Clevo accidentally exposed private keys used in its Intel Boot Guard implementation, allowing attackers to sign malicious firmware that would be trusted during the earliest boot stages. The issue is tracked as Vulnerability Note VU#538470 and was published on October…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Russian Cybercrime Marketplace Shifting from RDP Access to Malware Stealer Log Exploits
The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs. Stolen user credentials are traded daily, and each compromised login represents a…
Hackers Target macOS Users with Fake Homebrew Websites to Deliver Malicious Payloads
In September 2025, Kandji’s security researchers uncovered a sophisticated campaign in which attackers deployed multiple spoofed Homebrew installer sites that perfectly mimic the official brew.sh page. These counterfeit domains served a hidden malicious payload under the guise of the standard…
Pro-Russian Hacktivist Targets OT/ICS Systems to Harvest Credentials
In September, a nascent pro-Russian hacktivist group known as TwoNet staged its first operational technology and industrial control systems (OT/ICS) intrusion against our water treatment utility honeypot. By exploiting default credentials and SQL-based schema extraction, the adversary ultimately created backdoor…
Axis Communications Vulnerability Exposes Azure Storage Credentials
Axis Communications, a leading provider of network video and surveillance solutions, has confirmed a critical vulnerability in its Autodesk® Revit® plugin that exposed Azure Storage Account credentials within signed DLLs. Discovered in July 2024 by Trend Micro’s Zero Day Initiative™…
EDR-Freeze: Technical Mechanics and Forensic Artifacts Exposed
EDR-Freeze is a proof-of-concept tool that forces endpoint detection and response (EDR) or antivirus processes into a temporary “coma.” Instead of installing a vulnerable driver, it leverages legitimate Windows Error Reporting components, specifically WerFaultSecure.exe and the MiniDumpWriteDump API to pause security…
Hackers Exploit Microsoft Edge’s Internet Explorer Mode to Compromise User Devices
Microsoft Edge has identified and mitigated a critical threat exploiting its Internet Explorer (IE) compatibility mode, closing off high-risk entry points and reinforcing security for both individual and enterprise users. Although the web has largely embraced modern standards, many enterprise…
North Korean Hackers Target Developers with 338 Malicious Software Packages
North Korean threat actors have escalated their Contagious Interview campaign, deploying 338 malicious npm packages with over 50,000 downloads to target cryptocurrency and blockchain developers through sophisticated social engineering tactics. The state-sponsored operation represents a significant evolution in supply chain…
Happy DOM Flaw Allows Remote Code Execution Affecting 2.7 Million Users
A critical security vulnerability has been discovered in Happy DOM, a popular JavaScript library used for server-side rendering and testing frameworks. The flaw, tracked as CVE-2025-61927, enables attackers to escape the virtual machine context and execute arbitrary code on affected systems,…
Microsoft Finally Resolves Persistent Windows 11 ‘Update and Shut Down’ Glitch
Microsoft has successfully addressed one of Windows 11’s most frustrating issues with its latest preview builds, finally fixing the notorious “update and shut down” glitch that has plagued users since the operating system’s 2021 launch. This persistent bug tricked countless…
WhatsApp Worm Targets Users with Banking Malware, Steals Login Information
Cybersecurity researchers have uncovered a sophisticated new campaign targeting WhatsApp users in Brazil with self-propagating malware designed to steal banking credentials and cryptocurrency exchange login information. The attack, first detected on September 29, 2025, represents a dangerous evolution in social…
Hackers Claim Massive Salesforce Breach: 1 Billion Records Stolen
A new cybercriminal conglomerate known as Scattered Lapsus$ Hunters has emerged as a significant threat to global organizations, claiming responsibility for massive data breaches targeting Salesforce customer tenants. The group, also referred to as SP1D3R HUNTERS or SLSH, has reportedly…
Spanish Authorities Dismantle Advanced AI Phishing Operation GoogleXcoder
Spanish law enforcement recently dismantled an advanced AI-driven phishing network and arrested the mastermind developer known as “GoogleXcoder.” This operation marks a significant victory in the fight against banking credential theft in Spain. Cybercriminals Target Banks and Government Agencies Since…
Astaroth Banking Malware Exploits GitHub for Hosting Configuration Files
McAfee’s Threat Research team recently uncovered a sophisticated new Astaroth campaign that represents a significant evolution in malware infrastructure tactics. This latest variant has abandoned traditional command-and-control (C2) server dependencies in favor of leveraging GitHub repositories to host critical malware…
Oracle E-Business Suite Flaw Enables Remote Code Execution and Data Theft
Oracle has issued a critical security alert for a severe vulnerability in its E-Business Suite platform that could allow attackers to execute remote code and steal sensitive data without requiring authentication. The flaw, identified as CVE-2025-61884, affects multiple versions of the…
SonicWall SSLVPN Targeted After Hackers Breach All Customer Firewall Backups
Cybersecurity researchers at Huntress have detected a widespread attack campaign targeting SonicWall SSL VPN devices across multiple customer environments, with over 100 accounts compromised since early October. The attacks appear coordinated and sophisticated, with threat actors rapidly authenticating into multiple…
Attackers Exploit Defender for Endpoint Cloud API to Bypass Authentication and Disrupt Incident Response
Microsoft Defender for Endpoint’s cloud communication can be abused to bypass authentication, intercept commands, and spoof results, allowing attackers to derail incident response and mislead analysts. Recent research shows that multiple backend endpoints accept requests without effectively validating tokens, enabling…
Threat Actors Exploit Discord Webhooks for C2 via npm, PyPI, and Ruby Packages
Threat actors are increasingly abusing Discord webhooks as covert command-and-control (C2) channels inside open-source packages, enabling stealthy exfiltration of secrets, host telemetry, and developer environment data without standing up bespoke infrastructure. Socket’s Threat Research Team has documented active abuse across…
New Stealit Malware Exploits Node.js Extensions to Target Windows Systems
Security researchers have identified a new, active campaign of the Stealit malware that uses an experimental Node.js feature to infect Windows systems. According to a report from FortiGuard Labs, threat actors are leveraging Node.js’s Single Executable Application (SEA) functionality to…
Chaosbot Using CiscoVPN and Active Directory Passwords for Network Commands
Adversaries have once again demonstrated that operational hours are irrelevant when mounting sophisticated cyberattacks. eSentire’s TRU team first observed suspicious activity within a financial services customer’s environment when legitimate CiscoVPN logins coincided with anomalous WMI calls to multiple endpoints. Investigation…