Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Microsoft has launched Microsoft 365 E5 Security as an add-on to its Business Premium suite, providing small and medium-sized businesses (SMBs) with advanced tools to combat escalating cyber threats. The offering integrates enterprise-grade security features at a 57% cost savings…

Read more →

GitHub Copilot, once a developer-centric tool, is now revolutionizing workflows across technical and non-technical roles. With features like Agent Mode, CLI integration, and Project Padawan, Copilot is emerging as a universal productivity enhancer. This article explores three key developments reshaping…

Read more →

Peaklight malware has emerged as a significant threat, designed to steal sensitive information from compromised endpoints. This information stealer is often distributed through underground channels and is sometimes offered as a Malware-as-a-Service (MaaS), making it a continuously evolving and potent…

Read more →

Medusa ransomware attacks have seen a significant increase, rising by 42% between 2023 and 2024, with a further escalation in early 2025. This surge is attributed to the group Spearwing, which operates Medusa as a ransomware-as-a-service (RaaS) model. Spearwing and…

Read more →

The Remote Desktop Protocol (RDP) is a widely used tool for remote access, but it often leaves behind traces of user activity, which can be a concern for privacy and security. Recently, the use of the “/public” command-line option in…

Read more →

The Federal Bureau of Investigation (FBI) issued a critical alert through its Internet Crime Complaint Center (IC3) warning of a novel cyber extortion campaign targeting corporate executives. Criminal actors impersonating the notorious BianLian ransomware group are leveraging physical mail to…

Read more →

A critical security flaw (CVE-2024-56325) in Apache Pinot, a real-time distributed OLAP datastore, has been disclosed, allowing unauthenticated attackers to bypass authentication controls and gain unauthorized access to sensitive systems. Rated 9.8 on the CVSS scale, this vulnerability exposes organizations…

Read more →

Zero Trust is a security framework that operates under the assumption that no implicit trust exists within a network. Every request for access must be verified, regardless of whether it comes from within or outside the organization. Identity First Security…

Read more →

Kudelski Security Research recently published an article detailing advanced methods for tracking and analyzing threat actor infrastructure, providing valuable insights into cyber attack patterns and attribution techniques. Decoding Threat Actor Infrastructure: A Case Study The research team demonstrated their approach…

Read more →

Trend Micro’s Managed XDR team has recently investigated a sophisticated Business Email Compromise (BEC) attack that targeted multiple business partners. The incident, which occurred over several days, involved the exploitation of a compromised email server to orchestrate a complex fraud…

Read more →

Cybercriminals are evolving their phishing methods, employing more sophisticated social engineering tactics to deceive their targets. Recent findings from ESET’s APT Activity Report highlight a concerning trend where threat actors are establishing relationships with potential victims before deploying malicious content.…

Read more →

Traffic Distribution Systems (TDS) have emerged as critical tools for both legitimate and malicious purposes, serving as sophisticated redirection networks that manage traffic flow across multiple endpoints. While businesses use TDS to optimize marketing campaigns and improve service reliability, cybercriminals…

Read more →

Orange Cyberdefense has announced the development of InvokeADCheck, a new PowerShell module designed to streamline Active Directory (AD) assessments. Created by Niels Hofland and colleague Justin, this tool aims to address the challenges faced by IT administrators and security professionals…

Read more →

A critical zero-day vulnerability in Sitecore’s enterprise content management system (CMS) has been uncovered, enabling unauthenticated attackers to execute arbitrary code on affected servers. Designated CVE-2025-27218, this pre-authentication remote code execution (RCE) flaw resides in Sitecore versions up to 10.4 and…

Read more →

A recent investigation into misconfigured Apache Airflow instances has uncovered critical vulnerabilities exposing login credentials, API keys, and cloud service access tokens to potential attackers. These workflow platform misconfigurations—primarily caused by insecure coding practices and outdated deployments—have compromised data security…

Read more →

Federal authorities have unveiled details of a sophisticated cybercrime operation targeting financial institutions across four states, resulting in the arrests of two Venezuelan nationals linked to the violent Tren de Aragua criminal organization. David Jose Gomez Cegarra, 24, and Jesus…

Read more →

A recent physical penetration test conducted by cybersecurity firm Hackmosphere, revealed critical security flaws in a furniture company’s retail store. The test, which simulated real-world attack scenarios, exposed four major vulnerabilities that could potentially lead to unauthorized access to sensitive…

Read more →

A sophisticated malware campaign has been uncovered, exploiting the growing popularity of Windows Packet Divert drivers for bypassing internet restrictions. Cybercriminals are distributing the SilentCryptoMiner malware disguised as legitimate tools, affecting over 2,000 victims in Russia alone. The attack vector…

Read more →

Security researchers at Socket have uncovered a sophisticated malware campaign targeting the Go ecosystem. The threat actor has published at least seven malicious packages on the Go Module Mirror, impersonating widely-used Go libraries to install hidden loader malware on Linux…

Read more →

A significant leak of internal chat logs from the Black Basta ransomware group has provided cybersecurity researchers with unprecedented insight into their operations, capabilities, and motivations. The leak, released on February 11, 2024, by a Telegram user named ExploitWhispers, contained…

Read more →