A recent technical study conducted by researchers at Trinity College Dublin has revealed that Google collects and stores extensive user data on Android devices, even when pre-installed Google apps are never opened. The findings indicate that cookies, device identifiers, and…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
GrassCall Malware Targets Job Seekers to Steal Login Credentials
A newly identified cyberattack campaign, dubbed GrassCall, is targeting job seekers in the cryptocurrency and Web3 sectors through fake job interviews. Attributed to the Russian-speaking cybercriminal group “Crazy Evil,” the campaign uses fraudulent job postings on platforms like LinkedIn, WellFound,…
Researchers Unveil APT28’s Advanced HTA Trojan Obfuscation Tactics
Security researchers have uncovered sophisticated obfuscation techniques employed by APT28, a Russian-linked advanced persistent threat (APT) group, in their HTA (HTML Application) Trojan. The analysis, part of an ongoing investigation into APT28’s cyber espionage campaigns targeting Central Asia and Kazakhstan,…
Microsoft Removing DES Encryption from Windows 11 24H2 and Windows Server 2025″
Microsoft has announced the removal of the Data Encryption Standard (DES) encryption algorithm from Kerberos in Windows 11 version 24H2 and Windows Server 2025. This change, set to take effect with updates released on or after September 9, 2025, aims…
Hackers Exploiting Business Relationships to Attack Arab Emirates Aviation Sector
A sophisticated cyber espionage campaign targeting the aviation and satellite communications sectors in the United Arab Emirates has been uncovered by Proofpoint researchers. The operation, attributed to a threat cluster dubbed “UNK_CraftyCamel,” demonstrates advanced techniques, including leveraging trusted business relationships…
Microsoft Strengthens Trust Boundary for VBS Enclaves
Microsoft has introduced a series of technical recommendations to bolster the security of Virtualization-Based Security (VBS) enclaves, a key component of trusted execution environments (TEE). VBS enclaves leverage the hypervisor’s Virtual Trust Levels (VTLs) to isolate sensitive memory and code…
Hunters International Claims Tata Technologies Cyberattack
Multinational engineering and technology services firm Tata Technologies has reportedly fallen victim to a significant cyberattack claimed by the ransomware group Hunters International. According to recent social media reports, the breach allegedly resulted in the theft of 1.4 terabytes of…
Google, Meta, and Apple Power the World’s Biggest Surveillance System
Imagine a government that tracks your daily movements, monitors your communications, and catalogs your digital habits. While this conjures images of authoritarian regimes, a parallel reality exists in the United States, where law enforcement agencies leverage the vast data reservoirs…
Authorities Seize $31 Million Linked to Crypto Exchange Hack
U.S. authorities announced the seizure of $31 million tied to the 2021 Uranium Finance decentralized finance (DeFi) exploits. The coordinated effort between the U.S. Attorney’s Office for the Southern District of New York (SDNY) and Homeland Security Investigations (HSI) San…
Docusnap for Windows Flaw Exposes Sensitive Data to Attackers
A recently disclosed vulnerability in Docusnap’s Windows client software (CVE-2025-26849) enables attackers to decrypt sensitive system inventory files through a hardcoded encryption key, exposing critical network information to potential exploitation. Cybersecurity researchers at RedTeam Pentesting GmbH revealed that inventory files…
CISA Warns of Active Exploitation of Microsoft Windows Win32k Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2018-8639, a decade-old Microsoft Windows privilege escalation flaw, to its Known Exploited Vulnerabilities (KEV) catalog amid confirmed active attacks. First patched by Microsoft in December 2018, this Win32k kernel-mode driver vulnerability…
Update Alert: Google Warns of Critical Android Vulnerabilities Under Exploit
Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation. These flaws, impacting Android versions 12 through 15, underscore escalating risks for billions of devices. The bulletin mandates the immediate installation of the…
BigAnt Server 0-Day Vulnerability Lets Attackers Run Malicious Code Remotely
A critical vulnerability in BigAntSoft’s enterprise chat server software has exposed ~50 internet-facing systems to unauthenticated remote code execution attacks. Designated CVE-2025-0364, this exploit chain enables attackers to bypass authentication protocols, create administrative accounts, and execute malicious PHP code on vulnerable…
Bubba AI, Inc. is Launching Comp AI to Help 100,000 Startups Get SOC 2 Compliant by 2032.
With the growing importance of security compliance for startups, more companies are seeking to achieve and maintain compliance with frameworks like SOC 2, ISO 27001 & GDPR. Bubba AI, Inc. is building a comprehensive solution for these organizations to easily…
Progress WhatsUp Gold Path Traversal Vulnerability Exposes Systems to Remote code Execution
A newly disclosed path traversal vulnerability (CVE-2024-4885) in Progress Software’s WhatsUp Gold network monitoring solution has raised alarms across the cybersecurity community. Rated as critical, this flaw enables unauthenticated attackers to execute arbitrary code on affected systems by exploiting improper…
IBM Storage Virtualize Flaws Allow Remote Code Execution
Two critical security flaws in IBM Storage Virtualize products could enable attackers to bypass authentication protections and execute malicious code on enterprise storage systems, according to a security bulletin issued by the company. Tracked as CVE-2025-0159 and CVE-2025-0160, these vulnerabilities…
CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March 3, 2025, about actively exploiting a critical command injection vulnerability (CVE-2023-20118) affecting end-of-life Cisco Small Business RV Series Routers. The flaw, which carries a CVSSv3.1 score…
Routers Under Attack as Scanning Attacks on IoT and Networks Surge to Record Highs
In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT) devices and network routers has surged dramatically, reaching unprecedented levels. According to recent data from F5 Labs, the total number of scanning events increased by 91%…
33.3 Million Cyber Attacks Targeted Mobile Devices in 2024 as Threats Surge
Kaspersky’s latest report on mobile malware evolution in 2024 reveals a significant increase in cyber threats targeting mobile devices. The security firm’s products blocked a staggering 33.3 million attacks involving malware, adware, or unwanted mobile software throughout the year. Mobile…
Threat Actors Exploiting AES Encryption for Stealthy Payload Protection
Cybersecurity researchers have uncovered a surge in the use of Advanced Encryption Standard (AES) encryption by threat actors to shield malicious payloads from detection. This technique, combined with code virtualization and staged payload delivery, is being employed by malware families…