Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Serious security vulnerabilities have been uncovered in the popular social media and content-sharing app, RedNote, compromising the privacy and security of millions of users globally. Researchers revealed critical flaws allowing attackers to intercept sensitive user data, access device files, and…

Read more →

A newly discovered malware, named FINALDRAFT, has been identified leveraging Microsoft Outlook as a command-and-control (C2) communication channel through the Microsoft Graph API. This sophisticated malware was uncovered by Elastic Security Labs during an investigation targeting a foreign ministry. The…

Read more →

The meteoric rise of DeepSeek, a Chinese AI startup, has not only disrupted the AI sector but also attracted the attention of cybercriminals. Following the release of its open-source model, DeepSeek-R1, on January 20, 2025, the platform experienced exponential growth,…

Read more →

The China-based Advanced Persistent Threat (APT) group known as the Winnti Group, also referred to as APT41, has launched a new cyberattack campaign targeting Japanese organizations in the manufacturing, materials, and energy sectors. Dubbed “RevivalStone,” this campaign employs a novel…

Read more →

In a calculated cyber-espionage campaign, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows systems. This operation, active since…

Read more →

APT43, also known by aliases such as Black Banshee, Emerald Sleet, and Kimsuky, is a North Korean state-sponsored cyber threat actor linked to the Reconnaissance General Bureau (RGB). This group is primarily motivated by espionage and has recently expanded its…

Read more →

 A new security vulnerability targeting Amazon Machine Images (AMIs) has emerged, exposing organizations and users to potential exploitation. Dubbed the “whoAMI name confusion attack,” this flaw allows attackers to publish malicious virtual machine images under misleading names, tricking unsuspecting users…

Read more →

Google has released an urgent update for its Chrome browser to address a critical security vulnerability that could allow attackers to remotely execute malicious code on vulnerable systems. The flaw, identified as CVE-2025-0995, is categorized as a “Use-After-Free” vulnerability in…

Read more →

A massive security lapse has exposed over 2.7 billion records, including sensitive Wi-Fi credentials, device information, and user details, raising global concerns over IoT (Internet of Things) security. Cybersecurity researcher Jeremiah Fowler uncovered this unprotected database, linked to Mars Hydro,…

Read more →

Palo Alto Networks has disclosed a zero-day vulnerability in its PAN-OS software (CVE-2025-0108), allowing attackers to bypass authentication on the management web interface. With a CVSS score of 7.8 (HIGH), the flaw has been flagged as a significant security issue…

Read more →

SonicWall firewalls running specific versions of SonicOS are vulnerable to a critical authentication bypass flaw, tracked as CVE-2024-53704, which allows attackers to hijack active SSL VPN sessions. This vulnerability has been classified as high-risk, with a CVSS score of 8.2.…

Read more →

The Cl0p ransomware group, a prominent player in the cybercrime landscape since 2019, has intensified its operations by employing advanced techniques to remain undetected within compromised networks. Known for its association with the TA505 threat group, Cl0p has shifted its…

Read more →

A newly intensified wave of ransomware attacks has surfaced, leveraging the infamous ZeroLogon vulnerability (CVE-2020-1472) to compromise Windows Active Directory (AD) domain controllers. This exploit, first identified in 2020, has become a key weapon for ransomware groups like Ryuk and…

Read more →

In a concerning development, cybersecurity experts have identified active exploitation of a critical vulnerability in Ivanti Connect Secure (ICS) appliances, tracked as CVE-2025-0282. This zero-day vulnerability, a stack-based buffer overflow with a CVSS score of 9.0, has been leveraged by…

Read more →

The cybersecurity landscape continues to evolve rapidly, demanding more sophisticated tools and methodologies to combat emerging threats. In response, Proofpoint’s Emerging Threats (ET) team has implemented significant updates to its ruleset, enhancing metadata coverage and integrating MITRE ATT&CK tags. These…

Read more →

A duo of cybersecurity researchers uncovered a critical vulnerability in a software supply chain, landing them an extraordinary $50,500 bug bounty. The exploit, described as an “Exceptional Vulnerability,” not only exposed systemic flaws in software supply chain security but also…

Read more →

Microsoft has confirmed the discovery of a significant zero-day vulnerability, tracked as CVE-2025-21418, in the Windows Ancillary Function Driver for WinSock. This flaw, categorized as an Elevation of Privilege (EoP) vulnerability, has been exploited in the wild, allowing attackers to remotely gain control…

Read more →

Microsoft Threat Intelligence has exposed a novel cyberattack method employed by the North Korean state-sponsored hacking group, Emerald Sleet (also known as Kimsuky or VELVET CHOLLIMA). The group is exploiting social engineering tactics to deceive individuals into running PowerShell commands…

Read more →

Fortinet’s FortiOS, the operating system powering its VPN and firewall appliances, has been found vulnerable to multiple security flaws that could allow attackers to execute remote code (RCE) and launch denial-of-service (DoS) attacks. These vulnerabilities, disclosed by Akamai researcher Ben…

Read more →

A critical vulnerability in Fortinet’s FortiOS and FortiProxy products has been identified, enabling attackers to bypass authentication and gain super-admin access. The flaw, classified as an Authentication Bypass Using an Alternate Path or Channel (CWE-288), is actively being exploited in…

Read more →

A newly discovered 0-day vulnerability in Windows Storage has sent shockwaves through the cybersecurity community. Identified as CVE-2025-21391, this critical flaw allows attackers to elevate privilege and remotely delete targeted files on a victim’s system without their interaction. Microsoft officially confirmed…

Read more →

In a sophisticated cyber-espionage operation, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows users. The campaign, which began…

Read more →

A newly discovered malware, dubbed “Ratatouille” (or I2PRAT), is raising alarms in the cybersecurity community due to its sophisticated methods of bypassing User Account Control (UAC) and leveraging the Invisible Internet Project (I2P) network for anonymous Command and Control (C2)…

Read more →

A critical new vulnerability in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP), tagged as CVE-2025-21376, has recently come to light, raising alarms across global cybersecurity circles. The flaw, which has been classified as “critical,” could allow remote attackers to execute…

Read more →

Google’s Safe Browsing technology now ensures enhanced protection for over 1 billion Chrome users worldwide. Launched in 2005, Safe Browsing is a robust system designed to safeguard users from phishing, malware, scams, and other cyber threats. By leveraging advanced artificial…

Read more →

A critical vulnerability has been discovered in the Ivanti Cloud Services Application (CSA), potentially allowing attackers to execute remote code and access restricted functionality. Ivanti has released an urgent security update to address the issues, tracked as CVE-2024-47908 and CVE-2024-11771,…

Read more →

A high-severity security vulnerability (CVE-2024-12797) has been identified in OpenSSL, one of the most widely used cryptographic libraries. The flaw allows attackers to exploit a loophole in TLS and DTLS handshakes, potentially enabling man-in-the-middle (MITM) attacks on vulnerable connections. OpenSSL…

Read more →

Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products. This critical flaw enables remote attackers to obtain super-admin privileges by exploiting maliciously crafted CSF proxy requests.…

Read more →

Microsoft has released its highly anticipated Patch Tuesday security updates for February 2025, addressing a wide range of vulnerabilities across its products and services. This month’s release includes fixes for critical remote code execution (RCE) vulnerabilities, elevation of privilege flaws,…

Read more →

Microsoft has released its highly anticipated Patch Tuesday security updates for February 2025, addressing a wide range of vulnerabilities across its products and services. This month’s release includes fixes for critical remote code execution (RCE) vulnerabilities, elevation of privilege flaws,…

Read more →

IBL Software Engineering has disclosed a significant security vulnerability, identified as CVE-2025-1077, affecting its Visual Weather software and derivative products, including Aero Weather, Satellite Weather, and NAMIS. This vulnerability allows remote, unauthenticated attackers to execute arbitrary Python code on affected…

Read more →

The realm of fault injection attacks has long intrigued researchers and security professionals. Among these, single-bit fault injection, a technique that seeks to manipulate a single bit in a system, has often been considered elusive, akin to chasing a “unicorn.”…

Read more →

Microsoft Entra ID has introduced a robust mechanism called protected actions to mitigate the risks associated with unauthorized hard deletions of user accounts. This feature, which integrates with Conditional Access policies, adds an additional layer of security to critical administrative…

Read more →

OpenAI, the organization behind ChatGPT and other advanced AI tools, is making significant strides in its efforts to reduce its dependency on Nvidia by developing its first in-house artificial intelligence chip. According to the source, OpenAI is finalizing the design…

Read more →

 New York Governor Kathy Hochul announced that the state has banned the use of the China-based AI startup DeepSeek on government-issued devices and networks. The decision stems from escalating concerns over potential foreign surveillance and censorship risks associated with the…

Read more →

Advanced Persistent Threats (APTs) represent a sophisticated and stealthy category of cyberattacks targeting critical organizations globally. Unlike common malware, APTs employ evasive tactics, techniques, and procedures (TTPs) to remain undetected for extended periods. Their command-and-control (C&C) communications often mimic legitimate…

Read more →

Cybercriminals are capitalizing on the season of love to launch sneaky and deceptive cyberattacks. According to the whoisxmlapi shared on the X, there has been a surge in the registration of Valentine’s Day-themed domains, many of which are likely being…

Read more →

SolarWinds announced the release of Web Help Desk (WHD) version 12.8.5, unveiling a host of new features, updates, and fixes aimed at streamlining IT service management and enhancing security. The update brings significant enhancements to the Purchase Order (PO) section,…

Read more →

January 2025 marked a pivotal month in the ransomware landscape, with Akira emerging as the most active and dominant threat actor. The group was responsible for 72 attacks globally, a 60% surge compared to previous months, underscoring its aggressive expansion…

Read more →

As AI technologies continue to evolve, traditional CAPTCHA systems face increasing vulnerabilities. Recent studies reveal that advanced AI models, such as multimodal large language models (LLMs), can bypass many existing CAPTCHA mechanisms with alarming efficiency. To address this challenge, researchers…

Read more →

Innovative tools are continually appearing to enhance the capabilities of professionals and enthusiasts alike. One new entrant into the world of radio frequency (RF) tools is the Evil Crow RF V2, a compact device that transforms your smartphone into a powerful…

Read more →

A new cybersecurity threat has emerged, targeting customers of a prominent Indian bank through fraudulent mobile applications. Dubbed “FinStealer,” this malware campaign employs advanced techniques to steal sensitive financial and personal information, including banking credentials, credit card details, and other…

Read more →

A newly discovered phishing campaign targeting Facebook users has been identified by researchers at Check Point Software Technologies. The attack, which began in late December 2024, has already reached over 12,279 email addresses and impacted hundreds of companies globally. The…

Read more →

Gcore, the global provider of edge AI, cloud, network, and security solutions has released its Q3-Q4 2024 Radar report on DDoS attack trends. The findings highlight a dramatic surge in the scale and impact of DDoS attacks, which have reached…

Read more →

South Korea’s National Intelligence Service (NIS) has raised alarms over the Chinese artificial intelligence app, DeepSeek, accusing it of “excessively” collecting personal data from users and utilizing all input data to train its AI models. The NIS also scrutinized the…

Read more →

Recent research has highlighted the increasingly sophisticated tactics, techniques, and procedures (TTPs) employed by North Korean state-sponsored hackers. These cyber actors have demonstrated a strategic focus on espionage, financial theft, and disruption, targeting a broad range of sectors globally. Their…

Read more →

 A series of critical security vulnerabilities have been identified in Progress Software’s LoadMaster application, potentially allowing remote attackers to execute system commands or access sensitive files. CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, and CVE-2024-56135, affect all current versions of LoadMaster, including Multi-Tenant LoadMaster (MT) deployments, prompting an…

Read more →

Thai authorities arrested four European hackers in Phuket on February 10, 2025, for their alleged involvement in ransomware operations that inflicted global losses exceeding $16 million. The arrests, part of the multinational “Operation PHOBOS AETOR,” were executed in collaboration with…

Read more →

Cybersecurity researchers caution that over 12,000 instances of GFI KerioControl firewalls remain unpatched and vulnerable to a critical security flaw (CVE-2024-52875) that could be exploited for remote code execution (RCE) with minimal effort. The Shadowserver Foundation has been tracking this…

Read more →

Apple has released emergency security updates to address a zero-day vulnerability, CVE-2025-24200, that has been actively exploited in targeted attacks against iPhone and iPad users. The vulnerability allows attackers to disable USB Restricted Mode on a locked device, potentially granting…

Read more →

A recent analysis of over one million malware samples by Picus Security has revealed a growing trend in the exploitation of application layer protocols for stealthy command-and-control (C2) operations. These findings, detailed in the Red Report 2025, underscore the increasing…

Read more →

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity and authenticity. It processes input data in fixed-size chunks of 512 bits (64 bytes) and produces a unique 256-bit (32-byte) hash. This property allows for incremental…

Read more →

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years, that could allow attackers to execute remote code. The flaw, identified in the core TCP subsystem, was introduced through a race condition in the inet_twsk_hashdance function.…

Read more →

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35% in 2024, falling from $1.25 billion in 2023 to $813.55 million, according to a report by blockchain analytics firm Chainalysis. This marked the first substantial decline…

Read more →

QR codes, once a symbol of convenience and security in digital interactions, have become a significant target for cybercriminals. The Rise of Fake QR Code Scams A new form of cyberattack, dubbed “quishing,” involves the use of counterfeit QR codes…

Read more →

The eSentire Threat Response Unit (TRU) has reported a significant rise in incidents involving the NetSupport Remote Access Trojan (RAT) since January 2025. This malicious software, originally designed as a legitimate IT support tool, has been weaponized by cybercriminals to…

Read more →

Hackers reportedly gained unauthorized access to the cutting-edge DeepSeek-V3 model within just 24 hours of its high-profile release. DeepSeek-V3, a state-of-the-art large language model (LLM) developed by the renowned AI research lab Nexus-AI, was expected to redefine benchmarks in natural…

Read more →

GitHub has once again raised the bar for productivity in software development with the launch of its revolutionary “Agent Mode” for GitHub Copilot. This new feature takes the AI-powered coding assistant to a whole new level, enabling developers to autonomously…

Read more →

A severe security vulnerability has been uncovered in the popular video game Marvel Rivals, raising major concerns for both PC and PlayStation 5 players. The exploit, discovered by a security researcher, enables attackers to remotely take control of devices on the…

Read more →

A routine physical penetration test conducted by cybersecurity professionals took an unexpected turn when armed police officers arrested two security experts during a simulated breach of a corporate office in Malta. Physical penetration testing is a critical component of cybersecurity…

Read more →

Massive brute force attacks targeting VPNs and firewalls have surged in recent weeks, with cybercriminals using as many as 2.8 million unique IP addresses daily to conduct relentless login attempts. The Shadowserver Foundation, a nonprofit cybersecurity organization, has confirmed this…

Read more →

Sensitive credentials from Cisco’s internal network and domain infrastructure were reportedly made public due to a significant data breach. According to a Cyber Press Research report, the new Kraken ransomware group has allegedly leaked a dataset on their dark web…

Read more →

Serious vulnerabilities in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform, have raised alarm in the cybersecurity community. Security researchers have identified several critical flaws that allow attackers to access sensitive data and compromise user accounts. With…

Read more →

Linus Torvalds, lead developer of the Linux kernel, announced the second release candidate (rc2) of Linux Kernel 6.14, providing developers and enthusiasts with a glimpse at the latest updates and fixes in the kernel’s development cycle. The announcement was made…

Read more →

The Tor Project has officially unveiled Tor Browser 14.0.6, now accessible for download from the Tor Browser download page and its distribution directory. The latest update introduces critical fixes and enhancements, ensuring a smoother and more secure browsing experience for users. Here’s a detailed…

Read more →

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious cybersecurity concerns. Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this flaw allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their…

Read more →

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all encrypted content stored in its iCloud service. The demand, issued under the U.K.’s controversial Investigatory Powers Act of 2016, has raised alarm among privacy advocates and…

Read more →

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is transmitted by focusing on the meaning of data rather than raw content. Unlike traditional communication methods, these systems encode semantic features such as text, images, or…

Read more →

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning and automation capabilities to simulate sophisticated cyberattacks. Recent research demonstrates how autonomous LLM-driven systems can effectively perform assumed breach simulations in enterprise environments, particularly targeting Microsoft…

Read more →

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services (IIS) servers by threat actors deploying the BadIIS malware. This campaign, attributed to Chinese-speaking groups, leverages IIS vulnerabilities to manipulate search engine optimization (SEO) rankings and…

Read more →

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques like steganography and social engineering. These methods allow attackers to embed malicious code within seemingly harmless multimedia files, bypassing traditional security measures and deceiving unsuspecting users.…

Read more →

A critical zero-day vulnerability has been discovered in Microsoft Sysinternals tools, posing a serious security threat to IT administrators and developers worldwide. The vulnerability enables attackers to exploit DLL injection techniques to execute malicious code, putting systems at risk of compromise. Despite being disclosed…

Read more →

The National Security Agency (NSA) has officially released Ghidra 11.3, the latest iteration of its open-source software reverse engineering (SRE) framework. Known for its robust capabilities in analyzing compiled code across multiple platforms, including Windows, macOS, and Linux, this release…

Read more →

A new wave of scareware attacks has emerged, targeting unsuspecting mobile users with fake antivirus applications designed to exploit fear and trick victims into downloading malicious software. Scareware, a type of digital fraud, employs social engineering tactics to alarm users…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability affecting the popular file compression utility, 7-Zip, to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, identified as CVE-2025-0411, highlights a severe flaw that allows attackers…

Read more →

A critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps Platform, allowing remote attackers to bypass authentication mechanisms. The vulnerability tracked as CVE-2025-1044, has been assigned a CVSS score of 9.8, placing it in the “Critical” severity…

Read more →

Check Point Research (CPR) has revealed that cybercriminals are increasingly leveraging the newly launched AI models, DeepSeek and Qwen, to create malicious content. These models, which lack robust anti-abuse provisions, have quickly become a preferred choice for threat actors over…

Read more →

In a concerning development for the machine learning (ML) community, researchers from ReversingLabs have uncovered malicious ML models on the Hugging Face platform, a popular hub for AI collaboration. Dubbed “nullifAI,” this novel attack method leverages vulnerabilities in the widely…

Read more →

A newly discovered phishing campaign is using fake Facebook copyright infringement notices to trick users into divulging their credentials, potentially compromising business accounts. Phishing Campaign Exploits Facebook Brand to Target Businesses Researchers at Check Point Software Technologies revealed that this…

Read more →

Cybercriminals are actively exploiting vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to infiltrate networks, create unauthorized administrator accounts, and deploy malware, including the Sliver backdoor. These flaws, identified as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were disclosed in early January…

Read more →

A federal grand jury has indicted Linwei Ding, also known as Leon Ding, a former Google software engineer, on four counts of theft of trade secrets. The charges stem from allegations that Ding stole proprietary artificial intelligence (AI) technologies from…

Read more →

Dell Technologies has issued a security advisory (DSA-2025-047) to address a vulnerability in the Dell Update Manager Plugin (UMP) that could expose sensitive data to malicious actors. The flaw, identified as CVE-2025-22402, is categorized as a low-risk issue but requires immediate attention and…

Read more →

DeepSeek iOS app—a highly popular AI assistant recently crowned as the top iOS app since its January 25 release—has been discovered to transmit sensitive user data to ByteDance servers without encryption.  The security flaws, uncovered by mobile app security firm…

Read more →

Hewlett Packard Enterprise (HPE) has issued a high-priority security bulletin addressing multiple vulnerabilities in its Aruba ClearPass Policy Manager (CPPM). These flaws, which range from unauthorized access to arbitrary code execution, could allow attackers to compromise affected systems. Organizations relying…

Read more →

Splunk has unveiled DECEIVE (DECeption with Evaluative Integrated Validation Engine), an innovative, AI-augmented honeypot that mimics real-world systems to lure and study cyber attackers. By leveraging advanced artificial intelligence, DECEIVE provides organizations with a powerful means of tracking, analyzing, and understanding malicious…

Read more →

Microsoft has raised alarms about a new cyber threat involving ViewState code injection attacks exploiting publicly disclosed ASP.NET machine keys to compromise ISS web servers. Microsoft has identified over 3,000 publicly disclosed keys vulnerable to ViewState code injection attacks. Unlike…

Read more →

The Abyss Locker ransomware, a relatively new but highly disruptive cyber threat, has been actively targeting critical network devices, including VMware ESXi servers, since its emergence in 2023. This ransomware group employs sophisticated tactics to infiltrate corporate networks, exfiltrate sensitive…

Read more →

Spanish authorities have arrested a hacker believed to be responsible for cyberattacks targeting over 40 public and private organizations globally. The suspect, apprehended on Tuesday in Calpe (Alicante), allegedly compromised sensitive data and disrupted critical services, including government agencies, international…

Read more →

Paragon Solutions, an Israeli cybersecurity firm, has reportedly ended its spyware contract with Italy. The termination comes in the wake of revelations that its military-grade hacking software, Graphite, was allegedly used to target 90 individuals, including journalists and activists, across…

Read more →

Cybersecurity experts are raising alarms over a new wave of attacks targeting Windows users in India, driven by the Lumma Stealer malware. This advanced information-stealing malware is being distributed through fake CAPTCHA verification pages, a deceptive tactic that preys on…

Read more →

OpenAI may have become the latest high-profile target of a significant data breach. A threat actor has surfaced on underground forums, claiming possession of email and password credentials for a staggering 20 million OpenAI accounts. This alleged breach has raised…

Read more →

A recently disclosed vulnerability in F5’s BIG-IP systems has raised alarm within the cybersecurity community. The flaw, designated CVE-2025-21091, enables remote attackers to exploit SNMP configuration issues, potentially leading to Denial-of-Service (DoS) attacks on affected systems. This vulnerability, which carries a CVSS v4.0 score…

Read more →

A new wave of cyberattacks orchestrated by the North Korea-linked Lazarus Group has been identified, leveraging fake LinkedIn job offers to infiltrate organizations and deliver sophisticated malware. Reports from cybersecurity firms, including Bitdefender, reveal that this campaign targets professionals across…

Read more →

Cybersecurity experts have identified an alarming trend of cybercriminals exploiting ConnectWise ScreenConnect, a widely-used Remote Monitoring and Management (RMM) tool, to establish persistent access to compromised systems. Threat Actors Exploit Legitimate Software for Malicious Gains Silent Push Threat Analysts and…

Read more →

Cisco has disclosed multiple vulnerabilities in its Simple Network Management Protocol (SNMP) subsystem affecting Cisco IOS, IOS XE, and IOS XR software. These flaws, identified as high-severity, could allow an authenticated remote attacker to trigger Denial-of-Service (DoS) conditions, disrupting network…

Read more →

A sophisticated malware campaign, dubbed “FatBoyPanel,” has been uncovered by cybersecurity researchers, targeting users of Indian banks. This campaign, consisting of nearly 900 malware samples, is designed to steal sensitive financial and personal information, including Aadhaar numbers, PAN cards, ATM…

Read more →

In a concerning development, the North Korean-backed hacking group Kimsuky has intensified its use of custom-built tools to exploit Remote Desktop Protocol (RDP) for controlling compromised systems. AhnLab Security Intelligence Center (ASEC) reports that the group has developed a proprietary…

Read more →

A recently discovered zero-day vulnerability in the Mobile Security Framework (MobSF) has raised alarms in the cybersecurity community. The vulnerability, which allows attackers to cause a partial Denial of Service (DoS) on scan results and the iOS Dynamic Analyzer functionality,…

Read more →

Cybersecurity enthusiasts and IT administrators worldwide are voicing concerns over a newly discovered vulnerability in AnyDesk that could lead to local privilege escalation (LPE). The vulnerability, identified as CVE-2024-12754 and coordinated by Trend Micro’s Zero Day Initiative, allows attackers to weaponize Windows…

Read more →

The Wallarm Security Research Team unveiled a new jailbreak method targeting DeepSeek, a cutting-edge AI model making waves in the global market. This breakthrough has exposed DeepSeek’s full system prompt—sparking debates about the security vulnerabilities of modern AI systems and…

Read more →