EclecticIQ analysts assess with high confidence that ShinyHunters is expanding its operations by combining AI-enabled voice phishing, supply chain compromises, and leveraging malicious insiders, such as employees or contractors, who can provide direct access to enterprise networks. ShinyHunters is very…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
SonicWall Advises Users to Reset Logins After Config Backup Leak
SonicWall has alerted its customers to reset all login credentials after a recent leak exposed firewall configuration backups. The vendor emphasizes three critical stages—containment, remediation, and monitoring—to minimize risk and restore secure access. Users should follow each stage in order,…
Insight Partners Confirms Data Breach Exposing Users’ Personal Data
Insight Partners, a global venture capital and private equity firm, has officially confirmed a significant data breach that exposed personal information of individuals connected to the company. The breach notification reveals sophisticated attack methods and a months-long timeline that has…
Splunk Publishes Guide to Spot Remote Work Fraud in Organizations
Splunk today unveiled a comprehensive guide designed to empower security teams to detect Remote Employment Fraud (REF) during the critical onboarding phase—when imposters have already passed through HR vetting and background checks and gained network access. Building on the inaugural…
Hackers Target Facebook Accounts in Latest Phishing Attack
A newly discovered phishing campaign is exploiting Facebook’s external URL warning feature to dupe users into handing over their login credentials. By abusing Facebook’s “You’re about to leave Facebook” redirect mechanism, attackers can conceal malicious URLs behind the social media…
PureVPN Vulnerability Reveals IPv6 Address While Reconnecting to Wi-Fi
A critical security vulnerability has been discovered in PureVPN’s Linux clients that exposes users’ real IPv6 addresses during network reconnections, undermining the privacy protections that users expect from their VPN service. The vulnerability affects both the graphical user interface (GUI…
Russian CopyCop Network Expands: 200+ Fake News Sites Target US, Canada, and France
The Russian covert influence network known as CopyCop has significantly expanded its disinformation operations, creating over 200 new fake websites since March 2025 to target audiences in the United States, France, and Canada. Digital fingerprint over the Russian flag symbolizing…
Warlock Ransomware Deployed via Compromised GOLD SALEM Networks and Bypassed Security Solutions
Counter Threat Unit™ (CTU) researchers are tracking a sophisticated threat actor known as Warlock Group, which CTU designates as GOLD SALEM. Since March 2025, the group has compromised enterprise networks and bypassed security solutions to deploy its custom Warlock ransomware.…
Critical WatchGuard Vulnerability Lets Unauthenticated Attackers Run Arbitrary Code
WatchGuard released an advisory detailing a critical vulnerability in its Firebox line of network security appliances. Tracked as CVE-2025-9242, the flaw resides in the iked component of WatchGuard’s Fireware OS. An out-of-bounds write in the IKEv2 handling routine can allow…
TP-Link Router Zero-Day Lets Attackers Execute Code by Bypassing ASLR
Researchers have uncovered a zero-day vulnerability in TP-Link routers that allows attackers to bypass Address Space Layout Randomization (ASLR) and execute arbitrary code remotely. Tracked as CVE-2025-9961, this flaw resides in the CWMP (TR-069) binary and can be triggered through…
Researchers Expose Hidden Alliances Between Ransomware Groups
In the rapidly evolving cyber threat landscape, understanding the true nature of ransomware operations has become increasingly complex. Gone are the days when security teams could treat each ransomware family as a discrete, unified entity. The “post-Conti era” has ushered…
Windows Greenshot Vulnerability Lets Attackers Execute Malicious Code – PoC Published
A critical security vulnerability in the popular Greenshot screenshot utility has been discovered that allows local attackers to execute arbitrary malicious code within the trusted application process. The vulnerability, tracked as CVE-2025-59050, affects Greenshot versions up to 1.3.300 and has been…
Malicious Typosquatted PyPI Packages Spreading SilentSync RAT
On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages—sisaws and secmeasure—that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers. Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a…
Raven Stealer Targets Google Chrome Users to Exfiltrate Sensitive Data
Raven Stealer, a sophisticated information-stealing malware that has been wreaking havoc on users’ sensitive data. This contemporary malware represents a concerning evolution in credential theft technology, combining advanced evasion techniques with streamlined data exfiltration capabilities. Raven Stealer stands out as…
Hackers Abuse RTL/LTR Text Tricks and Browser Flaws to Mask Malicious Links
Cybersecurity researchers at Varonis Threat Labs have uncovered a persistent vulnerability that has remained unaddressed for over a decade, allowing attackers to exploit browser handling of Right-to-Left (RTL) and Left-to-Right (LTR) text scripts to create deceptive URLs. This technique, known…
Google Chrome 0-Day Under Active Attack – Update Immediately
Google has released an urgent security update for Chrome browser users worldwide, addressing four critical vulnerabilities, including one zero-day exploit that is currently being actively exploited in the wild. The company is urging all users to update their browsers immediately…
BeaverTail Malware Delivered Through Malicious Repositories Targets Retailers
Tech Note – BeaverTail variant distributed via malicious repositories and ClickFix lure17 September 2025 – Oliver Smith, GitLab Threat Intelligence We have identified infrastructure distributing BeaverTail and InvisibleFerret malware since at least May 2025, operated by North Korean actors tracked…
Microsoft OneDrive Auto-Sync Flaw Leaks Enterprise Secrets from SharePoint Online
A new report from Entro Labs reveals that one in five exposed secrets in large organizations can be traced back to SharePoint. Rather than a flaw in SharePoint itself, the real culprit is a simple convenience feature: OneDrive’s default auto-sync.…
MuddyWater Deploys Custom Multi-Stage Malware Hidden Behind Cloudflare
Since early 2025, cybersecurity analysts have witnessed a marked evolution in the tactics and tooling of MuddyWater, the Iranian state-sponsored Advanced Persistent Threat (APT) group. Historically known for broad Remote Monitoring and Management (RMM) campaigns, MuddyWater has pivoted to highly…
New Magecart Attack Injects Malicious JavaScript to Steal Payment Data
A new Magecart-style campaign has emerged that leverages malicious JavaScript injections to skim payment data from online checkout forms. The threat surfaced after security researcher sdcyberresearch posted a cryptic tweet hinting at an active campaign hosted on cc-analytics[.]com. Subsequent analysis…