A sophisticated malware campaign leveraging GitHub repositories disguised as game modifications and cracked software has been uncovered, exposing a dangerous convergence of social engineering tactics and automated credential harvesting. Security researchers identified over 1,100 malicious repositories distributing variants of the Redox…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
260 Domains Hosting 5,000 Malicious PDFs to Steal Credit Card Data
Netskope Threat Labs uncovered a sprawling phishing operation involving 260 domains hosting approximately 5,000 malicious PDF files. These documents, disguised as legitimate resources, employ fake CAPTCHA prompts to redirect victims to phishing sites designed to harvest credit card details and…
DeepSeek Data Leak Exposes 12,000 Hardcoded API Keys and Passwords
A sweeping analysis of the Common Crawl dataset—a cornerstone of training data for large language models (LLMs) like DeepSeek—has uncovered 11,908 live API keys, passwords, and credentials embedded in publicly accessible web pages. The leaked secrets, which authenticate successfully with…
Winos4.0 Malware Targets Windows Users Through Malicious PDF Files
A new wave of cyberattacks leveraging the Winos4.0 malware framework has targeted organizations in Taiwan through malicious PDF attachments disguised as tax inspection alerts, according to a January 2025 threat analysis by FortiGuard Labs. The campaign employs multi-stage payload delivery,…
Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications
The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has been identified leveraging legitimate cloud services like Dropbox, Twitter, and Zimbra for command-and-control (C2) communications in their cyber espionage campaigns. Cisco Talos researchers attribute these sophisticated…
New Malware Uses Legitimate Antivirus Driver to Bypass All System Protections
In a concerning development, cybersecurity researchers at Trellix have uncovered a sophisticated malware campaign that exploits a legitimate antivirus driver to bypass system protections. The malware, identified as “kill-floor.exe,” leverages the Avast Anti-Rootkit driver (aswArPot.sys) to gain kernel-level access, effectively…
DragonForce Attacks Critical Infrastructure to Exfiltrate Data and Halt Operations
The DragonForce ransomware group has launched a significant cyberattack on critical infrastructure in Saudi Arabia, targeting a prominent real estate and construction company in Riyadh. This marks the first time the group has targeted a major enterprise in the Kingdom,…
Threat Actors Attack Job Seekers of Fortune 500 Companies to Steal Personal Details
In Q3 2024, Cofense Intelligence uncovered a targeted spear-phishing campaign aimed at employees working in social media, marketing, and related roles. The attackers impersonated Fortune 500 companies, including Meta, Coca-Cola, and PayPal, to lure victims into applying for fake job…
Unpatched Vulnerabilities Attract Cybercriminals as EDR Visibility Remains Limited
Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency of legitimate businesses, according to the CrowdStrike 2025 Global Threat Report. The report highlights a significant shift in the cyber threat landscape during 2024, with attackers…
Squidoor: Multi-Vector Malware Exploiting Outlook API, DNS & ICMP Tunneling for C2
A newly identified malware, dubbed “Squidoor,” has emerged as a sophisticated threat targeting government, defense, telecommunications, education, and aviation sectors in Southeast Asia and South America. Attributed to a suspected Chinese threat actor under the activity cluster CL-STA-0049, Squidoor employs…
WordPress Admins Warned of Fake Plugins Injecting Malicious Links into Websites
A new wave of cyberattacks targeting WordPress websites has been uncovered, with attackers leveraging fake plugins to inject malicious links into site footers. These links, often promoting casino-related spam, compromise website integrity and can severely impact search engine optimization (SEO).…
New Anubis Ransomware Targets Windows, Linux, NAS, and ESXi x64/x32 Environments
A new ransomware group, dubbed Anubis, has emerged as a significant threat in the cybersecurity landscape. Active since late 2024, Anubis employs advanced techniques and operates across multiple platforms, including Windows, Linux, NAS, and ESXi environments. The group is leveraging…
VS Code Extension with 9 Million Installs Attacks Developers with Malicious Code
Microsoft has removed two widely-used Visual Studio Code (VS Code) extensions, “Material Theme Free” and “Material Theme Icons Free,” from its marketplace after cybersecurity researchers discovered malicious code embedded within them. These extensions, developed by Mattia Astorino (also known as…
Microsoft Defender Leverages Machine Learning to Block Malicious Command Executions
The modern cybersecurity landscape is witnessing an unprecedented surge in sophisticated attack techniques, with adversaries increasingly exploiting legitimate command-line tools to execute malicious actions. To address this evolving threat, Microsoft Defender for Endpoint has enhanced its capabilities to detect and…
RustDoor and Koi Stealer Malware Attack macOS to Steal Login Credentials
A new wave of sophisticated cyberattacks targeting macOS systems has been identified, involving two malware strains, RustDoor and Koi Stealer. These attacks, attributed to North Korea-linked Advanced Persistent Threat (APT) groups, primarily aim at stealing sensitive login credentials and cryptocurrency…
LARVA-208 Hackers Compromise 618 Organizations Stealing Logins and Deploying Ransomware
A newly identified cybercriminal group, LARVA-208, also known as EncryptHub, has successfully infiltrated 618 organizations globally since June 2024, leveraging advanced social engineering techniques to steal credentials and deploy ransomware. According to reports from cybersecurity firms CATALYST and Prodaft, the…
Google’s SafetyCore App Secretly Scans All Photos on Android Devices
Recent revelations about Google’s SafetyCore app have ignited a firestorm of privacy debates, echoing Apple’s recent controversy over photo scanning. The app, silently installed on Android devices via system updates, enables on-device image analysis to detect sensitive content—a feature marketed…
New “nRootTag” Attack Turns 1.5 Billion iPhones into Free Tracking Tools
Security researchers have uncovered a novel Bluetooth tracking vulnerability in Apple’s Find My network – the system powering AirTags and device-finding capabilities across iPhones, iPads, and Macs. Dubbed “nRootTag,” the attack transforms nearly any Bluetooth-enabled computer or smartphone into an…
Authorities Arrested Hacker Behind 90 Major Data Breaches Worldwide
Cybersecurity firm Group-IB, alongside the Royal Thai Police and Singapore Police Force, announced the arrest of a prolific hacker linked to over 90 major data breaches across 25 countries, including 65 attacks in the Asia-Pacific region. The cybercriminal, operating under aliases ALTDOS, DESORDEN,…
Cisco Nexus Vulnerability Allows Attackers to Inject Malicious Commands
Cisco Systems has issued a critical security advisory for a newly disclosed command injection vulnerability affecting its Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode. Tracked as CVE-2025-20161 (CVSSv3 score: 5.1), the flaw enables authenticated attackers with administrative privileges…