A critical zero-day vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software is being actively exploited in the wild. Tracked as CVE-2025-20333, this remote code execution flaw allows an authenticated attacker…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Unveiling LummaStealer’s Technical Details Through ML-Based Detection Approach
In early 2025, LummaStealer was in widespread use by cybercriminals targeting victims throughout the world in multiple industry verticals, including telecom, healthcare, banking, and marketing. A sweeping law enforcement operation in May brought this all to an abrupt halt. After…
Hackers Exploit Cisco ASA 0-Day to Deploy RayInitiator and LINE VIPER Malware
Security teams worldwide have been warned after attackers began exploiting a newly discovered zero-day vulnerability in Cisco Adaptive Security Appliance (ASA) 5500-X Series firewalls. The breach allows hackers to deploy sophisticated malware, dubbed RayInitiator and LINE VIPER, potentially giving them full control of…
LAMEHUG: An LLM-Driven Malware for Dynamic Reconnaissance and Data Exfiltration
A novel AI-driven threat leverages LLMs on Hugging Face to execute adaptive reconnaissance and data exfiltration in real time. Rather than relying on static scripts or prewritten payloads, LAMEHUG dynamically queries a Qwen 2.5-Coder-32B-Instruct model via the Hugging Face API…
Critical Cisco Flaw Lets Remote Attackers Execute Code on Firewalls and Routers
Cisco published Security Advisory cisco-sa-http-code-exec-WmfP3h3O revealing a severe flaw in multiple Cisco platforms that handle HTTP-based management. Tracked as CVE-2025-20363, this vulnerability stems from improper validation of user-supplied input in HTTP requests. CVE Affected Products Impact CVSS 3.1 Score CVE-2025-20363…
New XCSSET Malware Variant Targets macOS App Developers
Cybersecurity researchers have discovered an advanced variant of the XCSSET malware specifically targeting macOS developers through infected Xcode projects, introducing sophisticated clipboard hijacking and enhanced data exfiltration capabilities. Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild…
LockBit 5.0 Ransomware Targets Windows, Linux, and VMware ESXi Systems
Cybersecurity researchers at Trend Micro have discovered a new and dangerous variant of LockBit ransomware that targets Windows, Linux, and VMware ESXi systems, utilizing advanced obfuscation techniques and sophisticated cross-platform capabilities. Advanced Multi-Platform Attack Strategy LockBit 5.0 represents a significant…
Salesforce AI Agent Vulnerability Lets Attackers Steal Sensitive Data
Cybersecurity researchers at Noma Labs have discovered a critical vulnerability in Salesforce’s Agentforce AI platform that could allow attackers to steal sensitive customer data through sophisticated prompt injection techniques. The vulnerability, dubbed “ForcedLeak,” carries a CVSS score of 9.4, indicating…
BQTLOCK Ransomware Attacking Windows Users Via Telegram to Encrypt Files and Delete Backup
Security researchers have uncovered a new Ransomware-as-a-Service (RaaS) strain named BQTLOCK that is actively targeting Windows users through Telegram channels and dark web forums. Since mid-July, affiliates of the service have been distributing a ZIP archive containing a malicious executable…
Chinese State-Sponsored Hackers Targeting Telecommunications Infrastructure to Steal Sensitive Data
Chinese state-sponsored cyber threat group Salt Typhoon has intensified long-term espionage operations against global telecommunications infrastructure, according to recent legal and intelligence reporting. Aligned with the Ministry of State Security (MSS) and active since at least 2019, Salt Typhoon has…
Volvo Group Reports Data Breach Following Ransomware Attack on HR Vendor
Volvo Group has disclosed that a recent ransomware attack on its human resources software provider, Miljödata, may have resulted in unauthorized access to personal information belonging to its North American workforce. The incident underscores growing concerns about third-party risk and the importance…
ZendTo Flaw Lets Attackers Bypass Security Controls to Access Sensitive Data
A critical vulnerability in the popular file-sharing tool ZendTo allows authenticated users to traverse system paths and access or modify sensitive files belonging to other users. The flaw, tracked as CVE-2025-34508, affects ZendTo versions 6.15-7 and earlier. An attacker can…
New Malicious Rust Crates Impersonate fast_log to Steal Solana and Ethereum Wallet Keys
A pair of malicious Rust crates masquerading as the popular fast_log library have been uncovered, harvesting private Solana and Ethereum keys from developers’ environments. The impostor crates include legitimate-looking logging functionality to evade detection, while a hidden routine scans source…
Cisco IOS/XE Vulnerability Allows Unauthorized Access to Confidential Data
Cisco released an advisory describing a high-severity vulnerability (CVE-2025-20160) in its IOS and IOS XE platforms. The flaw stems from improper validation of the TACACS+ shared secret configuration. When TACACS+ is enabled but no secret is set, remote attackers or…
Hackers Use AI-Generated Code to Obfuscate Payloads and Bypass Traditional Defenses
A recent credential phishing campaign detected by Microsoft Threat Intelligence used AI-generated code within an SVG file to disguise malicious behavior. While the novel obfuscation techniques showcased attacker ingenuity, AI-powered defenses successfully blocked the attack—underscoring that AI-augmented threats remain detectable…
Hackers Use GitHub Notifications to Impersonate Y Combinator and Steal Wallet Funds
A recent wave of sophisticated phishing attacks has targeted developers and startups by impersonating Y Combinator through GitHub notifications. Victims are being tricked into believing they’ve been selected for startup funding, only to face financial theft via fake verification schemes.…
RedNovember Hackers Targeting Government and Tech Organizations to Install Backdoor
In July 2024, Recorded Future’s Insikt Group publicly exposed TAG-100, a cyber-espionage campaign leveraging the Go-based backdoor Pantegana against high-profile government, intergovernmental and private organizations worldwide. New evidence now attributes TAG-100 to a Chinese state-sponsored threat actor, designated RedNovember. Between…
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information
A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect…
SetupHijack Tool Abuses Race Conditions in Windows Installer to Hijack Setups
Security researchers at Hacker House have released SetupHijack, a proof-of-concept tool that exploits race conditions and insecure file handling in Windows installers and updaters. The utility demonstrates how attackers can hijack privileged setup processes to run malicious payloads with SYSTEM…
Malware Deployment via Copyright Takedown Claims by Threat Actors
Threat actors from the Lone None group are exploiting copyright takedown notices to distribute sophisticated malware, including Pure Logs Stealer and a newly identified information stealer dubbed Lone None Stealer (also known as PXA Stealer). This analysis examines the campaign’s…