A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
SonicWall Patches Multiple Vulnerabilities in NetExtender Windows Client
SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client. These vulnerabilities, identified via several Common Vulnerabilities and Exposures (CVEs), could allow malicious actors to exploit privilege management flaws, trigger local privilege escalation, or manipulate…
Dell Alerts Users to Critical PowerScale OneFS Flaws Enabling Account Takeover
Dell Technologies has issued an urgent security advisory to its users, warning of several critical vulnerabilities in its PowerScale OneFS operating system. These flaws, if exploited, could allow attackers to take over high-privileged user accounts, bypass authorization controls, and disrupt…
Langflow AI Builder Vulnerability Allows Remote Server Takeover by Attackers
A critical security vulnerability has been discovered in the Langflow AI Builder, a popular tool for creating agentic AI workflows. The flaw, tracked as CVE-2025-3248, enables unauthenticated remote attackers to compromise servers running Langflow, potentially leading to full server control. Security…
Cable: Powerful Post-Exploitation Toolkit for Active Directory Attacks
Cybersecurity researchers are raising alarms about Cable, a potent open-source post-exploitation toolkit designed to exploit Active Directory (AD) vulnerabilities. With 298 GitHub stars and 33 forks since its release, this .NET-based tool is rapidly gaining traction among threat actors for its…
TP-Link Smart Hub Flaw Exposes Users’ Wi-Fi Credentials
A critical vulnerability has been discovered in TP-Link’s Smart Hub, potentially exposing users’ Wi-Fi credentials to malicious actors. This flaw could allow attackers to gain unauthorized access to sensitive information, posing significant risks to affected users. The vulnerability, identified as CVE-2025-0072,…
Hackers Claim WooCommerce Breach Exposing 4.4 Million Customer Records
A hacker operating under the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, a leading e-commerce platform used globally to power online stores. The breach, allegedly carried out on April 6, 2025, has reportedly compromised sensitive…
CatB Ransomware Abuses Microsoft Distributed Transaction Coordinator for Stealthy Payload Execution
The cybersecurity realm has encountered a formidable adversary with the emergence of CatB ransomware, also known as CatB99 or Baxtoy. First identified in late 2022, this strain has caught the eye of security analysts due to its sophisticated evasion techniques…
AkiraBot Floods 80,000 Sites After Outsmarting CAPTCHAs and Slipping Past Network Defenses
AkiraBot, identified by SentinelLABS, represents a sophisticated spam bot framework that targets website chats and contact forms to promote low-quality SEO services. Since its inception in September 2024, AkiraBot has impacted over 420,000 unique domains, successfully spamming at least 80,000…
APT32 Turns GitHub into a Weapon Against Security Teams and Enterprise Networks
Southeast Asian Advanced Persistent Threat (APT) group OceanLotus, also known as APT32, has been identified as employing GitHub to conduct a sophisticated poison attack against Chinese cybersecurity professionals. The ThreatBook Research and Response Team has meticulously analyzed this incident, which…
CISA Alerts on Actively Exploited Linux Kernel Out-of-Bounds & Read Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts regarding two actively exploited vulnerabilities in the Linux Kernel. The flaws, tagged as CVE-2024-53197 and CVE-2024-53150, both reside in the USB-audio driver. These vulnerabilities could potentially allow attackers to manipulate…
Smokeloader Malware Operators Busted, Servers Seized by Authorities
In a major victory against cybercrime, law enforcement agencies across North America and Europe have dismantled the infrastructure behind the Smokeloader malware, a notorious pay-per-install (PPI) botnet service. This decisive action, a continuation of the groundbreaking Operation Endgame from May…
PAN-OS DoS Vulnerability Allows Attackers to Force Repeated Firewall Reboots
A newly disclosed denial-of-service (DoS) vulnerability in Palo Alto Networks’ PAN-OS software enables attackers to force firewalls into repeated reboots using maliciously crafted packets. Tracked as CVE-2025-0128, the flaw impacts SCEP (Simple Certificate Enrollment Protocol) authentication and poses significant risks to…
‘RemoteMonologue’ New Red Team Technique Exploits DCOM To Steal NTLM Credentials Remotely
A sophisticated new red team technique dubbed “RemoteMonologue” has emerged, enabling attackers to remotely harvest NTLM credentials without deploying malicious payloads or accessing the Local Security Authority Subsystem Service (LSASS). As traditional methods of credential theft face increasing scrutiny from…
Linux Firewall IPFire 2.29 Launches with Post-Quantum Encryption and System Enhancements
The open-source Linux firewall solution, IPFire, has officially released its latest version, IPFire 2.29 – Core Update 193. This landmark update introduces cutting-edge post-quantum encryption capabilities for IPsec tunnels, along with extensive system upgrades to bolster security, performance, and hardware optimization for…
PAN-OS Command Injection Flaw Lets Hackers Execute Arbitrary Code Remotely
Palo Alto Networks has disclosed a medium-severity vulnerability (CVE-2025-0127) in its PAN-OS software, enabling authenticated administrators on VM-Series firewalls to execute arbitrary commands with root privileges. The flaw, discovered internally, affects specific legacy PAN-OS versions and requires immediate patching for impacted users.…
OpenSSH 10.0 Released: New Protocol Changes and Key Security Improvements
The OpenSSH team has announced the release of OpenSSH 10.0 on April 9, marking an important milestone for one of the most widely-used open-source tools in secure communications. With significant protocol changes, security advancements, and new features, this version aims to provide…
Researchers Uncover Hacking Tools and Techniques Shared on Russian-Speaking Cybercrime Forums
Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal underground, revealing the intricate web of tools, techniques, and cultural elements defining this notorious cybercrime ecosystem. The report highlights the sophistication and resilience of this…
Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA
Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow—a…
SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool
The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting scope since late December 2024. Initially, the group focused on infiltrating India’s government, defense, maritime sectors, and university students. Recent developments indicate an inclusion of…