Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools—BeaverTail and OtterCookie—to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed…
CISA Alerts on Actively Exploited Windows Improper Access Control Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding an actively exploited vulnerability in Microsoft Windows. The flaw resides in the Windows Remote Access Connection Manager component, which handles remote network connections. By exploiting this weakness,…
Qilin Ransomware Leverages Ghost Bulletproof Hosting for Global Attacks
Qilin ransomware–an increasingly prolific ransomware-as-a-service (RaaS) operation–has intensified its global extortion campaigns by exploiting a covert network of bulletproof hosting (BPH) providers. These rogue hosting services, often headquartered in secrecy-friendly jurisdictions and operated through labyrinthine shell-company structures, allow Qilin’s operators…
Mysterious Elephant APT Breach: Hackers Infiltrate Organization to Steal Sensitive Data
In a recently uncovered campaign, the Mysterious Elephant advanced persistent threat (APT) group has executed a sophisticated series of intrusions against government and foreign policy agencies across the Asia-Pacific region. The latest operations, active since early 2025, rely on custom-built…
Capita Fined £14 Million After Data Breach Exposes 6.6 Million Users
The UK’s Information Commissioner’s Office has imposed a £14 million penalty on Capita following a major cyber attack in March 2023 that exposed the personal information of 6.6 million people. The fine was split between Capita plc, which received £8…
Critical Samba Flaw Allows Remote Attackers to Execute Arbitrary Code
A newly disclosed vulnerability in Samba’s WINS server hook script enables unauthenticated attackers to run arbitrary commands on affected domain controllers. This critical flaw, tracked as CVE-2025-10230, carries a maximum CVSSv3.1 score of 10.0, reflecting its ease of exploitation and…
Critical Apache ActiveMQ Let Attackers Execute Arbitrary Code
An important security flaw in Apache ActiveMQ’s .NET client library has put developers at risk of remote code execution. The vulnerability, tracked as CVE-2025-54539, exists in the Apache ActiveMQ NMS AMQP Client and can be triggered when the client connects…
CISA Alerts on Adobe Experience Manager Flaw Exploited for Code Execution
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager Forms vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in the wild. The security issue, tracked as CVE-2025-54253, affects…
Windows BitLocker Flaws Allow Attackers to Bypass Encryption Protection
Two newly disclosed vulnerabilities in Microsoft’s BitLocker drive encryption feature could allow attackers to bypass encryption safeguards on Windows systems. Tracked as CVE-2025-55333 and CVE-2025-55338, these flaws involve incomplete comparison logic and configuration weaknesses that may let a local, low-privileged…
New Phishing Technique Targets Users via Basic Auth URLs
Netcraft recently uncovered a suspicious URL targeting GMO Aozora Bank, a Japanese financial institution. The URL leveraged a legacy web technique—Basic Authentication URL formatting—to visually impersonate the bank and deceive customers. This discovery prompted a broader review of phishing activity…
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified as Katz Stealer Loader for its role in deploying the Katz…
Malicious Ivanti VPN Client Sites in Google Search Deliver Malware — Users Warned
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign that exploits search engine optimization (SEO) poisoning to distribute a trojanized version of the Ivanti Pulse Secure VPN client, targeting unsuspecting users seeking legitimate software downloads. The Zscaler Threat Hunting…
NightMARE: A Python Library for Advanced Malware Analysis and Threat Intelligence Extraction
Elastic Security Labs has officially released nightMARE version 0.16, a comprehensive Python library designed to streamline malware analysis and reverse engineering workflows. The open-source tool consolidates multiple analysis capabilities into a single framework, enabling security researchers to extract configuration data…
Cisco SNMP Vulnerability Actively Exploited to Install Linux Rootkits
Cybersecurity researchers at Trend Micro have discovered an active attack campaign dubbed “Operation Zero Disco” that exploits a critical vulnerability in Cisco’s Simple Network Management Protocol (SNMP) implementation. The vulnerability, tracked as CVE-2025-20352, allows threat actors to execute remote code…
Microsoft’s October 2025 Patches Disrupt Active Directory Sync on Server 2025 Systems
Microsoft has confirmed a critical issue affecting Windows Server 2025 systems following the installation of October 2025 security updates. The problem disrupts Active Directory directory synchronization, specifically impacting organizations managing large security groups with more than 10,000 members. Directory Sync…
New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely
Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed “Maverick.” The threat has already blocked over 62,000 infection attempts in Brazil during the first 10 days of October alone,…
Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates
Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the cybercriminals had used to sign fake Microsoft Teams installation files, which…
Hackers Breach F5 and Stole BIG-IP Source Code and Undisclosed Vulnerability Data
F5 Networks confirmed that a sophisticated nation-state threat actor infiltrated its systems, exfiltrating proprietary BIG-IP source code and confidential vulnerability information. The incident, which began in August 2025, targeted F5’s product development and engineering knowledge platforms, prompting an immediate response…
BlackSuit Ransomware Breaches Corporate Network Using Single Compromised VPN Credential
A major manufacturing company fell victim to a swift and devastating ransomware attack after threat actors gained access using just one set of stolen VPN credentials. The attack, carried out by the cybercrime group Ignoble Scorpius, culminated in widespread encryption…