Privacy is the cornerstone of digital communication in today’s world, and platforms like WhatsApp consistently introduce features to enhance user security. One such feature is WhatsApp’s “View Once” option, which ensures that sensitive photos and videos disappear after being viewed…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Windows CLFS Buffer Overflow Vulnerability CVE-2024-49138 – PoC Released
A recently disclosed Windows kernel-level vulnerability, identified as CVE-2024-49138, has raised significant security concerns in the cybersecurity community. Leveraging a buffer overflow vulnerability within the Windows Common Log File System (CLFS), researchers have released a proof-of-concept (PoC) exploit, showcasing the critical risks…
Hackers Attacking Windows, macOS, and Linux systems With SparkRAT
Researchers have uncovered new developments in SparkRAT operations, shedding light on its persistent use in malicious campaigns targeting macOS users and government organizations. The findings, detailed in a recent report, underscore the evolving tactics of threat actors leveraging SparkRAT’s modular…
New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability
Akamai’s Security Intelligence and Response Team (SIRT) has uncovered a novel variant of the Mirai-based botnet malware, dubbed Aquabotv3, actively targeting Mitel SIP phones via a critical vulnerability. This marks the third observed iteration of Aquabot, which now showcases unique…
Hellcat Ransomware Attacking Government Organizations & Educational Institutions
A new ransomware gang, Hellcat, emerged on dark web forums in 2024, targeting critical infrastructure, government organizations, educational institutions, and the energy sector. Operating on a ransomware-as-a-service (RaaS) model, Hellcat offers ransomware tools and infrastructure to affiliates in exchange for…
Researchers Jailbreaked DeepSeek R1 to Generate Malicious Scripts
Researchers have successfully jailbroken DeepSeek R1, a cutting-edge reasoning model originating from China. Dubbed a potential challenger to tech giants like OpenAI, DeepSeek R1 has garnered international attention for its impressive problem-solving abilities in mathematics, logic, and coding. However, the…
Google Researchers Breakdowns Scatterbrain Behind PoisonPlug Malware
Google’s Threat Intelligence Group (GTIG) in collaboration with Mandiant has revealed critical insights into ScatterBrain, a sophisticated obfuscation tool utilized by China-nexus cyber espionage groups, specifically APT41, to deploy the advanced backdoor family POISONPLUG.SHADOW. This analysis underscores the significant evolution…
Zyxel CPE Zero-Day (CVE-2024-40891) Exploited in the Wild
Security researchers have raised alarms about active exploitation attempts targeting a newly discovered zero-day command injection vulnerability in Zyxel CPE Series devices, tracked as CVE-2024-40891. This critical vulnerability, which remains unpatched and undisclosed by the vendor, has left over 1,500 devices…
FleshStealer: A new Infostealer Attacking Chrome & Mozilla Users
A newly identified strain of information-stealing malware, FleshStealer, is making headlines in 2025 due to its advanced evasion techniques and targeted data extraction capabilities. Flashpoint analysts have shed light on its operation, revealing a sophisticated tool that poses significant risk…
Windows 11 24H2 Update Bug: Users Report Disruptions in Web Camera and USB Devices
Windows 11 KB5050009 for version 24H2 has sparked widespread frustrations among users due to a slew of compatibility and functionality issues. Reports indicate that the update, which aims to introduce improvements and security fixes, has instead caused disruptions in Bluetooth…
Vulnerability in Airline Integration Service enables A Hacker to Gain Entry To User Accounts
A recent security vulnerability in a widely used airline integration service has exposed millions of users to account takeovers, raising concerns over the safety of online travel services. Security researchers from Salt Labs discovered the flaw, which enabled hackers to…
TP-Link Router Web Interface XSS Vulnerability – PoC Exploit Released
A recently discovered Cross-site Scripting (XSS) vulnerability, CVE-2024-57514, affecting the TP-Link Archer A20 v3 Router has raised security concerns among users. The flaw CVE-2024-57514, identified in firmware version 1.0.6 Build 20231011 rel.85717(5553), allows attackers to execute arbitrary JavaScript code through the…
PoC Exploit Released for Critical Cacti Vulnerability Let Attackers Code Remotely
A critical vulnerability in the Cacti performance monitoring framework, tracked as CVE-2025-22604, has been disclosed, with a proof-of-concept (PoC) exploit now publicly available. This vulnerability allows authenticated users with device management permissions to execute arbitrary code on the server by…
Hackers Seize Control of 3,000 Companies Through Critical Vulnerabilities
In a groundbreaking cybersecurity investigation, researchers identified several critical vulnerabilities in a target system, eventually gaining control over 3,000 subsidiary companies managed by a parent organization. The exploration leveraged flaws in API configurations, bypassed key security protocols, and exposed sensitive…
Hackers Could Bypassing EDR Using Windows Symbolic Links to Disable Service Executables
A groundbreaking technique for exploiting Windows systems has emerged, combining the “Bring Your Own Vulnerable Driver” (BYOVD) approach with the manipulation of symbolic links. Security researchers have uncovered how this method can bypass Endpoint Detection and Response (EDR) mechanisms and…
TorNet Backdoor Exploits Windows Scheduled Tasks to Deploy Malware
Cisco Talos researchers have identified an ongoing cyber campaign, active since mid-2024, deploying a previously undocumented backdoor known as “TorNet.” This operation, believed to be orchestrated by a financially motivated threat actor, predominantly targets users in Poland and Germany through…
Microsoft Unveils Phishing Attack Protection for Teams Chat
Microsoft has taken a significant step toward enhancing cybersecurity by introducing a new phishing attack protection feature for Microsoft Teams. The feature aims to safeguard users from brand impersonation in chats initiated by external domains, a common tactic used by…
Apple Security Update – Patch for iOS Zero-day, MacOS & More
Apple has responded to a newly discovered zero-day vulnerability affecting its operating systems by releasing an array of security updates to protect users from potential exploitation. The updates span iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and Safari, demonstrating Apple’s commitment…
New Phishing Scam Targets Amazon Prime Membership to Steal Credit Card Data
A recent investigation has uncovered a sophisticated phishing campaign leveraging malicious PDF files to redirect unsuspecting users to fake Amazon-branded phishing websites. Researchers from Unit 42 reported that this campaign utilizes PDFs containing embedded links as an initial lure to…
Hackers Use Hidden Text Salting to Bypass Spam Filters and Evade Detection
In the latter half of 2024, Cisco Talos identified a significant increase in email threats leveraging “hidden text salting,” also referred to as HTML poisoning. This deceptive yet effective technique enables cybercriminals to bypass email parsers, confuse spam filters, and…