A severe security vulnerability (CVE-2024-52577) in Apache Ignite, the open-source distributed database and computing platform, has been disclosed. The flaw enables remote attackers to execute arbitrary code on vulnerable servers by exploiting insecure deserialization mechanisms in specific configurations. First reported…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
GPT-4o Copilot Covers More Than 30 Popular Programming Languages
GitHub has launched GPT-4o Copilot, a refined code completion model now available to Visual Studio Code users. Built on the GPT-4o mini architecture and trained on over 275,000 high-quality public repositories, the update marks a leap in multi-language support, performance accuracy, and contextual understanding…
CISA Issues Two New ICS Advisories Addressing Exploits and Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated its cybersecurity alerts on February 18, 2025, releasing two critical Industrial Control Systems (ICS) advisories targeting vulnerabilities in Delta Electronics’ CNCSoft-G2 and Rockwell Automation’s GuardLogix controllers. These advisories flagged under ICSA-24-191-01…
Chrome Buffer Overflow Flaws Let Hackers Execute Arbitrary Code & Gain System Access
Google has rolled out an urgent security update for its Chrome browser, patching three vulnerabilities—including two critical heap buffer overflow flaws—that could enable attackers to execute arbitrary code and seize control of affected systems. The update (version 133.0.6943.126/.127 for Windows/Mac…
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension
SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using the .NET framework. This malware is notorious for its advanced obfuscation techniques, making it challenging to analyze and detect. Recently, cybersecurity researchers uncovered a new campaign…
Cybercriminals Embedded Credit Card Stealer Script Within ![]()
Tag
Cybersecurity researchers have uncovered a new MageCart malware campaign targeting e-commerce websites running on the Magento platform. This attack exploits <img> HTML tags to conceal malicious JavaScript skimmers, enabling cybercriminals to steal sensitive payment information while evading detection by security…
Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions
A sophisticated malware campaign leveraging the Lumma InfoStealer has been identified, targeting educational institutions to distribute malicious files disguised as PDF documents. This campaign employs compromised school infrastructure to deliver weaponized LNK (shortcut) files masquerading as legitimate PDFs, initiating a…
New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation
A significant vulnerability has been identified in large language models (LLMs) such as ChatGPT, raising concerns over their susceptibility to adversarial attacks. Researchers have highlighted how these models can be manipulated through techniques like prompt injection, which exploit their text-generation…
New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats
A recent study by researchers from the National University of Singapore and NCS Cyber Special Ops R&D explores how the MITRE ATT&CK framework can be enhanced to address the rapidly evolving landscape of cyber threats. The research synthesizes findings from…
Threat Actors Trojanize Popular Games to Evade Security and Infect Systems
A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of popular games. Exploiting the holiday season’s heightened torrent activity, the attackers distributed compromised game installers via torrent trackers. The campaign, which lasted for a month, primarily…
EagerBee Malware Targets Government Agencies & ISPs with Stealthy Backdoor Attack
A sophisticated cyber espionage campaign leveraging the EagerBee malware has been targeting government agencies and Internet Service Providers (ISPs) across the Middle East. This advanced backdoor malware, attributed to the Chinese-linked threat group CoughingDown, demonstrates cutting-edge stealth capabilities and persistence…
Intruder Expands ‘Intel’ Vulnerability Intelligence Platform with AI-Generated CVE Descriptions
Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster. Intruder, a leader in attack surface management, has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, Intel.…
Zacks Investment Data Breach Exposes 12 Million Emails and Phone Numbers
A cybersecurity incident at Zacks Investment Research has exposed sensitive data belonging to 12 million users, marking the second major breach for the financial services firm since 2022. The compromised information includes email addresses, phone numbers, names, IP addresses, physical…
BitConnect Scam Exposed as Indian Authorities Seize Illicit Gains
The Directorate of Enforcement (ED) in Ahmedabad has dealt a significant blow to one of history’s largest cryptocurrency frauds, recovering Rs. 1,646 crore (approx. $219 million) in illicit crypto assets linked to the BitConnect Ponzi scheme during coordinated raids on 11 and…
Black-Hat SEO Poisioning Attacks Exploit Indian Government and Financial Websites
A sophisticated black-hat SEO poisoning campaign has compromised over 150 Indian government websites and financial institutions, redirecting millions of users to fraudulent gambling platforms promoting rummy and high-risk “investment” games. The operation, exploits vulnerabilities in government portals (.gov.in) and educational…
WinRAR 7.10 Latest Version Released – What’s New!
The popular file compression and archiving tool, WinRAR 7.10, has released with new features, interface enhancements, and improved performance. WinRAR 7.10 represents a landmark update that modernizes core components while addressing evolving user needs in data management and system security.…
Microsoft Text Services Framework Exploited for Stealthy Persistence
A novel persistence mechanism exploiting Microsoft’s Text Services Framework (TSF) has been uncovered by researchers at Praetorian Labs, revealing a sophisticated method for maintaining long-term access to compromised systems. While requiring administrative privileges for initial deployment, this technique enables stealthy…
Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit
Cybersecurity researchers have uncovered a novel phishing campaign distributing the notorious Tycoon 2FA phishing kit through fraudulent timesheet notification emails, marking a concerning evolution in multi-layered credential theft operations. The operation utilizes Pinterest’s visual bookmarking service as an intermediary redirector,…
Juniper Issues Warning About Critical Authentication Bypass Vulnerability
Juniper Networks has issued an urgent security bulletin for its Session Smart Router, Session Smart Conductor, and WAN Assurance Router product lines, revealing a critical API authentication bypass vulnerability (CVE-2025-21589) that enables unauthenticated attackers to gain full administrative control over…
ChatGPT Operator Prompt Injection Exploit Leaks Private Data
According to recent findings by cybersecurity researcher Johann Rehberger, OpenAI’s ChatGPT Operator, an experimental agent designed to automate web-based tasks, faces critical security risks from prompt injection attacks that could expose users’ private data. In a demonstration shared exclusively with…