A recent security assessment by Palo Alto Networks’ Unit 42 has uncovered multiple vulnerabilities in the ICONICS Suite, a widely used Supervisory Control and Data Acquisition (SCADA) system. These vulnerabilities, identified in versions 10.97.2 and earlier for Microsoft Windows, pose…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Blind Eagle Hackers Exploit Google Drive, Dropbox & GitHub to Evade Security Measures
In a recent cyber campaign, the notorious threat actor group Blind Eagle, also known as APT-C-36, has been leveraging trusted cloud platforms like Google Drive, Dropbox, GitHub, and Bitbucket to distribute malware and evade traditional security defenses. This sophisticated approach…
AI Becomes a Powerful Weapon for Cybercriminals to Launch Attacks at High Speed
Artificial intelligence (AI) has emerged as a potent tool in the arsenal of cybercriminals, enabling them to execute attacks with unprecedented speed, precision, and scale. The integration of AI in cybercrime is transforming the landscape of digital threats, making traditional…
AI-Generated Fake GitHub Repositories Steal Login Credentials
A concerning cybersecurity threat has emerged with the discovery of AI-generated fake GitHub repositories designed to distribute malware, including the notorious SmartLoader and Lumma Stealer. These malicious repositories, crafted to appear legitimate, exploit GitHub’s trusted reputation to deceive users into…
Google Warns Chromecast Owners Against Factory Reset
Google has issued a warning to Chromecast owners regarding the potential risks of performing a factory reset on their devices. This advisory comes as users have reported complications with device authentication after restoring their Chromecasts to factory settings. The warning…
PoC Released for SolarWinds Web Help Desk Vulnerability Exposing Passwords
A Proof-of-Concept (PoC) has been released for a significant vulnerability discovered in SolarWinds Web Help Desk, exposing encrypted passwords and other sensitive data. This vulnerability arises from the predictable encryption keys used in the application and the misuse of AES-GCM…
“Eleven11bot” Botnet Compromises 30,000 Webcams in Massive Attack
Cybersecurity experts have uncovered a massive Distributed Denial-of-Service (DDoS) botnet known as “Eleven11bot.” This new threat, discovered by Nokia’s Deepfield Emergency Response Team (ERT), shared in LinkedIn, has compromised a staggering 30,000 network devices, predominantly webcams and Network Video Recorders…
Hackers Compromise Windows Systems Using 5000+ Malicious Packages
A recent analysis by FortiGuard Labs has revealed a significant increase in malicious software packages, with over 5,000 identified since November 2024. These packages employ sophisticated techniques to evade detection and exploit system vulnerabilities, posing a substantial threat to Windows…
CISA Added 3 Ivanti Endpoint Manager Bugs to Wildly Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with the addition of three high-risk security flaws affecting Ivanti Endpoint Manager (EPM). These vulnerabilities, which involve absolute path traversal issues, have been observed being…
Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials
North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded…
Apache Pinot Vulnerability Allows Attackers to Bypass Authentication
A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for real-time analytics, has been publicly disclosed. The flaw, identified as CVE-2024-56325, allows remote attackers to bypass authentication on vulnerable installations, posing a critical threat to affected systems.…
SideWinder APT Deploys New Tools in Attacks on Military & Government Entities
The SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly targeting military and government entities across various regions. This group, known for its aggressive expansion beyond traditional targets, has recently updated its toolset to include sophisticated…
SAP Security Update Released to Fix Multiple Vulnerabilities
SAP announced 21 new Security Notes and updates to 3 previously released notes on its latest Security Patch Day. This release addresses critical vulnerabilities within SAP products, underscoring the company’s commitment to safeguarding enterprise software. SAP strongly recommends customers prioritize…
Critical Veritas Vulnerability Allows Attackers to Execute Malicious Code
A critical vulnerability has been discovered in Veritas’ Arctera InfoScale product, a solution widely used for disaster recovery and high availability scenarios. The issue lies in the insecure deserialization of untrusted data in the .NET remoting endpoint, allowing attackers to…
Latest Chrome Update Addresses Multiple High-Risk Security Issues
Google has released a critical update for its Chrome browser, advancing the stable channel to version 134.0.6998.88 for Windows, Mac, and Linux, and 134.0.6998.89 for Windows and Mac on the Extended Stable channel. This update includes several high-priority security fixes…
Apache Tomcat Flaw Could Allow RCE Attacks on Servers
Apache Tomcat, a widely used open-source web server software, has faced numerous security vulnerabilities in recent years. Some critical issues put servers at risk of remote code execution (RCE) and other attacks. These vulnerabilities highlight the importance of keeping software…
Critical Microsoft’s Time Travel Debugging Tool Vulnerability Let Attackers Mask Detection
Microsoft’s Time Travel Debugging (TTD) framework, a powerful tool for recording and replaying Windows program executions, has been found to harbor subtle yet significant bugs in its CPU instruction emulation process, according to a new report from Mandiant. These flaws…
ServiceNow Acquires Moveworks for $2.85 Billion to Boost AI Capabilities
In a landmark move to strengthen its position in the rapidly evolving artificial intelligence landscape, ServiceNow, a leading provider of digital workflow solutions, has announced its acquisition of Moveworks, an AI startup, for $2.85 billion. The deal, revealed on Monday,…
Apple iOS 18.4 Beta 3 Released – What’s New!
Apple has rolled out iOS 18.4 Beta 3, available to developers as of March 10, 2025, with the build number 22E5222f. This release is part of the ongoing beta testing phase, with the final version anticipated in early April 2025.…
Ragnar Loader Used by Multiple Ransomware Groups to Bypass Detection
Ragnar Loader, a sophisticated toolkit associated with the Ragnar Locker ransomware group, has been instrumental in facilitating targeted cyberattacks on organizations since its emergence in 2020. This malware is part of the Monstrous Mantis ransomware ecosystem and is designed to…