A recent cybersecurity revelation has demonstrated how researchers successfully bypassed Windows Defender antivirus mechanisms using advanced techniques involving XOR encryption and direct system calls. This breakthrough has sparked discussions about the effectiveness of traditional antivirus measures against increasingly sophisticated attack…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Jenkins Docker Vulnerability Allows Hackers to Hijack Network Traffic
A newly disclosed vulnerability affecting Jenkins Docker images has raised serious concerns about network security. The vulnerability, stemming from the reuse of SSH host keys, could allow attackers to impersonate Jenkins build agents and hijack sensitive network traffic. Vulnerability Details…
Microsoft Issues Urgent Patch to Fix Office Update Crash
Microsoft has released an urgent patch for Office 2016 to address a critical issue causing key applications like Word, Excel, and Outlook to crash unexpectedly. The new update, KB5002623, was issued on April 10, 2025, following widespread reports of performance…
Shuckworm Group Leverages GammaSteel Malware in Targeted PowerShell Attacks
The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been observed targeting a Western country’s military mission located within Ukraine, employing an updated, PowerShell-based version of its GammaSteel infostealer malware. This campaign, which began in…
ViperSoftX Malware Spreads Through Cracked Software, Targeting Unsuspecting Users
AhnLab Security Intelligence Center (ASEC) has unearthed a complex cyber campaign in which attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware to unsuspecting Korean users. This operation has employed cracked software and torrents as vectors for spreading…
RansomHub RaaS in Disarray After Affiliate Chat Access Suddenly Revoked
RansomHub, a leading Ransomware-as-a-Service (RaaS) group that emerged in early 2024, has found itself grappling with internal turmoil. The instability came to light on April 1st, 2025, when several of its client chat portals, critical for ransomware negotiations, went offline,…
A Seven‑Year‑Old Cisco Flaw Now Lets Hackers Execute Code Remotely on Network Gear
A Cisco’s Smart Install protocol (CVE-2018-0171), first patched in 2018, remains a pervasive threat to global network infrastructure due to widespread misconfigurations and exploitation by state-sponsored threat actors. The flaw allows unauthenticated attackers to execute arbitrary code on Cisco switches…
GOFFEE Deploys PowerModul in Coordinated Strikes on Government and Energy Networks
The threat actor known as GOFFEE has launched a series of targeted attacks against critical sectors within the Russian Federation, utilizing advanced malware and phishing techniques. The group’s latest campaign involves the deployment of PowerModul, a PowerShell-based implant, to escalate…
Rogue Account‑Creation Flaw Leaves 100 K WordPress Sites Exposed
A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave over 100,000 websites at risk. The issue, discovered by security researcher mikemyers, allows attackers to create rogue administrative users on sites where the plugin is not…
The State of AI Malware and Defenses Against It
AI has recently been added to the list of things that keep cybersecurity leaders awake. The increasing popularity of and easy access to large language models (LLMs), such as ChatGPT, DeepSeek, and Gemini, have enabled threat actors to scale and…
Malicious ‘mParivahan’ App Circulates on WhatsApp, Skimming Sensitive Mobile Data
A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing…
SonicWall Patches Multiple Vulnerabilities in NetExtender Windows Client
SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client. These vulnerabilities, identified via several Common Vulnerabilities and Exposures (CVEs), could allow malicious actors to exploit privilege management flaws, trigger local privilege escalation, or manipulate…
Dell Alerts Users to Critical PowerScale OneFS Flaws Enabling Account Takeover
Dell Technologies has issued an urgent security advisory to its users, warning of several critical vulnerabilities in its PowerScale OneFS operating system. These flaws, if exploited, could allow attackers to take over high-privileged user accounts, bypass authorization controls, and disrupt…
Langflow AI Builder Vulnerability Allows Remote Server Takeover by Attackers
A critical security vulnerability has been discovered in the Langflow AI Builder, a popular tool for creating agentic AI workflows. The flaw, tracked as CVE-2025-3248, enables unauthenticated remote attackers to compromise servers running Langflow, potentially leading to full server control. Security…
Cable: Powerful Post-Exploitation Toolkit for Active Directory Attacks
Cybersecurity researchers are raising alarms about Cable, a potent open-source post-exploitation toolkit designed to exploit Active Directory (AD) vulnerabilities. With 298 GitHub stars and 33 forks since its release, this .NET-based tool is rapidly gaining traction among threat actors for its…
TP-Link Smart Hub Flaw Exposes Users’ Wi-Fi Credentials
A critical vulnerability has been discovered in TP-Link’s Smart Hub, potentially exposing users’ Wi-Fi credentials to malicious actors. This flaw could allow attackers to gain unauthorized access to sensitive information, posing significant risks to affected users. The vulnerability, identified as CVE-2025-0072,…
Hackers Claim WooCommerce Breach Exposing 4.4 Million Customer Records
A hacker operating under the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, a leading e-commerce platform used globally to power online stores. The breach, allegedly carried out on April 6, 2025, has reportedly compromised sensitive…
CatB Ransomware Abuses Microsoft Distributed Transaction Coordinator for Stealthy Payload Execution
The cybersecurity realm has encountered a formidable adversary with the emergence of CatB ransomware, also known as CatB99 or Baxtoy. First identified in late 2022, this strain has caught the eye of security analysts due to its sophisticated evasion techniques…
AkiraBot Floods 80,000 Sites After Outsmarting CAPTCHAs and Slipping Past Network Defenses
AkiraBot, identified by SentinelLABS, represents a sophisticated spam bot framework that targets website chats and contact forms to promote low-quality SEO services. Since its inception in September 2024, AkiraBot has impacted over 420,000 unique domains, successfully spamming at least 80,000…
APT32 Turns GitHub into a Weapon Against Security Teams and Enterprise Networks
Southeast Asian Advanced Persistent Threat (APT) group OceanLotus, also known as APT32, has been identified as employing GitHub to conduct a sophisticated poison attack against Chinese cybersecurity professionals. The ThreatBook Research and Response Team has meticulously analyzed this incident, which…