The threat actor delivers three Remote Access Trojans (RATs)—ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT—via phishing sites hosted on GitHub Pages. These sites masquerade as legitimate software installers for popular applications. In each instance, a ZIP archive contains…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Palo Alto Networks User-ID Agent Flaw Leaks Passwords in Cleartext
A newly disclosed vulnerability in the Palo Alto Networks User-ID Credential Agent on Windows systems allows service account passwords to be exposed in cleartext under certain non-default configurations. Tracked as CVE-2025-4235, the flaw carries a CVSS base score of 4.2…
PoisonSeed Threat Actor Strengthens Credential Theft Operations with New Domains
Spoof the email delivery platform SendGrid and employ fake Cloudflare CAPTCHA interstitials to lend legitimacy before redirecting unsuspecting users to credential harvesting pages. Since June 1, 2025, DomainTools Investigations has identified 21 newly registered domains exhibiting hallmarks of the eCrime…
ZynorRAT Exploits Windows and Linux Systems to Gain Remote Access
During a recent threat hunting exercise, the Sysdig Threat Research Team (TRT) identified a new sample dubbed ZynorRAT. This Go-based Remote Access Trojan (RAT) delivers a comprehensive suite of custom command-and-control (C2) capabilities for both Linux and Windows systems. First…
Wyden Urges FTC to Investigate Microsoft Over Weak RC4 Encryption Enabling Kerberoasting
Senator Ron Wyden has formally requested the Federal Trade Commission investigate Microsoft for cybersecurity negligence that has enabled ransomware attacks against critical infrastructure organizations nationwide. In a September 10 letter to FTC Chair Andrew Ferguson, Wyden detailed how Microsoft’s dangerous…
NVIDIA NVDebug Tool Vulnerability Lets Attackers Gain Elevated System Access
A critical vulnerability in NVIDIA’s NVDebug tool could allow attackers to gain elevated system access, execute code, or tamper with data. NVIDIA released a security bulletin on September 8, 2025, reporting three distinct flaws in the NVDebug tool and urging…
Cursor AI Code Editor RCE Flaw Allows Malicious Code to Autorun on Machines
A critical vulnerability in the Cursor AI Code Editor exposes developers to stealthy remote code execution (RCE) attacks when opening code repositories, security researchers warn. The flaw, discovered by Oasis Security, allows attackers to deliver and run harmful code automatically,…
1.5 Billion Packets Per Second DDoS Attack Detected with FastNetMon
FastNetMon today announced that it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed. The…
ChillyHell macOS Malware: Three Methods of Compromise and Persistence
A new wave of macOS-targeted malware has emerged under the radar—despite employing advanced process reconnaissance and maintaining successful notarization status for years. Jamf Threat Labs recently uncovered a developer-signed sample on VirusTotal that used sophisticated endpoint profiling and established persistence…
DDoS Mitigation Provider Hit by Massive 1.5 Billion Packets Per Second Attack
FastNetMon today announced it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack peaked at 1.5 billion packets per second (1.5 Gpps), making it one of the largest…
Key Operators of LockerGoga, MegaCortex, and Nefilim Ransomware Gangs Arrested
The U.S. District Court for the Eastern District of New York has charged Volodymyr Viktorovich Tymoshchuk, a Ukrainian national known as deadforz, Boba, msfv, and farnetwork, for his role in administering LockerGoga, MegaCortex, and Nefilim ransomware operations. The indictment alleges…
ACSC Warns of Actively Exploited SonicWall Access Control Vulnerability
The Australian Cyber Security Centre (ACSC) has issued an urgent warning about a critical vulnerability in SonicWall firewall devices that is being actively exploited by threat actors. The flaw, tracked as CVE-2024-40766, affects SonicOS management access and SSLVPN functionality across…
Chrome Extension Scam Exposed: Hackers Stealing Meta Accounts
A sophisticated campaign targeting Meta advertisers through fake AI-powered ad optimization tools has been uncovered, with cybercriminals deploying malicious Chrome extensions to steal credentials and hijack business accounts. Cybereason Security Services has identified an evolving malicious Chrome extension campaign that…
Hackers Reap Minimal Gains from Massive npm Supply Chain Breach
On September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to compromise the account of well-known npm developer Qix, subsequently publishing malicious releases for several widely-used…
Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using Safari
A recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could only be exploited on the Safari browser.…
Dell PowerProtect Data Manager Flaw Allows System Compromise by Attackers
Dell has released a critical security update for its PowerProtect Data Manager (PPDM) platform, addressing multiple vulnerabilities that could allow attackers to compromise systems and execute arbitrary commands. The security advisory DSA-2025-326 reveals several high-severity flaws affecting versions 19.19 and…
CyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research Institutions
CyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom. Operating with pro-Russian leanings, CyberVolk specifically targets states perceived as hostile to Russian…
Multiple Vulnerabilities in GitLab Patched, Blocking DoS and SSRF Attack Vectors
GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure. The company released versions 18.3.2, 18.2.6, and 18.1.6 for both Community Edition and Enterprise Edition,…
AsyncRAT Leverages Fileless Techniques to Bypass Detection
Fileless malware has become a formidable adversary for security teams, operating entirely in memory and evading disk-based detection. A recent incident demonstrates how attackers leveraged a multi-stage fileless loader to deploy AsyncRAT, a powerful Remote Access Trojan (RAT), through legitimate…
Meta Verified Scam Ads on Facebook Steal User Account Details
Content creators and small businesses are facing a sophisticated new threat targeting their Facebook accounts through deceptive advertisements promising free Meta verification badges. A new malvertising campaign is targeting Facebook users with malicious ads that promise to unlock Meta’s coveted…