Cisco released an advisory describing a high-severity vulnerability (CVE-2025-20160) in its IOS and IOS XE platforms. The flaw stems from improper validation of the TACACS+ shared secret configuration. When TACACS+ is enabled but no secret is set, remote attackers or…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Use AI-Generated Code to Obfuscate Payloads and Bypass Traditional Defenses
A recent credential phishing campaign detected by Microsoft Threat Intelligence used AI-generated code within an SVG file to disguise malicious behavior. While the novel obfuscation techniques showcased attacker ingenuity, AI-powered defenses successfully blocked the attack—underscoring that AI-augmented threats remain detectable…
Hackers Use GitHub Notifications to Impersonate Y Combinator and Steal Wallet Funds
A recent wave of sophisticated phishing attacks has targeted developers and startups by impersonating Y Combinator through GitHub notifications. Victims are being tricked into believing they’ve been selected for startup funding, only to face financial theft via fake verification schemes.…
RedNovember Hackers Targeting Government and Tech Organizations to Install Backdoor
In July 2024, Recorded Future’s Insikt Group publicly exposed TAG-100, a cyber-espionage campaign leveraging the Go-based backdoor Pantegana against high-profile government, intergovernmental and private organizations worldwide. New evidence now attributes TAG-100 to a Chinese state-sponsored threat actor, designated RedNovember. Between…
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information
A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect…
SetupHijack Tool Abuses Race Conditions in Windows Installer to Hijack Setups
Security researchers at Hacker House have released SetupHijack, a proof-of-concept tool that exploits race conditions and insecure file handling in Windows installers and updaters. The utility demonstrates how attackers can hijack privileged setup processes to run malicious payloads with SYSTEM…
Malware Deployment via Copyright Takedown Claims by Threat Actors
Threat actors from the Lone None group are exploiting copyright takedown notices to distribute sophisticated malware, including Pure Logs Stealer and a newly identified information stealer dubbed Lone None Stealer (also known as PXA Stealer). This analysis examines the campaign’s…
Steam Confirms Malware Found in BlockBlasters Game
Steam has officially confirmed that malware was discovered in the popular indie game BlockBlasters. The announcement follows widespread player reports and security scans that flagged unusual activity in the game’s files. This incident raises concerns about game security and digital…
Hackers Deploy Stealthy Malware on WordPress Sites to Gain Admin Access
Attackers have stepped up their tactics by deploying stealthy backdoors disguised as legitimate WordPress components, ensuring persistent administrative access even after other malware is discovered and removed. Their deceptive appearances belied their dangerous functions: one impersonated a plugin, the other…
Hackers Exploit Hikvision Camera Flaw to Steal Sensitive Data
Security researchers have observed renewed exploit campaigns targeting an eight-year-old backdoor in Hikvision cameras to harvest configuration files, user lists, and snapshots. Attackers automate scans across IP ranges, appending a base64-encoded “auth” parameter to management URLs. When decoded, the string…
LNK Malware Leverages Legit Windows Files to Slip Past Defenses
In a recently observed campaign emerging from Israel, threat actors have revived the use of Windows shortcut (.LNK) files to deliver a potent Remote Access Trojan (RAT). These seemingly innocuous shortcut files exploit Living-off-the-Land Binaries (LOLBins) such as odbcconf.exe to…
BRICKSTORM Backdoor Hits Tech and Legal Firms with Stealthy New Campaign
Persistent, stealthy, and cross-platform, the BRICKSTORM backdoor has emerged as a significant threat to U.S. technology and legal organizations. Tracked by Google Threat Intelligence Group (GTIG) and investigated by Mandiant Consulting, BRICKSTORM campaigns have maintained undetected access for an average…
COLDRIVER APT Group Uses ClickFix to Deliver New PowerShell-Based Backdoor BAITSWITCH
Russia-linked threat actors continue targeting civil society with sophisticated social engineering campaigns and lightweight malware tools in September 2025. The campaign delivers two previously undocumented malware families: a downloader dubbed BAITSWITCH and a PowerShell-based backdoor named SIMPLEFIX. COLDRIVER, also tracked as Star Blizzard,…
Linux Kernel ksmbd Flaw Lets Remote Attackers Execute Arbitrary Code
A critical vulnerability in the Linux Kernel’s ksmbd file sharing component allows remote attackers to execute code with kernel privileges. Tracked as CVE-2025-38561, this flaw affects Linux distributions that include the ksmbd SMB server implementation. Authentication is required, but a…
NVIDIA Merlin Flaw Enables Remote Code Execution with Root Access
A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library allows attackers to achieve remote code execution with root privileges. Discovered by the Trend Micro Zero Day Initiative (ZDI) Threat Hunting Team, the flaw stems from unsafe deserialization in the model checkpoint…
Cisco IOS 0-Day RCE Vulnerability Actively Targeted
Cisco has disclosed a critical zero-day vulnerability in its IOS and IOS XE software that is being actively exploited by threat actors in real-world attacks. The flaw, tracked as CVE-2025-20352, affects the Simple Network Management Protocol (SNMP) subsystem and allows both…
Multiple Apps on Google’s Firebase Platform Exposing Sensitive Data
A comprehensive security analysis has revealed a widespread vulnerability affecting Firebase-powered mobile applications, with over 150 popular apps inadvertently exposing sensitive user data through misconfigured Google Firebase services. The scope of this security crisis dwarfs previous incidents, potentially affecting thousands…
UK Police Arrest Suspect Tied to Ransomware Attack on European Airports
A person in his forties has been arrested in connection with a cyber-attack that caused days of disruption at several major European airports, including London Heathrow. The National Crime Agency (NCA) confirmed that officers detained the man on Tuesday evening…
Attackers Bypass EDR by Using In-Memory PE Loaders Delivered via Malicious Downloads
Security researchers have discovered a wave of attacks that use in-memory PE loaders to slip past endpoint detection and response (EDR) systems. In these incidents, threat actors deliver a small downloader to victims via malicious links or attachments. Once executed, the downloader…
Attackers Use Domain Fronting to Tunnel Malicious Traffic via Google Meet, YouTube and Chrome Update Servers
Attackers have discovered a way to exploit Google’s core services, Google Meet, YouTube, Chrome update servers and more using a technique called domain fronting. By making their malicious traffic appear as legitimate connections to high-trust domains, adversaries can tunnel data…