Akamai Technologies disclosed a critical HTTP request smuggling vulnerability affecting its content delivery network platform that could allow attackers to inject hidden secondary requests through a sophisticated exploitation technique. The vulnerability, designated CVE-2025-32094, was discovered through the company’s bug bounty…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
‘Ghost Calls’ Attack Exploits Web Conferencing as Hidden Command-and-Control Channel
Security researchers have unveiled a sophisticated new attack technique called “Ghost Calls” that exploits popular web conferencing platforms to establish covert command-and-control (C2) channels, effectively turning trusted business communication tools into hidden pathways for cybercriminals. The technique, presented by Adam…
HTTP/1.1 Vulnerability Could Let Attackers Hijack Millions of Sites
Security researchers have unveiled a fundamental vulnerability in HTTP/1.1 that could allow attackers to hijack millions of websites, highlighting a persistent threat that has plagued web infrastructure for over six years despite ongoing mitigation efforts. PortSwigger’s latest research reveals that…
SocGholish Uses Parrot and Keitaro TDS to Spread Malware via Fake Updates
SocGholish, operated by the threat actor group TA569, has solidified its role as a prominent Malware-as-a-Service (MaaS) provider, functioning as an Initial Access Broker (IAB) that sells compromised system access to various cybercriminal clients. Since its emergence around 2017-2018, this…
Nvidia Denies Presence of Backdoors, Kill Switches, or Spyware in Its Chips
Nvidia has issued a comprehensive denial regarding allegations that its graphics processing units contain backdoors, kill switches, or spyware, emphasizing that such features would fundamentally undermine global digital infrastructure and cybersecurity principles. The chipmaker’s statement comes amid growing discussions among…
New Active Directory Attack Method Bypasses Authentication to Steal Data
Security researchers have uncovered a novel attack technique that exploits weaknesses in hybrid Active Directory (AD) and Entra ID environments to bypass authentication and exfiltrate sensitive data. The method, showcased at Black Hat USA 2025 by cybersecurity expert Dirk-jan Mollema,…
HeartCrypt-Packed ‘AVKiller’ Tool Actively Deployed in Ransomware Attacks to Disable EDR
Threat actors are placing a higher priority on neutralizing endpoint detection and response (EDR) systems in order to remain stealthy in the dynamic world of multi-stage cyberattacks. Since 2022, malware sophistication has surged, with tools specifically engineered to disable EDR…
WhatsApp Removes 6.8 Million Accounts Over Malicious Activity Concerns
WhatsApp has permanently removed 6.8 million accounts during the first half of 2024 as part of an aggressive crackdown on global scamming operations, parent company Meta announced this week. The massive account purge primarily targeted sophisticated fraud networks operating from…
Hackers Exploit Social Engineering to Gain Remote Access in Just 5 Minutes
Cybersecurity experts are raising alarms over a sophisticated social engineering attack that allowed threat actors to compromise corporate systems in under five minutes, according to a recent incident response investigation by NCC Group’s Digital Forensics and Incident Response (DFIR) team.…
New Microsoft Exchange Server Vulnerability Allows Unauthorized Admin Privilege Escalation
Microsoft has disclosed a high-severity security vulnerability affecting Exchange Server hybrid deployments that could allow attackers with administrative access to escalate privileges and potentially compromise an organization’s entire cloud and on-premises infrastructure. The vulnerability, tracked as CVE-2025-53786, was announced on…
Google’s Salesforce Environment Compromised – User Information Exfiltrated
Google has confirmed that one of its corporate Salesforce instances was breached in June by sophisticated threat actors, resulting in the theft of contact information for small and medium businesses. The incident highlights the growing threat of voice phishing attacks…
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT
North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware represents a reimplementation of the earlier…
Akira and Lynx Ransomware Target MSPs Using Stolen Credentials and Exploited Vulnerabilities
The Acronis Threat Research Unit (TRU) dissected recent samples from the Akira and Lynx ransomware families, revealing incremental enhancements in their ransomware-as-a-service (RaaS) models and double-extortion strategies. Both groups leverage stolen credentials, VPN vulnerabilities, reconnaissance, privilege escalation, defense evasion, and…
Threat Actors Exploit Smart Contracts to Drain Over $900K from Crypto Wallets
SentinelLABS has exposed a sophisticated series of cryptocurrency scams where threat actors distribute malicious smart contracts masquerading as automated trading bots, resulting in the drainage of user wallets exceeding $900,000 USD. These scams leverage obfuscated Solidity code deployed on platforms…
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least…
UAC-0099 Hackers Weaponize HTA Files to Deploy MATCHBOIL Loader Malware
UAC-0099 is a threat actor organization that has been targeting state officials, defense forces, and defense-industrial firms in a series of sophisticated cyberattacks that Ukraine’s CERT-UA has been investigating. The attacks typically initiate with phishing emails from UKR.NET addresses, featuring…
Threat Actors Use GenAI to Launch Phishing Attacks Mimicking Government Websites
Threat actors are increasingly leveraging generative AI (GenAI) tools to craft highly convincing phishing websites that impersonate legitimate government portals. As highlighted by Zscaler ThreatLabz in their recent reports and blogs, the dual nature of GenAI empowering productivity for legitimate…
Sophisticated DevilsTongue Spyware Tracks Windows Users Worldwide
Insikt Group has uncovered new infrastructure tied to the Israeli spyware vendor Candiru, now operating under Saito Tech Ltd., highlighting the persistent deployment of its advanced DevilsTongue malware. Utilizing Recorded Future Network Intelligence, researchers identified eight distinct operational clusters, each…
CAPTCHAgeddon: Fake CAPTCHA Used in New ClickFix Attack to Deploy Malware Payload
ClickFix, which began as a red-team simulation tool in September 2024, has quickly developed into a widespread malware delivery system that outcompetes its predecessors, such as the ClearFake phony browser update fraud. Initially demonstrated by security researcher John Hammond for…
Fake Antivirus App Delivers LunaSpy Malware to Android Devices
A sophisticated cybercrime campaign has been discovered targeting Android users through fake antivirus applications that actually deliver LunaSpy spyware to victims’ devices. Security researchers have identified this malicious operation as an active threat that exploits users’ security concerns to gain…