A network of suspected North Korean IT workers is using GitHub to create and backstop fake personas, aiming to infiltrate companies globally, particularly in Japan and the United States. DPRK-Linked Network Targets Companies in Japan and US Cybersecurity firm Nisos…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Operation Sea Elephant Targets Organizations to Steal Research Data
A sophisticated Advanced Persistent Threat (APT) group, known as CNC, has been conducting a cyber espionage campaign dubbed “Operation Sea Elephant” targeting scientific research institutions and universities in South Asia. The operation, which aims to steal research data related to…
Beware! Fake CAPTCHA Hidden LummaStealer Threat Installing Silently
Cybersecurity researchers at G DATA have uncovered a sophisticated malware campaign utilizing fake booking websites to deliver the LummaStealer malware through deceptive CAPTCHA prompts. This new attack vector, discovered in January 2025, marks a significant shift in LummaStealer’s distribution methods,…
Over 10,000 WordPress Sites Exposed by Donation Plugin Code Execution Vulnerability
A critical security flaw in the widely used GiveWP – Donation Plugin and Fundraising Platform has left over 10,000 WordPress websites vulnerable to remote code execution attacks since March 3, 2025. Tracked as CVE-2025-0912, the vulnerability allows unauthenticated attackers to hijack sites by…
Cybercriminals Impersonate Electronic Frontier Foundation to Target Gaming Community
A sophisticated phishing campaign targeting the Albion Online gaming community has been uncovered, revealing a complex operation involving impersonation of the Electronic Frontier Foundation (EFF) and deployment of advanced malware. The campaign, discovered on March 4, 2025, showcases the evolving…
U.S. Cracks Down on Nemesis Darknet Admin with New Treasury Sanctions
The U.S. Department of the Treasury has intensified its global campaign against darknet-facilitated drug trafficking by sanctioning Behrouz Parsarad, the Iran-based administrator of the notorious Nemesis Marketplace. The move, announced on March 5, 2025, follows a 2024 international law enforcement…
Telegram EvilVideo Vulnerability Exploited to Run Malicious Code on Victims’ Devices
A newly documented exploitation technique targeting Telegram’s file-sharing infrastructure has raised alarms in cybersecurity circles. Dubbed “EvilVideo,” this attack vector leverages a vulnerability (CVE-2024-7014) in how Telegram processes multimedia content, enabling attackers to disguise malicious HTML files as video files.…
Vim Vulnerability (CVE-2025-27423) Allows Code Execution via Malicious TAR Archives
A high-severity security flaw in the widely used Vim text editor allows attackers to execute arbitrary code on vulnerable systems by tricking users into opening specially crafted TAR archives. Tracked as CVE-2025-27423, this vulnerability has prompted urgent patching efforts and warnings…
Zoho ADSelfService Plus Flaw Allows Hackers to Gain Unauthorized Access
A critical security flaw in Zoho’s widely used identity management solution, ADSelfService Plus, has been patched after researchers discovered it could enable attackers to hijack user sessions and compromise sensitive enrollment data. Tracked as CVE-2025-1723, the high-severity vulnerability underscores the risks…
PoC Released for HPE Remote Support Tool Vulnerability Allowing Remote Code Execution
Security researchers have released proof-of-concept (PoC) exploit code for critical vulnerabilities in Hewlett Packard Enterprise’s (HPE) Insight Remote Support (IRS) tool, including an unauthenticated XML External Entity (XXE) injection flaw (CVE-2024-53675) and a path traversal-based remote code execution (RCE) vulnerability (CVE-2024-53676). These flaws affect…
NVIDIA Issues Warning About Severe Security Flaws Enabling Code Attacks
NVIDIA has issued an urgent security bulletin urging customers using its Hopper HGX 8-GPU High-Performance Computing (HMC) systems to immediately install firmware updates addressing two critical vulnerabilities. Released on February 28, 2025, the patches target flaws that could allow attackers to execute…
Windows KDC Proxy RCE Vulnerability Allows Remote Server Takeover
A recently patched remote code execution (RCE) vulnerability in Microsoft Windows’ Key Distribution Center (KDC) Proxy implementation allows unauthenticated attackers to take control of vulnerable servers through manipulated Kerberos authentication traffic. Designated CVE-2024-43639 and rated 9.8 CVSS, this critical flaw stems from…
Chrome 134 Launches with Patches for 14 Crash-Inducing Vulnerabilities
Google has rolled out Chrome 134 to the stable channel for Windows, macOS, and Linux, addressing 14 security vulnerabilities—including high-severity flaws that could enable remote code execution or crashes. The update, version 134.0.6998.35 for Linux, 134.0.6998.35/36 for Windows, and 134.0.6998.44/45 for…
Pathfinder AI – Hunters Announces New AI Capabilities for Smarter SOC Automation
Pathfinder AI expands Hunters’ vision for AI-driven SOCs, introducing Agentic AI for autonomous investigation and response. Hunters, the leader in next-generation SIEM, today announced Pathfinder AI, a major step toward a more AI-driven SOC. Building on Copilot AI, which is…
LLMjacking – Hackers Abuse GenAI With AWS NHIs to Hijack Cloud LLMs
In a concerning development, cybercriminals are increasingly targeting cloud-based generative AI (GenAI) services in a new attack vector dubbed “LLMjacking.” These attacks exploit non-human identities (NHIs) machine accounts and API keys to hijack access to large language models (LLMs) hosted…
Google Secretly Tracks Android Devices Even Without User-Opened Apps
A recent technical study conducted by researchers at Trinity College Dublin has revealed that Google collects and stores extensive user data on Android devices, even when pre-installed Google apps are never opened. The findings indicate that cookies, device identifiers, and…
GrassCall Malware Targets Job Seekers to Steal Login Credentials
A newly identified cyberattack campaign, dubbed GrassCall, is targeting job seekers in the cryptocurrency and Web3 sectors through fake job interviews. Attributed to the Russian-speaking cybercriminal group “Crazy Evil,” the campaign uses fraudulent job postings on platforms like LinkedIn, WellFound,…
Researchers Unveil APT28’s Advanced HTA Trojan Obfuscation Tactics
Security researchers have uncovered sophisticated obfuscation techniques employed by APT28, a Russian-linked advanced persistent threat (APT) group, in their HTA (HTML Application) Trojan. The analysis, part of an ongoing investigation into APT28’s cyber espionage campaigns targeting Central Asia and Kazakhstan,…
Microsoft Removing DES Encryption from Windows 11 24H2 and Windows Server 2025″
Microsoft has announced the removal of the Data Encryption Standard (DES) encryption algorithm from Kerberos in Windows 11 version 24H2 and Windows Server 2025. This change, set to take effect with updates released on or after September 9, 2025, aims…
Hackers Exploiting Business Relationships to Attack Arab Emirates Aviation Sector
A sophisticated cyber espionage campaign targeting the aviation and satellite communications sectors in the United Arab Emirates has been uncovered by Proofpoint researchers. The operation, attributed to a threat cluster dubbed “UNK_CraftyCamel,” demonstrates advanced techniques, including leveraging trusted business relationships…