A newly identified strain of information-stealing malware, FleshStealer, is making headlines in 2025 due to its advanced evasion techniques and targeted data extraction capabilities. Flashpoint analysts have shed light on its operation, revealing a sophisticated tool that poses significant risk…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Windows 11 24H2 Update Bug: Users Report Disruptions in Web Camera and USB Devices
Windows 11 KB5050009 for version 24H2 has sparked widespread frustrations among users due to a slew of compatibility and functionality issues. Reports indicate that the update, which aims to introduce improvements and security fixes, has instead caused disruptions in Bluetooth…
Vulnerability in Airline Integration Service enables A Hacker to Gain Entry To User Accounts
A recent security vulnerability in a widely used airline integration service has exposed millions of users to account takeovers, raising concerns over the safety of online travel services. Security researchers from Salt Labs discovered the flaw, which enabled hackers to…
TP-Link Router Web Interface XSS Vulnerability – PoC Exploit Released
A recently discovered Cross-site Scripting (XSS) vulnerability, CVE-2024-57514, affecting the TP-Link Archer A20 v3 Router has raised security concerns among users. The flaw CVE-2024-57514, identified in firmware version 1.0.6 Build 20231011 rel.85717(5553), allows attackers to execute arbitrary JavaScript code through the…
PoC Exploit Released for Critical Cacti Vulnerability Let Attackers Code Remotely
A critical vulnerability in the Cacti performance monitoring framework, tracked as CVE-2025-22604, has been disclosed, with a proof-of-concept (PoC) exploit now publicly available. This vulnerability allows authenticated users with device management permissions to execute arbitrary code on the server by…
Hackers Seize Control of 3,000 Companies Through Critical Vulnerabilities
In a groundbreaking cybersecurity investigation, researchers identified several critical vulnerabilities in a target system, eventually gaining control over 3,000 subsidiary companies managed by a parent organization. The exploration leveraged flaws in API configurations, bypassed key security protocols, and exposed sensitive…
Hackers Could Bypassing EDR Using Windows Symbolic Links to Disable Service Executables
A groundbreaking technique for exploiting Windows systems has emerged, combining the “Bring Your Own Vulnerable Driver” (BYOVD) approach with the manipulation of symbolic links. Security researchers have uncovered how this method can bypass Endpoint Detection and Response (EDR) mechanisms and…
TorNet Backdoor Exploits Windows Scheduled Tasks to Deploy Malware
Cisco Talos researchers have identified an ongoing cyber campaign, active since mid-2024, deploying a previously undocumented backdoor known as “TorNet.” This operation, believed to be orchestrated by a financially motivated threat actor, predominantly targets users in Poland and Germany through…
Microsoft Unveils Phishing Attack Protection for Teams Chat
Microsoft has taken a significant step toward enhancing cybersecurity by introducing a new phishing attack protection feature for Microsoft Teams. The feature aims to safeguard users from brand impersonation in chats initiated by external domains, a common tactic used by…
Apple Security Update – Patch for iOS Zero-day, MacOS & More
Apple has responded to a newly discovered zero-day vulnerability affecting its operating systems by releasing an array of security updates to protect users from potential exploitation. The updates span iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and Safari, demonstrating Apple’s commitment…
New Phishing Scam Targets Amazon Prime Membership to Steal Credit Card Data
A recent investigation has uncovered a sophisticated phishing campaign leveraging malicious PDF files to redirect unsuspecting users to fake Amazon-branded phishing websites. Researchers from Unit 42 reported that this campaign utilizes PDFs containing embedded links as an initial lure to…
Hackers Use Hidden Text Salting to Bypass Spam Filters and Evade Detection
In the latter half of 2024, Cisco Talos identified a significant increase in email threats leveraging “hidden text salting,” also referred to as HTML poisoning. This deceptive yet effective technique enables cybercriminals to bypass email parsers, confuse spam filters, and…
New Hacker Group Using 7z & UltraVNC Tool to Deploy Malware Evading Detection
A sophisticated cyber campaign targeting Russian-speaking entities has been identified by cybersecurity researchers, unveiling a deceptive operation imitating the Tactics, Techniques, and Procedures (TTPs) of the Gamaredon APT group. The attackers believed to be part of the GamaCopy group, exploited…
Hackers Mimic USPS To Deliver Malicious PDF In Attack Targeted Mobile Devices
In a detailed analysis published on January 27, 2025, Zimperium’s zLabs team uncovered a sophisticated phishing campaign targeting mobile devices through malicious PDF files. Disguised as communications from the United States Postal Service (USPS), this campaign employs advanced social engineering…
Stratoshark – A New Wireshark Tool Released for Cloud
The masterminds behind the revolutionary network analyzer Wireshark have unveiled a new tool, Stratoshark, designed to bring their proven methodology to system call analysis. Marking over 25 years since Wireshark’s inception, this latest development continues the legacy of democratizing complex…
Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access
A critical authentication vulnerability in Fortinet’s FortiGate SSL VPN appliance tracked as CVE-2024-55591, has been weaponized in active attacks. Threat actors have exploited this vulnerability to gain super-admin privileges, bypassing the authentication mechanism, and compromising devices globally. Cybersecurity experts warn organizations using…
Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows
A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0. The issue, classified as a Relative Path Traversal vulnerability, exposes Solr instances running on Windows to potential risks of arbitrary file path manipulation and write-access.…
Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft
IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory Integrator and IBM Security Verify Directory Integrator products. The vulnerabilities, identified through the Common Vulnerabilities and Exposures (CVE) system, expose users to various risks, including sensitive…
White House Considers Oracle-Led Takeover of TikTok with U.S. Investors
In a significant development, the Trump administration is reportedly formulating a plan to prevent a nationwide ban on TikTok, involving Oracle and a consortium of private investors. Under the proposed arrangement, ByteDance, TikTok’s Chinese parent company, would retain a minority…
Critical Isolation Vulnerability in Intel Trust Domain Extensions Exposes Sensitive Data
Researchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel Trust Domain Extensions (TDX), a foundational technology designed to ensure robust isolation between virtual machines (VMs) in secure environments. The study reveals that hardware performance…