Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Apple Inc. has officially opened applications for its highly anticipated Information Security Internship, aimed at students eager to dive into the dynamic world of cybersecurity. This opportunity is ideal for aspiring professionals looking to enhance their skills within one of…

Read more →

A critical zero-day vulnerability in Fortinet’s FortiOS and FortiProxy products is being actively exploited by hackers to gain super-admin privileges on affected devices. The authentication bypass flaw, tracked as CVE-2024-55591, allows remote attackers to execute unauthorized code or commands via…

Read more →

SAP has released its January 2025 Security Patch Day updates, addressing 14 new vulnerabilities, including two critical flaws in SAP NetWeaver that could allow attackers to gain unauthorized access to affected systems. The most severe vulnerability, CVE-2025-0070, is an improper…

Read more →

Microsoft’s January 2025 Patch Tuesday has arrived with a significant security update, addressing a total of 159 vulnerabilities. This marks the largest number of CVEs addressed in a single month since at least 2017, more than doubling the usual amount…

Read more →

Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. Czech cybersecurity startup Wultra has raised €3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its…

Read more →

Google has released a significant security update for its Chrome browser, addressing 16 vulnerabilities in version 132.0.6834.83/84 for Windows, Mac, and Linux platforms. This update, which will be rolled out over the coming days and weeks. While this security update…

Read more →

Are you trying to decide between public and private cloud solutions for your business? It’s not always easy to figure out which option is the best. Both have unique benefits, and your choice can significantly impact your business. This article…

Read more →

Zoom Video Communications has released a critical security update addressing multiple vulnerabilities in its suite of applications, including a high-severity flaw that could allow attackers to escalate privileges. The company urges users to update their software immediately to mitigate potential…

Read more →

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the public internet. The attacks, observed by Arctic Wolf between November and December 2024, exploit what is believed to be a zero-day vulnerability, allowing unauthorized access and…

Read more →

A critical flaw in Google’s “Sign in with Google” authentication system has left millions of Americans vulnerable to potential data theft. This vulnerability mainly affects former employees of startups, especially those that have ceased operations. According to Truffle Security, the…

Read more →

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass Apple’s System Integrity Protection (SIP). Known as CVE-2024-44243, this vulnerability could be exploited to load third-party kernel extensions, resulting in severe security implications for macOS users.…

Read more →

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new step-by-step guide designed to help organizations select and deploy secure operational technology (OT) products. The guide, titled “Secure by Demand:…

Read more →

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that is impacting some Microsoft 365 (M365) users. The problem, which surfaced earlier today, is preventing affected users from accessing certain M365 applications, raising concerns for businesses…

Read more →

Cybercriminals are executing sophisticated phishing attacks targeting Microsoft 365 users by employing deceptive URLs that closely resemble legitimate O365 domains, creating a high degree of trust with unsuspecting victims.  The attackers leverage social engineering tactics, often claiming imminent password expiration,…

Read more →

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers used scheduled tasks to execute pcalua.exe to run malicious binaries and Python scripts, including the RPivot client.py script to connect to a remote server.  Evidence suggests…

Read more →

A proof-of-concept (PoC) exploit has been publicly disclosed for a critical vulnerability impacting macOS systems, identified as CVE-2024-54498. This vulnerability poses a significant security risk by allowing malicious applications to bypass the macOS Sandbox, a key security feature designed to isolate…

Read more →

A newly disclosed security vulnerability in IBM Robotic Process Automation (RPA) has raised concerns about potential data breaches. The vulnerability, tracked as CVE-2024-51456, could allow remote attackers to exploit cryptographic weaknesses and access sensitive information. IBM has released a security bulletin detailing the…

Read more →

The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people. The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the…

Read more →

Malware actors leverage popular platforms like YouTube and social media to distribute fake installers. Reputable file hosting services are abused to host malware and make detection challenging.  Password protection and encoding techniques further complicate analysis and evade early sandbox detection.…

Read more →

Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database.  On checkout pages, the malware is designed to steal credit card information from users who are visiting those pages.…

Read more →