In a recent cybersecurity incident, the Akira ransomware group demonstrated its evolving tactics by exploiting an unsecured webcam to bypass Endpoint Detection and Response (EDR) tools. This novel approach highlights the group’s ability to adapt and evade traditional security measures,…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Fake Tax Claims Scam Stealing Over $10,000 from Victims
Tax season has become a breeding ground for sophisticated AI-powered scams, with nearly half of Americans reporting fraudulent IRS-related communications, according to McAfee’s 2025 survey. Cybercriminals are leveraging deepfake audio, phishing emails, and spoofed websites to steal identities and funds,…
Tails 6.13 Linux Distro Released with Enhanced Wi-Fi Hardware Detection
The Tails Project has launched Tails 6.13, the latest version of its privacy-centric Linux distribution, introducing improved Wi-Fi troubleshooting tools, updated anonymity software, and fixes for persistent storage and installation workflows. Targeted at users prioritizing security and anonymity, this release…
Critical DrayTek Router Vulnerabilities Expose Devices to RCE Attacks
A recent security analysis of Draytek Vigor routers has uncovered severe vulnerabilities that could allow attackers to hijack devices, execute arbitrary code, and bypass critical security controls. These findings, disclosed by researchers at DEFCON 32 HHV and Ekoparty 2024, highlight…
YouTube Alerts Creators About Phishing Emails Targeting Login Credentials
YouTube has issued a critical security advisory following a widespread phishing campaign exploiting private video sharing to distribute AI-generated deepfakes of CEO Neal Mohan. The fraudulent videos falsely claim changes to the platform’s monetization policies, urging creators to click malicious…
Multiple Jenkins Vulnerabilities Allow Attackers to Expose Secrets
Jenkins, the widely-used open-source automation server, issued a high-priority security advisory on March 5, 2025, disclosing four medium-severity vulnerabilities affecting its core platform. The flaws—tracked as CVE-2025-27622 through CVE-2025-27625—impact secrets management, cross-site request forgery (CSRF) protections, and URL validation. Immediate…
Researchers Jailbreak 17 Popular LLM Models to Reveal Sensitive Data
In a recent study published by Palo Alto Networks’ Threat Research Center, researchers successfully jailbroke 17 popular generative AI (GenAI) web products, exposing vulnerabilities in their safety measures. The investigation aimed to assess the effectiveness of jailbreaking techniques in bypassing…
Phantom Goblin Uses Social Engineering Tactics to Deploy Stealer Malware
A sophisticated malware operation, dubbed “Phantom Goblin,” has been identified by cybersecurity researchers, highlighting the increasing use of social engineering tactics to deploy information-stealing malware. This operation leverages deceptive techniques to trick users into executing malicious files, leading to unauthorized…
AMD Microcode Vulnerability Allows Attackers to Load Malicious Patches
A critical vulnerability in AMD’s Zen 1 through Zen 4 processors allows attackers to bypass microcode signature validation, potentially undermining hardware-based security mechanisms. The flaw stems from AMD’s use of AES-CMAC as a hash function during microcode patch verification –…
Microsoft Introduces 365 E5 Security Add-On for Business Premium Customers
Microsoft has launched Microsoft 365 E5 Security as an add-on to its Business Premium suite, providing small and medium-sized businesses (SMBs) with advanced tools to combat escalating cyber threats. The offering integrates enterprise-grade security features at a 57% cost savings…
GitHub Explains How Security Professionals Can Use Copilot for Log Analysis
GitHub Copilot, once a developer-centric tool, is now revolutionizing workflows across technical and non-technical roles. With features like Agent Mode, CLI integration, and Project Padawan, Copilot is emerging as a universal productivity enhancer. This article explores three key developments reshaping…
Peaklight Malware Targets Users to Steal Credentials, Browser History, and Financial Data
Peaklight malware has emerged as a significant threat, designed to steal sensitive information from compromised endpoints. This information stealer is often distributed through underground channels and is sometimes offered as a Malware-as-a-Service (MaaS), making it a continuously evolving and potent…
Medusa Ransomware Attacks Surge 42% with Advanced Tools & Tactics
Medusa ransomware attacks have seen a significant increase, rising by 42% between 2023 and 2024, with a further escalation in early 2025. This surge is attributed to the group Spearwing, which operates Medusa as a ransomware-as-a-service (RaaS) model. Spearwing and…
Activating Incognito Mode in RDP to Erase All Traces
The Remote Desktop Protocol (RDP) is a widely used tool for remote access, but it often leaves behind traces of user activity, which can be a concern for privacy and security. Recently, the use of the “/public” command-line option in…
FBI Warns: Threat Actors Impersonating BianLian Group to Target Corporate Executives
The Federal Bureau of Investigation (FBI) issued a critical alert through its Internet Crime Complaint Center (IC3) warning of a novel cyber extortion campaign targeting corporate executives. Criminal actors impersonating the notorious BianLian ransomware group are leveraging physical mail to…
Apache Pinot Vulnerability Allows Remote Attackers to Bypass Authentication
A critical security flaw (CVE-2024-56325) in Apache Pinot, a real-time distributed OLAP datastore, has been disclosed, allowing unauthenticated attackers to bypass authentication controls and gain unauthorized access to sensitive systems. Rated 9.8 on the CVSS scale, this vulnerability exposes organizations…
Implementing Identity First Security for Zero Trust Architectures
Zero Trust is a security framework that operates under the assumption that no implicit trust exists within a network. Every request for access must be verified, regardless of whether it comes from within or outside the organization. Identity First Security…
Identifying Cyber Attack Patterns Through Threat Actor Infrastructure Analysis
Kudelski Security Research recently published an article detailing advanced methods for tracking and analyzing threat actor infrastructure, providing valuable insights into cyber attack patterns and attribution techniques. Decoding Threat Actor Infrastructure: A Case Study The research team demonstrated their approach…
Cybercriminals Exploit Compromised Email Servers for Fraudulent Campaigns
Trend Micro’s Managed XDR team has recently investigated a sophisticated Business Email Compromise (BEC) attack that targeted multiple business partners. The incident, which occurred over several days, involved the exploitation of a compromised email server to orchestrate a complex fraud…
Hackers Deploy Advanced Social Engineering Tactics in Phishing Attacks
Cybercriminals are evolving their phishing methods, employing more sophisticated social engineering tactics to deceive their targets. Recent findings from ESET’s APT Activity Report highlight a concerning trend where threat actors are establishing relationships with potential victims before deploying malicious content.…