.0) now available, SmuggleShield provides an additional layer of protection for everyday internet users,…

Read more →

Cloud security researchers have uncovered alarming trends in identity compromises within Amazon Web Services (AWS) environments. Among the most prolific threat actors is a group dubbed “EC2 Grouper,” known for exploiting compromised credentials to carry out sophisticated attacks using AWS…

Read more →

Trend Micro has addressed six high-severity vulnerabilities in its Apex One and Apex One as a Service product, which could allow attackers to escalate privileges on affected Windows systems. These vulnerabilities were disclosed under the Common Vulnerabilities and Exposures (CVE) system and have been…

Read more →

A 20-year-old U.S. Army soldier, Cameron John Wagenius, has been arrested and indicted by federal authorities for allegedly selling confidential customer call records stolen from major telecommunications companies AT&T and Verizon. Known online as “Kiberphant0m,” Wagenius was apprehended near an…

Read more →

D-Link warned users of several legacy router models about known vulnerabilities actively exploited by botnets. These devices, which have reached End-of-Life (EOL) and End-of-Service (EOS), are at heightened risk of being targeted by malware strains known as “Ficora” and “Capsaicin.”…

Read more →

Researchers recently discovered a malicious campaign targeting Ukrainian military personnel through fake “Army+” application websites, which host a malicious installer that, upon execution, extracts the legitimate application alongside the Tor browser.  The installer includes a PowerShell script that indicates the…

Read more →

The DrayTek Gateway devices, more specifically the Vigor2960 and Vigor300B models, are susceptible to a critical command injection vulnerability.  Exploitable via the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint, attackers can inject arbitrary commands into the system by manipulating the session parameter within a crafted…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a critical vulnerability in Palo Alto Networks PAN-OS. Tracked as CVE-2024-3393, this flaw has been observed in active exploitation, putting systems at risk of remote disruption. CVE-2024-3393:…

Read more →

The Biden administration confirmed that a Chinese state-sponsored hacking group breached the U.S. Treasury Department, gaining unauthorized access to employee workstations and unclassified documents. This revelation follows a string of sophisticated surveillance operations targeting key American institutions. The intrusion, attributed…

Read more →

Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a critical vulnerability in TrueNAS CORE, a widely-used open-source storage operating system developed by iXsystems. The vulnerability, CVE-2024-11944, allows network-adjacent attackers to execute arbitrary code on…

Read more →

The NFS protocol offers authentication methods like AUTH_SYS, which relies on untrusted user IDs, and Kerberos, providing cryptographic verification.  While Kerberos offers strong security, its Linux configuration can be complex, where emerging standards like RPC over TLS aim to simplify…

Read more →

The watering hole attack leverages a compromised website to deliver malware. When a user visits the infected site, their system downloads an LZH archive containing an LNK file, where executing this LNK file triggers a malware infection. An infected website…

Read more →

Researchers observed a recent surge in activity from the “FICORA” and “CAPSAICIN,” both variants of Mirai and Kaiten, respectively, which exploit known vulnerabilities in D-Link routers, including those with outdated firmware like DIR-645, DIR-806, GO-RT-AC750, and DIR-845L.  Attackers leverage the…

Read more →

SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store. On December 25th,…

Read more →

A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an NSA employee. The disclosure, made on X (formerly Twitter), reveals a severe security flaw that could…

Read more →

Security researchers have warned that a Proof-of-Concept (PoC) exploit has been publicly released for a critical vulnerability affecting Oracle WebLogic Server. The flaw tracked as CVE-2024-21182, poses a significant risk to organizations using the server, as it allows an unauthenticated attacker with…

Read more →

Microsoft has issued a warning about a significant issue impacting devices running Windows 11, version 24H2, that could block essential Windows Security updates. The problem arises when users install this version of the operating system using media—such as CDs or…

Read more →

A significant post-authentication vulnerability affecting Four-Faith industrial routers has been actively exploited in the wild. Assigned as CVE-2024-12856, this flaw allows attackers to execute unauthenticated remote command injections by leveraging the routers’ default credentials. Details of the Exploitation The vulnerability impacts…

Read more →

Cyberhaven, a prominent cybersecurity company, disclosed that its Chrome extension With 400,000+ users was targeted in a malicious cyberattack on Christmas Eve 2024, as part of a broader campaign affecting multiple Chrome extension developers. CEO Howard Ting announced the incident…

Read more →

AT&T and Verizon Communications, two of America’s largest telecommunications providers, have confirmed they were targeted by the China-linked Salt Typhoon hacking operation, though both companies now report their networks are clear of the intrusion. In a statement released Saturday, Dallas-based…

Read more →

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto Networks’ PAN-OS software. This flaw allows unauthenticated attackers to exploit firewalls through specially crafted packets, causing denial-of-service (DoS) conditions. The issue has been actively exploited,…

Read more →

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in the cybersecurity community. This notorious Remote Access Trojan (RAT), also known as Bladabindi, has long been a tool of choice for cybercriminals due to its…

Read more →

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack targeting various organizations, unlike typical nation-sponsored attacks.  While primarily associated with BeaverTail and InvisibleFerret malware, SOCs have recently observed OtterCookie deployed within this campaign.  OtterCookie…

Read more →

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised EXE installer, as analysis revealed a parent-child relationship between these samples, all of which communicated with the same C2 server. The Lumma Stealer Trojan, observed…

Read more →

Threat Analysts have reported alarming findings about the “Araneida Scanner,” a malicious tool allegedly based on a cracked version of Acunetix, a renowned web application vulnerability scanner. The tool has been linked to illegal activities, including offensive reconnaissance, scraping user…

Read more →

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves the systematic collection and exploitation of genuine identity documents and images.  Attackers utilize these resources to develop and sell techniques for bypassing identity verification systems,…

Read more →

McDonald’s India (West & South) / Hardcastle Restaurants Pvt. Ltd. operates a custom McDelivery web app for ordering McDonald’s food for delivery, dine-in, and takeout.  The app is popular, with over 10 million downloads on Google Play and #16 in…

Read more →

A Brazilian man, Junior Barros De Oliveira, has been charged with multiple counts of cybercrime and extortion for hacking into the computer systems of a Brazilian subsidiary of a New Jersey-based company and attempting to extort millions in Bitcoin. The…

Read more →

Two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, were recently detected by Fortinet’s AI-driven OSS malware detection system. These packages, spotted on November 16 and November 24, 2024, respectively, represent significant threats to users by leveraging advanced malware techniques. These findings…

Read more →

Adobe has issued a critical security update for ColdFusion versions 2023 and 2021 to address a major vulnerability that could lead to an arbitrary file system read. The identified vulnerability, CVE-2024-53961, has a known proof-of-concept exploit, making the updates crucial…

Read more →

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves the systematic collection and exploitation of genuine identity documents and images.  Attackers utilize these resources to develop and sell techniques for bypassing identity verification systems,…

Read more →

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian government’s Regional Financial Management Information System (Sistem Informasi Pengelolaan Keuangan Daerah, or SIPKD). This system is operated by the Badan Pendapatan, Pengelolaan Keuangan, dan Aset…

Read more →

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system that could potentially lead to denial-of-service (DoS) attacks. The affected kernel extensions—perfstat and TCP/IPmpresent risks to systems running on AIX 7.2, AIX 7.3, VIOS 3.1,…

Read more →

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage targeting Chinese technology companies and research institutions. These attacks, suspected to be orchestrated by U.S. intelligence agencies, aimed to steal sensitive commercial secrets and intellectual…

Read more →

The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache HugeGraph-Server. The flaw, identified as CVE-2024-43441, could potentially allow authentication bypass due to an issue with assumed-immutable data in JWT tokens. The vulnerability impacts versions…

Read more →

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions of systems to potential remote code execution (RCE) and privilege escalation attacks. The vulnerability, assigned CVE-2024-56334, highlights the importance of secure coding practices when dealing with…

Read more →

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial sample (MD5 14f6c034af7322156e62a6c961106a8c) provided valuable insights into its version and development timeline.  A second suspicious sample on the same machine, while exhibiting similar functionality to…

Read more →

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through malicious packages disguised as legitimate tools. The threat actor, “k303903,” compromised hundreds of machines before the packages were removed.  Subsequent analysis revealed that “k303903” likely…

Read more →

A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors using the online persona “CyberAv3ngers.”  These actors are targeting and compromising Unitronics Vision Series programmable logic controllers (PLCs), specifically those manufactured…

Read more →

A new Mirai-based botnet, “Hail Cock Botnet,” has been exploiting vulnerable IoT devices, including DigiEver DVRs and TP-Link devices with CVE-2023-1389. The botnet, active since September 2024, leverages a variant of Mirai malware with enhanced encryption.  A recent uptick in…

Read more →

NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets Facebook Ads Manager accounts, stealing sensitive financial and business data in addition to credit card details and browser information.  The malware is delivered through spear-phishing…

Read more →

The Lazarus Group has recently employed a sophisticated attack, dubbed “Operation DreamJob,” to target employees in critical sectors like nuclear energy, which involves distributing malicious archive files disguised as legitimate job offers.  Once executed, these files unleash a multi-stage infection…

Read more →

A seemingly benign health app, “BMI CalculationVsn,” was found on the Amazon App Store, which secretly collected sensitive user data, including installed app package names and incoming SMS messages, posing a significant privacy threat. The BMI calculator app conceals malicious…

Read more →

North Korean hackers are estimated to have stolen a staggering $2.2 billion in 2024, up 21% from 2023. With advanced tactics and increasing sophistication, the Democratic People’s Republic of Korea (DPRK) has positioned itself as a dominant force in crypto…

Read more →

A staggering 17 million patient records, containing sensitive personal and medical information, have been stolen in a devastating ransomware attack on PIH Health. The cyberattack, which began on December 1, has disrupted operations at three hospitals: PIH Health Downey Hospital,…

Read more →

After a prolonged legal battle stretching over five years, WhatsApp has triumphed over NSO Group in a significant lawsuit concerning the use of Pegasus spyware. The verdict, handed down by the United States District Court for the Northern District of…

Read more →

GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesting operations. PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is…

Read more →

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker forums and Telegram channels. Priced at $100 per month, this malicious tool is gaining attention for its extensive capabilities and potential to wreak havoc on individuals…

Read more →

A critical vulnerability has been identified in Siemens’ User Management Component (UMC), which could allow unauthenticated remote attackers to execute arbitrary code. The flaw, designated CVE-2024-49775, is a heap-based buffer overflow vulnerability. Siemens has issued Security Advisory SSA-928984 and urges customers…

Read more →

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF Reader and Foxit PDF Editor. The updates—Foxit PDF Reader 2024.4 and Foxit PDF Editor 2024.4/13.1.5—were released on December 17, 2024, to counter vulnerabilities that could leave…

Read more →

Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could allow local attackers to escalate privileges to the SYSTEM level. Security researcher Alex Birnberg showcased the exploit during the renowned TyphoonPWN 2024 cybersecurity competition, securing…

Read more →

A Romanian man has been sentenced to 20 years in prison for his involvement in the notorious NetWalker ransomware attacks. The sentencing, which took place in the Middle District of Florida, also included a forfeiture order of $21.5 million in…

Read more →

 The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. This newly uncovered flaw tracked as CVE-2024-12356, could allow attackers to execute malicious commands, posing…

Read more →

 The Cybersecurity and Infrastructure Security Agency (CISA) has issued eight detailed advisories on vulnerabilities affecting Industrial Control Systems (ICS). These vulnerabilities impact critical software and hardware across various industries, posing risks of service disruption, unauthorized access, and malicious code execution.…

Read more →

A new and advanced ransomware family, dubbed NotLockBit, has emerged as a significant threat in the cybersecurity landscape, closely mimicking the behavior and tactics of the notorious LockBit ransomware. NotLockBit notably distinguishes itself by being one of the first ransomware…

Read more →

BADBOX is a cybercriminal operation infecting Android devices like TV boxes and smartphones with malware before sale, which are often sold through reputable retailers and pose a significant threat to users due to their pre-installed malicious software, making detection challenging.…

Read more →

TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email containing a RAR archive, which included a decoy PDF, a malicious LNK file disguised as a PDF, and an ADS file with PowerShell code.  This technique,…

Read more →

Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the vulnerability of the platform to supply chain attacks similar to those previously seen in the npm community. Malicious actors are increasingly exploiting npm packages to distribute…

Read more →

Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify a sophisticated malware delivery campaign.  A link that was disguised as a legitimate SharePoint notification was included in the emails that were sent out at the…

Read more →

Europol has published a groundbreaking report titled “Leveraging Legitimacy: How the EU’s Most Threatening Criminal Networks Abuse Legal Business Structures.”  The report uncovers the alarming extent to which organized crime groups exploit legitimate business structures to strengthen their power, evade law…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed update to the National Cyber Incident Response Plan (NCIRP), inviting public feedback on the draft. This highly anticipated revision, outlined in a pre-decisional public comment draft released this month,…

Read more →

In a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada, the United Kingdom, and Israel have issued an urgent warning about ongoing malicious cyber activities by advanced persistent threat (APT) actors affiliated with Iran’s Islamic Revolutionary…

Read more →

A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows attackers to bypass authentication under specific circumstances. The issue, cataloged as CVE-2024-51479, affects versions from 9.5.5 up to 14.2.14. Developers using these versions must quickly upgrade…

Read more →

In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services. This directive mandates federal civilian agencies to adopt stringent security measures for…

Read more →

Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205 for Windows and Mac and 131.0.6778.204 for Linux. This update addresses multiple high-severity vulnerabilities, ensuring enhanced safety for users. The rollout will occur gradually over the coming…

Read more →

Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing two critical vulnerabilities affecting its FortiManager and FortiWLM products. The vulnerabilities, which can allow unauthorized code execution and sensitive file read access, demand immediate attention to…

Read more →

Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205 for Windows and Mac and 131.0.6778.204 for Linux. This update addresses multiple high-severity vulnerabilities, ensuring enhanced safety for users. The rollout will occur gradually over the coming…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has released new best practice guidance to safeguard mobile communications amid rising concerns over cyber espionage activities linked to People’s Republic of China (PRC)-affiliated threat actors. These malicious actors have been targeting commercial…

Read more →

The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing campaigns.  Delivered as attachments disguised as archives or Microsoft 365 files, it employs malicious Microsoft Office documents to spread through command-and-control (C2) infrastructure.  It targets sensitive…

Read more →

INTERPOL has called for the term “romance baiting” to replace “pig butchering,” a phrase widely used to describe a manipulative scam where victims are emotionally exploited and financially defrauded. The international law enforcement organization emphasizes that the new term fosters…

Read more →

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed “I2PRAT,” which leverages encrypted peer-to-peer (P2P) communication via the Invisible Internet Project (I2P) network to avoid detection. The malware, first reported on November 19 by the researcher…

Read more →

 A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has brought rogue Remote Desktop Protocol (RDP) attacks to the forefront of cybersecurity concerns. Leveraging a combination of RDP relays, rogue RDP servers, and custom malicious configuration…

Read more →

GFI Software’s Kerio Control, a popular UTM solution, was found to be vulnerable to multiple HTTP Response Splitting vulnerabilities, which affecting versions 9.2.5 through 9.4.5, could potentially allow attackers to inject malicious code into web pages, leading to cross-site scripting…

Read more →

RiseLoader, a new malware family discovered in October 2024, leverages a custom TCP-based binary protocol similar to RisePro for downloading and executing second-stage payloads.  Despite RisePro’s development discontinuation in June 2024, RiseLoader’s emergence suggests a potential connection to the threat…

Read more →

Recent research has linked a series of cyberattacks to The Mask group, as one notable attack targeted a Latin American organization in 2022, where attackers compromised the organization’s MDaemon email server and exploited the WorldClient webmail component to maintain persistent…

Read more →

Attackers are ingeniously exploiting Google Calendar and Google Drawings in phishing campaigns, targeting unsuspecting individuals and organizations. Leveraging the inherent trust in Google’s widely used tools, cybercriminals are successfully deceiving users into revealing sensitive information and compromising their accounts. Google…

Read more →