A severe security vulnerability has been uncovered in the popular video game Marvel Rivals, raising major concerns for both PC and PlayStation 5 players. The exploit, discovered by a security researcher, enables attackers to remotely take control of devices on the…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Penetration Testers Arrested During Approved Physical Penetration Testing
A routine physical penetration test conducted by cybersecurity professionals took an unexpected turn when armed police officers arrested two security experts during a simulated breach of a corporate office in Malta. Physical penetration testing is a critical component of cybersecurity…
Massive Brute Force Attack Launched With 2.8 Million IPs To Hack VPN & Firewall Logins
Massive brute force attacks targeting VPNs and firewalls have surged in recent weeks, with cybercriminals using as many as 2.8 million unique IP addresses daily to conduct relentless login attempts. The Shadowserver Foundation, a nonprofit cybersecurity organization, has confirmed this…
Cisco Data Breach – Ransomware Group Allegedly Breached Internal Network
Sensitive credentials from Cisco’s internal network and domain infrastructure were reportedly made public due to a significant data breach. According to a Cyber Press Research report, the new Kraken ransomware group has allegedly leaked a dataset on their dark web…
Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data
Serious vulnerabilities in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform, have raised alarm in the cybersecurity community. Security researchers have identified several critical flaws that allow attackers to access sensitive data and compromise user accounts. With…
Linux Kernel 6.14-rc2 Released – What’s Newly Added !
Linus Torvalds, lead developer of the Linux kernel, announced the second release candidate (rc2) of Linux Kernel 6.14, providing developers and enthusiasts with a glimpse at the latest updates and fixes in the kernel’s development cycle. The announcement was made…
Tor Browser 14.0.6 Released, What’s New!
The Tor Project has officially unveiled Tor Browser 14.0.6, now accessible for download from the Tor Browser download page and its distribution directory. The latest update introduces critical fixes and enhancements, ensuring a smoother and more secure browsing experience for users. Here’s a detailed…
Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released
A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious cybersecurity concerns. Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this flaw allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their…
UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access
United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all encrypted content stored in its iCloud service. The demand, issued under the U.K.’s controversial Investigatory Powers Act of 2016, has raised alarm among privacy advocates and…
Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks
Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is transmitted by focusing on the meaning of data rather than raw content. Unlike traditional communication methods, these systems encode semantic features such as text, images, or…
Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity
Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning and automation capabilities to simulate sophisticated cyberattacks. Recent research demonstrates how autonomous LLM-driven systems can effectively perform assumed breach simulations in enterprise environments, particularly targeting Microsoft…
Cybercriminals Target IIS Servers to Spread BadIIS Malware
A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services (IIS) servers by threat actors deploying the BadIIS malware. This campaign, attributed to Chinese-speaking groups, leverages IIS vulnerabilities to manipulate search engine optimization (SEO) rankings and…
Hackers Leveraging Image & Video Attachments to Deliver Malware
Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques like steganography and social engineering. These methods allow attackers to embed malicious code within seemingly harmless multimedia files, bypassing traditional security measures and deceiving unsuspecting users.…
Microsoft Sysinternals 0-Day Vulnerability Enables DLL Injection Attacks on Windows
A critical zero-day vulnerability has been discovered in Microsoft Sysinternals tools, posing a serious security threat to IT administrators and developers worldwide. The vulnerability enables attackers to exploit DLL injection techniques to execute malicious code, putting systems at risk of compromise. Despite being disclosed…
Ghidra 11.3 Released – A Major Update to NSA’s Open-Source Tool
The National Security Agency (NSA) has officially released Ghidra 11.3, the latest iteration of its open-source software reverse engineering (SRE) framework. Known for its robust capabilities in analyzing compiled code across multiple platforms, including Windows, macOS, and Linux, this release…
New Scareware Attack Targeting Mobile Users to Deploy Malicious Antivirus Apps
A new wave of scareware attacks has emerged, targeting unsuspecting mobile users with fake antivirus applications designed to exploit fear and trick victims into downloading malicious software. Scareware, a type of digital fraud, employs social engineering tactics to alarm users…
7-Zip 0-Day Flaw Added to CISA’s List of Actively Exploited Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability affecting the popular file compression utility, 7-Zip, to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, identified as CVE-2025-0411, highlights a severe flaw that allows attackers…
Logsign Vulnerability Allows Remote Attackers to Bypass Authentication
A critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps Platform, allowing remote attackers to bypass authentication mechanisms. The vulnerability tracked as CVE-2025-1044, has been assigned a CVSS score of 9.8, placing it in the “Critical” severity…
Hackers Exploit DeepSeek & Qwen AI Models for Malware Development
Check Point Research (CPR) has revealed that cybercriminals are increasingly leveraging the newly launched AI models, DeepSeek and Qwen, to create malicious content. These models, which lack robust anti-abuse provisions, have quickly become a preferred choice for threat actors over…
Developers Beware! Malicious ML Models Found on Hugging Face Platform
In a concerning development for the machine learning (ML) community, researchers from ReversingLabs have uncovered malicious ML models on the Hugging Face platform, a popular hub for AI collaboration. Dubbed “nullifAI,” this novel attack method leverages vulnerabilities in the widely…