The North Korean state-sponsored threat actor group, identified as TA444 (also known as BlueNoroff, Sapphire Sleet, and others), has unleashed a sophisticated malware campaign targeting cryptocurrency foundations. This intricate attack, uncovered by Huntress, leverages weaponized Calendly links and deceptive Google…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Over 100,000 WordPress Sites Exposed to Privilege Escalation via MCP AI Engine
The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed on over 100,000 WordPress websites. This vulnerability, classified as an Insufficient Authorization to Privilege Escalation via Model Context Protocol (MCP),…
Silver Fox APT Uses Weaponized Medical Software to Deploy Remote Access Tools and Disable AV
The China-based advanced persistent threat (APT) group Silver Fox, also known as Void Arachne or The Great Thief of Valley, has been identified as the orchestrator of a complex multi-stage campaign targeting healthcare delivery organizations (HDOs) and public sector entities.…
Gamers Targeted! Fake Minecraft Mods Enable Attackers to Take Control of Your System
Minecraft, the wildly popular sandbox game with over 200 million monthly active players, has become the latest hunting ground for cybercriminals. Check Point Research recently uncovered a sinister campaign targeting Minecraft users through the Stargazers Ghost Network, a Distribution as…
jQuery Migrate Library Compromised to Steal Logins via Parrot Traffic Direction System
Security researchers from the Trellix Advanced Research Centre have uncovered a sophisticated malware campaign exploiting the widely trusted jQuery Migrate library, a backward compatibility plugin used extensively in platforms like WordPress, Joomla, and Drupal. The attack, which began with a…
Hackers Deploy Amatera Stealer Using Advanced Web Injection and Anti-Analysis Techniques
Proofpoint has uncovered a rebranded and significantly enhanced information stealer named Amatera Stealer, derived from the previously known ACR Stealer. Identified in early 2025, this malware exhibits substantial code overlap with its predecessor but introduces advanced features and stealth mechanisms…
Android Spyware SpyNote Masquerading as Google Translate Found in Open Directories
Our team stumbled upon a disturbing array of SpyNote spyware samples lurking in open directories across the internet. These misconfigured digital repositories, often overlooked as mere storage spaces, have become unwitting hosts to dangerous malware targeting Android users. Uncovering Hidden…
Krispy Kreme Data Breach Exposes Customer Personal Information
Krispy Kreme Doughnut Corporation has confirmed a significant data breach that exposed the personal information of over 160,000 individuals following a ransomware attack in late 2024. The incident, which affected both employees and customers, has raised concerns about data security…
Hackers Use VBScript Files to Deploy Masslogger Credential Stealer Malware
Seqrite Labs has uncovered a sophisticated variant of the Masslogger credential stealer malware being distributed through VBScript Encoded (.VBE) files. This advanced threat, which likely spreads via spam emails or drive-by downloads, operates as a multi-stage fileless malware, heavily exploiting…
Qilin Ransomware Rises as Major Threat, Demanding $50M in Ransom
The global cybersecurity landscape is facing a seismic shift as the Qilin ransomware group, also known as Agenda, has surged to the forefront of digital extortion, demanding ransoms as high as $50 million and disrupting critical services worldwide. Once an…
Golden SAML Attack: How Attackers Gain Control of Federation Server’s Private Key
The Golden SAML assault is a lesser-known but much more dangerous threat in a world where password-based hacks breach millions of accounts every month. Unlike common password sprays or phishing attempts, Golden SAML attacks are rare, with Microsoft reporting only…
Viasat Targeted in Cyberattack by Salt Typhoon APT Group
Viasat Inc., a leading U.S. satellite and wireless communications provider, has been identified as the latest victim in a sweeping cyberespionage campaign attributed to the Chinese state-sponsored group known as Salt Typhoon. The breach, which occurred during the 2024 U.S.…
Threat Actor Exploit GitHub and Hosted 60 GitHub Repositories with 100s of Malware
A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide, by hosting over 60 malicious repositories containing hundreds of trojanized Python files. Discovered by the ReversingLabs threat research team, this campaign…
Sophisticated Phishing Attack Uses ASP Pages to Target Prominent Russia Critics – Google
Google Threat Intelligence Group (GTIG), in collaboration with external partners, has uncovered a sophisticated phishing campaign orchestrated by a Russia state-sponsored cyber threat actor, tracked as UNC6293. Active from at least April through early June 2025, this campaign specifically targeted…
ClamAV 1.4.3 and 1.0.9 Released with Fixes for Critical Remote Code Execution Vulnerability
The ClamAV development team has rolled out two crucial security patch releases, versions 1.4.3 and 1.0.9, aimed at resolving significant vulnerabilities that could compromise system integrity. Alongside these patches, the team has introduced Linux aarch64 (ARM64) RPM and DEB installer…
Hackers Exploit Cloudflare Tunnels to Infect Windows Systems With Python Malware
A sophisticated malware campaign dubbed SERPENTINE#CLOUD has emerged, leveraging Cloudflare Tunnel infrastructure to deliver Python-based malware to Windows systems across Western nations, including the United States, United Kingdom, and Germany. This ongoing operation, characterized by its use of obfuscated scripts…
Microsoft Entra ID Adds Passkey (FIDO2) Support in Public Preview
Microsoft has announced a significant update to its identity platform, Microsoft Entra ID, with the introduction of expanded passkey (FIDO2) support in public preview. Set to roll out globally from mid-October to mid-November 2025, this enhancement marks a major step…
Jitter-Trap: New Method Uncovers Stealthy Beacon Communications
A groundbreaking detection technique called Jitter-Trap has been unveiled by Varonis Threat Labs, promising to revolutionize how organizations identify one of the most elusive stages in the cyberattack lifecycle: post-exploitation and command-and-control (C2) communication. This method leverages the very randomness that threat…
LogMeIn Remote Access Abused in Targeted System Compromise
A sophisticated cyberattack campaign has been uncovered, leveraging LogMeIn Resolve remote access software to gain unauthorized control over user systems. Security researchers report that the attack begins with a convincingly crafted invoice-themed spam email, designed to trick recipients into opening…
Cisco AnyConnect VPN Flaw Allows Attackers to Launch DoS Attacks
A newly disclosed vulnerability in Cisco’s AnyConnect VPN implementation for Meraki MX and Z Series devices poses a significant risk to enterprise networks, enabling unauthenticated attackers to disrupt remote access by triggering denial-of-service (DoS) conditions. The flaw, tracked as CVE-2025-20271,…