Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers, targeting unsuspecting users and businesses across multiple industries. These threats, including the CyberLock and Lucky_Gh0$t ransomware families, along with a newly identified destructive malware dubbed…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges
A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security gap in Microsoft Entra ID that could allow external guest users to gain powerful control over Azure environments. Contrary to common assumptions, Entra B2B guest…
Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features
Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for threat actors targeting Windows-based systems in a thorough technical research carried out by eSentire’s Threat Response Unit (TRU) during 2024 and 2025. This loader, favored…
Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates
A critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source monitoring platform. The flaw, affecting installations built with OpenSSL versions older than 1.1.0, could allow attackers to obtain valid certificates from the Icinga Certificate Authority (CA),…
Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks
Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As organizations increasingly adopt multifactor authentication (MFA), passwordless solutions, and robust email protections, threat actors are…
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active…
New Study Uncovers Multiple Vulnerabilities in WeChat and IM Apps
Instant messaging (IM) applications like WeChat have become indispensable for billions, facilitating not only communication but also payments, business, and personal data exchange. However, their ubiquity and complexity make them prime targets for sophisticated cyberattacks. This article explores how a…
Windows 11 Security Update for 22H2 & 23H2 May Cause Recovery Errors
A recent Windows 11 security update, KB5058405, released on May 13, 2025, has caused significant boot failures for some users running Windows 11 versions 22H2 and 23H2—especially in enterprise and virtual environments. Affected systems display a recovery error with code…
MICI NetFax Server Flaws Allow Attackers to Execute Remote Code
In a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd’s NetFax Server, affecting all versions before 3.0.1.0. These flaws—CVE-2025-48045, CVE-2025-48046, and CVE-2025-48047—allow attackers to gain root-level access through a chain of authenticated attacks, with…
Hackers Use AI-Generated Videos on TikTok to Spread Info-Stealing Malware
TrendMicro has uncovered a sophisticated campaign where threat actors are exploiting TikTok to distribute information-stealing malware. By leveraging AI-generated videos posing as tutorials for unlocking pirated software, cybercriminals trick unsuspecting viewers into executing malicious PowerShell commands. These commands download dangerous…
Novel Malware Evades Detection by Skipping PE Header in Windows
Researchers have identified a sophisticated new strain of malware that bypasses traditional detection mechanisms by entirely omitting the Portable Executable (PE) header in Windows environments. This innovative evasion tactic represents a significant shift in how malicious software can infiltrate systems,…
Weaponized PyPI Package Executes Supply Chain Attack to Steal Solana Private Keys
A chilling discovery by Socket’s Threat Research Team has exposed a meticulously crafted supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias “cappership.” The attack leverages a malicious package named semantic-types to…
Safari Flaw Exploited by BitM Attack to Steal User Login Data
A new wave of phishing attacks, known as Fullscreen Browser-in-the-Middle (BitM) attacks, is exploiting browser features to steal user credentials with unprecedented stealth. Unlike traditional phishing, which relies on fake websites and visible clues, BitM attacks leverage remote browser sessions…
Next.js Dev Server Vulnerability Leads to Developer Data Exposure
A recently disclosed vulnerability, CVE-2025-48068, has raised concerns among developers using the popular Next.js framework. This flaw, affecting versions 13.0.0 through 15.2.1 when the App Router is enabled, allows attackers to exploit the development server via Cross-site WebSocket Hijacking (CSWSH),…
New Rust-Based InfoStealer Uses Fake CAPTCHA to Deliver EDDIESTEALER
A newly discovered Rust-based infostealer, dubbed EDDIESTEALER, has been uncovered by Elastic Security Labs, spreading through a sophisticated social engineering tactic involving fake CAPTCHA verification pages. Mimicking legitimate CAPTCHA systems like Google’s reCAPTCHA, these malicious prompts deceive users into executing…
North Korean IT Workers Exploit Legitimate Software and Network Tactics to Evade EDR
A North Korean IT worker, operating under a false identity, was uncovered infiltrating a Western organization with a sophisticated remote-control system. This incident, exposed during a U.S. federal raid on a suspected laptop farm, showcases a chilling trend where adversaries…
Critical Cisco IOS XE Flaw Permits Arbitrary File Upload — PoC Released
A critical security vulnerability, tracked as CVE-2025-20188, has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs), threatening enterprise wireless infrastructures worldwide. This flaw, scoring a maximum 10.0 on the CVSS scale, allows unauthenticated remote attackers to upload arbitrary…
ConnectWise Hit by Advanced Cyberattack: Internal Data at Risk
ConnectWise, a leading provider of IT management and remote access software, has confirmed a cyberattack attributed to a sophisticated nation-state actor. The breach, discovered in May 2025, impacted a limited number of customers using the company’s ScreenConnect cloud platform, a…
SentinelOne Recovers: Platform Back Online After Extended Outage
On May 29, 2025, SentinelOne, a leading cybersecurity provider, experienced a significant platform outage that disrupted access to its commercial customer consoles worldwide. The incident began earlier in the day and was promptly acknowledged by SentinelOne, which communicated updates to…
Apache Tomcat CGI Servlet Flaw Enables Security Constraint Bypass
A newly disclosed vulnerability, CVE-2025-46701, has been identified in Apache Tomcat’s CGI servlet, allowing attackers to bypass security constraints under specific conditions. The flaw, announced on May 29, 2025, is rooted in the improper handling of case sensitivity within the…