Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as the actor has launched at least 10 malvertising campaigns hosted on two specific IP addresses: 185.11.61[.]243 and 185.147.124[.]110, where these malicious ads, when clicked, redirect…

Read more →

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact…

Read more →

Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in Israel and the US, have been attributed to the Iranian-backed CyberAv3ngers.  The attacks, leveraging a custom-built malware named IOCONTROL, exploit vulnerabilities in IoT and OT devices,…

Read more →

Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams to gain remote access to victim systems. Utilizing sophisticated social engineering tactics, these malicious actors pose as legitimate employees or trusted contacts, leveraging video calls on…

Read more →

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second, nearly double the rate from just a year ago. This surge in cyber threats underscores the urgent need for more robust authentication methods, with passkeys…

Read more →

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second, nearly double the rate from just a year ago. This surge in cyber threats underscores the urgent need for more robust authentication methods, with passkeys…

Read more →

Bulletproof hosting services, a type of dark internet service provider, offer infrastructure to cybercriminals, facilitating malicious activities like malware distribution, hacking attacks, fraudulent websites, and spam.  These services evade legal scrutiny, posing a significant challenge to global cybersecurity. Understanding and…

Read more →

Researchers have discovered a new Android banking trojan targeting Indian users, and this malware disguises itself as essential utility services to trick users into providing sensitive information.  The malware has already compromised 419 devices, intercepted 4,918 SMS messages, and stolen…

Read more →

Researchers discovered multiple vulnerabilities in Ruijie Networks’ cloud-connected devices. By exploiting these vulnerabilities, attackers can remotely compromise access points, gain unauthorized access to internal networks, and execute arbitrary code on affected devices.  The “Open Sesame” attack demonstrates a practical scenario…

Read more →

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks from pprof endpoints, and potential code execution threats, which could lead to data breaches, system outages, and unauthorized access. Vulnerable Prometheus servers are exposed to internet…

Read more →

United States Attorney Susan Lehr announced the extradition of Abiola Kayode, 37, from Nigeria to the District of Nebraska. The extradition follows a Conspiracy to Commit Wire Fraud indictment filed against Kayode in August 2019. This case highlights international cooperation…

Read more →

Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose affected systems to exploitation by malicious actors. Customers are strongly encouraged to review the findings and update their systems accordingly. This update includes remediation for two…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities across Siemens’ industrial products. Released on December 12, 2024, these advisories expose multiple flaws in Siemens’ hardware and software platforms critical to industrial control systems (ICS).…

Read more →

The Federal Bureau of Investigation (FBI) announced the seizure of Rydox, an illicit online marketplace that facilitated the buying and selling of stolen personal information and cybercrime tools. Alongside the crackdown, law enforcement arrested three key administrators linked to the…

Read more →

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor…

Read more →

Researchers discovered a new variant of the AntiDot banking trojan targeting Android mobile devices through a mobile-phishing (mishing) campaign, where this variant builds upon the version identified by Cyble in May 2024.  The attackers leverage social engineering tactics, posing as…

Read more →

Wuhan Chinasoft Token Information Technology Co., Ltd. developed EagleMsgSpy, a surveillance tool operational since 2017, which, installed as an APK, secretly collects extensive user data, including chat messages, screen recordings, audio, call logs, contacts, SMS, location, and network activity.  Because…

Read more →

Cybercriminals exploited typosquatting to deploy a malicious npm package, `@typescript_eslinter/eslint`, targeting developers seeking the legitimate TypeScript ESLint plugin, which was designed to mimic the genuine plugin, compromised systems by monitoring keystrokes, clipboard data, and executing remote commands.  They leveraged a…

Read more →

Researchers identified FUNNULL, a Chinese CDN, as hosting malicious content, which includes fake trading apps for financial fraud, gambling sites likely used for money laundering, and phishing login pages targeting luxury brands.  The gambling sites use algorithmically generated domains and…

Read more →

A stealthy Command-and-Control (C2) infrastructure Red Team tool named ConvoC2 showcases how cyber attackers can exploit Microsoft Teams to execute system commands on compromised hosts remotely. This innovative project, designed with Red Team operations in mind, uses Teams messages for…

Read more →