Researchers at Group-IB have uncovered a sophisticated phishing framework that demonstrates how cybercriminals are industrializing credential theft through automation, evasion techniques, and Telegram-based data exfiltration. The kit targets explicitly Aruba S.p.A., an Italian IT services provider serving over 5.4 million…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Kraken Ransomware Targets Windows, Linux, and VMware ESXi in Enterprise Environments
Cisco Talos has identified an emerging threat from Kraken, a sophisticated cross-platform ransomware group that has emerged from the remnants of the HelloKitty ransomware cartel. In August 2025, the security firm observed the Russian-speaking group conducting big-game hunting and double-extortion…
Washington Post Oracle E-Suite Breach Exposes Data of Over 9,000 Staff and Contractors
The Washington Post disclosed a significant data breach affecting more than 9,700 employees and contractors following an external system compromise targeting its Oracle E-Suite infrastructure. The breach, which occurred on July 10, 2025, went undetected for nearly 3.5 months before…
Critical Zoho Analytics Plus Flaw Allows Attackers to Run Arbitrary SQL Queries
A critical unauthenticated SQL injection vulnerability has been discovered in Zoho Analytics Plus on-premise, posing a severe risk to organizations running affected versions. Tracked as CVE-2025-8324, this flaw enables attackers to execute arbitrary SQL queries without authentication, potentially leading to…
Critical Imunify360 Vulnerability Exposes Millions of Linux-Hosted Sites to RCE Attacks
A critical Remote Code Execution vulnerability has been patched in Imunify360 AV, a security product protecting approximately 56 million websites worldwide. Hosting companies must apply the patch immediately to prevent potential server compromises. The vulnerability details began circulating in late…
Microsoft Teams Introduces Premium Feature to Prevent Screenshots and Screen Recording
Microsoft has launched a new security feature in Teams Premium called “Prevent screen capture,” designed to block screenshots and recordings during sensitive meetings. This feature will be available worldwide through late November 2025, addressing growing concerns about data leaks in…
Android Photo Frame App Infects Devices With Malware, Allows Full Remote Takeover
A recent investigation has uncovered alarming security vulnerabilities in Android-powered digital photo frames, turning what should be a simple home or office gadget into a potent tool for cybercriminals. The findings reveal that apps preinstalled on these smart photo frames…
CISA Warns: Akira Ransomware Has Extracted $42M After Targeting Hundreds
A newly updated cybersecurity advisory from federal agencies reveals that the Akira ransomware operation has significantly escalated its campaign, compromising organizations worldwide and accumulating massive ransom proceeds through sophisticated attack methods. According to the joint advisory released on November 13,…
Checkout.com Suffers Data Breach as ShinyHunters Attack Cloud Storage
Payment processor Checkout.com recently experienced a data breach after being targeted by the cybercrime group “ShinyHunters.” The attackers accessed old data stored in a third-party cloud system. Luckily, Checkout.com’s live payment processing environment was not affected, and no merchant funds…
Fortinet FortiWeb Zero-Day Exploited to Gain Full Admin Access
A critical zero-day vulnerability in Fortinet FortiWeb has been actively exploited in the wild, allowing attackers to gain complete administrator access without any prior authentication. The flaw affects Fortinet’s Web Application Firewall, which is designed to protect web applications from…
Lumma Stealer Leverages Browser Fingerprinting for Data Theft and Stealthy C2 Communications
Following the doxxing of Lumma Stealer’s alleged core members last month, the notorious infostealer initially experienced a significant decline in activity as customers migrated to rival platforms like Vidar and StealC. However, recent telemetry data reveals a concerning resurgence of…
Palo Alto PAN-OS Flaw Lets Attackers Force Firewall Reboots via Malicious Packets
Palo Alto Networks has disclosed a denial-of-service vulnerability in its PAN-OS software that allows attackers to force firewalls into unexpected reboots using specially crafted network packets. The flaw, tracked as CVE-2025-4619, affects multiple versions of PAN-OS running on PA-Series and…
Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens
On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm package “@acitons/artifact” had accumulated over 206,000 downloads before being removed, posing a significant threat to GitHub-owned repositories and potentially compromising…
Phishing Emails Alert: How Spam Filters Can Steal Your Email Logins in an Instant
Cybercriminals have launched a sophisticated phishing campaign that exploits trust in internal security systems by spoofing email delivery notifications to appear as legitimate spam-filter alerts within organizations. These deceptive emails are designed to steal login credentials that could compromise email…
OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio Data
Security researchers have successfully extracted the system prompt from OpenAI’s Sora 2 video generation model by exploiting cross-modal vulnerabilities, with audio transcription proving to be the most effective extraction method. Sora 2, OpenAI’s state-of-the-art multimodal model for generating short video…
Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years
Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over 43,000 malicious packages published across at least 11 user accounts, remained active in the registry for nearly two years before…
Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized Code
A sophisticated campaign attributed to North Korean-aligned threat actors is weaponizing legitimate JSON storage services as an effective vector for deploying advanced malware to software developers worldwide. The “Contagious Interview” operation demonstrates how threat actors continue to innovate in their…
SmartApeSG Uses ClickFix to Deploy NetSupport RAT
The SmartApeSG campaign, also known as ZPHP and HANEYMANEY, continues to evolve its infection tactics, pivoting to ClickFix-style attack vectors. Security researchers have documented the campaign’s latest methodology, which uses deceptive fake CAPTCHA pages to trick users into executing malicious…
CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of a new zero-day vulnerability in Microsoft Windows. This security flaw, tracked as CVE-2025-62215, affects the Windows Kernel and could allow attackers to escalate…
Operation Endgame: Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and Elysium
Between November 10 and 14, 2025, law enforcement agencies executed one of the most significant coordinated operations against cybercriminals in recent history. Operation Endgame, coordinated from Europol’s headquarters in The Hague, successfully dismantled three major threats to global cybersecurity: the…