The Chinese Advanced Persistent Threat (APT) group known as Lotus Blossom, also referred to as Billbug, Thrip, or Spring Dragon, has intensified its cyber-espionage operations by employing advanced techniques, including the use of Windows Management Instrumentation (WMI) for lateral movement…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
CISA Warns of RESURGE Malware Exploiting Ivanti Connect Secure RCE Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a detailed Malware Analysis Report (MAR-25993211-r1.v1) on the RESURGE malware, which exploits the Remote Code Execution (RCE) vulnerability CVE-2025-0282 in Ivanti Connect Secure devices. This vulnerability has been leveraged by threat…
Water Gamayun Hackers Exploit MSC EvilTwin Zero-day Vulnerability to Hack Windows Machine
Water Gamayun, a suspected Russian threat actor, has been identified exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) to compromise Windows systems. This vulnerability, embedded in the Microsoft Management Console (MSC) framework, allows attackers to execute malicious code remotely, exfiltrate sensitive…
Apache Tomcat Vulnerability Exploited to Execute Malicious Arbitrary Code on Servers
A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-24813, is being actively exploited in Apache Tomcat servers. Critical RCE Flaw in Apache Tomcat The flaw allows attackers to upload malicious files via unauthenticated HTTP PUT requests, followed by a…
New Android Malware “TsarBot” Targeting 750 Banking, Finance & Crypto Apps
A newly identified Android malware, dubbed TsarBot, has emerged as a potent cyber threat targeting over 750 applications across banking, finance, cryptocurrency, and e-commerce sectors. Discovered by Cyble Research and Intelligence Labs (CRIL), this banking Trojan employs sophisticated overlay attacks…
Canon Printer Vulnerability Allows Attackers to Execute Arbitrary Code
A security vulnerability, tracked as CVE-2025-1268, has been found in certain Canon printer drivers, potentially allowing attackers to execute arbitrary code. The flaw, categorized as an out-of-bounds vulnerability, affects printer drivers for office multifunction printers, small office printers, production printers, and laser…
ClickFix Captcha – A New Technique Hackers Used to Deliver Infostealers, Ransomware, & Quakbot Malware
Cybercriminals are leveraging fake CAPTCHA verification pages dubbed ClickFix to distribute malware, including infostealers, ransomware, and the notorious Qakbot banking trojan. This technique manipulates users into executing malicious commands disguised as routine “verify you are human” prompts. The attack begins…
Mitel Alerts Users to Severe XSS Vulnerability in MiContact Center
Mitel has issued a security advisory (MISA-2025-0003) to notify users of its MiContact Center Business software about a high-severity reflected cross-site scripting (XSS) vulnerability. The vulnerability, identified in its Legacy Chat component, poses significant risks, allowing attackers to execute malicious…
Multiple Dell Unity Vulnerabilities Allow Attackers to Compromise Systems
Dell Technologies has released a security advisory detailing multiple critical vulnerabilities in its Dell Unity storage systems and related software. These vulnerabilities, if exploited, could allow attackers to gain unauthorized access, execute arbitrary commands, or even compromise the affected systems…
U.S. DOJ Seizes $8.2 Million from Hackers Linked to Pig Butchering Scam
The U.S. Department of Justice has successfully seized over $8.2 million in cryptocurrency tied to an elaborate “pig butchering” fraud operation that victimized dozens of Americans. On February 27, 2025, the U.S. Attorney’s Office for the Northern District of Ohio…
New Ubuntu Linux Vulnerabilities Let Attackers Exploit Kernel Components
A new set of security vulnerabilities discovered in Ubuntu Linux has raised concerns about kernel exploitation risks. Researchers at the Qualys Threat Research Unit (TRU) have uncovered three critical bypasses affecting Ubuntu’s unprivileged user namespace restrictions, potentially allowing attackers to…
“Crocodilus” A New Malware Targeting Android Devices for Full Takeover
Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial institutions and cryptocurrency platforms. The malware employs advanced techniques like remote device control, stealthy overlays, and social engineering to steal sensitive data, marking a significant escalation…
Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor
Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group, targeting Ukrainian users with malicious LNK files to deliver the Remcos backdoor. Active since at least November 2024, this campaign employs spear-phishing tactics, leveraging themes related…
Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands
Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed “Morphing Meerkat,” that leverages DNS mail exchange (MX) records to dynamically serve tailored phishing pages mimicking over 100 brands. The platform, which has been operational since at least January 2020,…
PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel
PJobRAT, an Android Remote Access Trojan (RAT) first identified in 2019, has resurfaced in a new campaign targeting users in Taiwan. Initially, PJobRAT was known for targeting Indian military personnel by disguising itself as dating and instant messaging apps. The…
New Python-Based Discord RAT Targets Users to Steal Login Credentials
A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community due to its innovative use of Discord’s API as a Command and Control (C2) server. This Python-based malware exploits Discord’s extensive user base to execute commands,…
SHELBY Malware Steals Data by Abusing GitHub as Command-and-Control Server
Elastic Security Labs has uncovered a sophisticated malware campaign, dubbed REF8685, targeting the Iraqi telecommunications sector. The campaign utilizes a novel malware family called SHELBY, which abuses GitHub for command-and-control (C2) operations, data exfiltration, and command retrieval. Novel Malware Family…
Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
In a complex cyber operation discovered by Silent Push Threat Analysts, Russian hackers have launched a multi-pronged phishing campaign impersonating various organizations, including the CIA, to gather intelligence on individuals sympathetic to Ukraine’s defense efforts. The campaign, believed to be…
46 New Vulnerabilities in Solar Inverter Systems Allow Attackers to Tamper with Settings
Forescout Vedere Labs has uncovered 46 new vulnerabilities in solar power systems, primarily affecting inverters from three leading manufacturers Sungrow, Growatt, and SMA. These flaws, if exploited, could enable attackers to manipulate inverter settings, disrupt power grids, and compromise user…
DeBackdoor: A Framework for Detecting Backdoor Attacks in Deep Learning Models
Deep learning models, increasingly integral to safety-critical systems like self-driving cars and medical devices, are vulnerable to stealthy backdoor attacks. These attacks involve injecting hidden triggers into models, causing them to misbehave when triggered. Researchers from the Qatar Computing Research…