Microsoft has taken a significant step toward enhancing cybersecurity by introducing a new phishing attack protection feature for Microsoft Teams. The feature aims to safeguard users from brand impersonation in chats initiated by external domains, a common tactic used by…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Apple Security Update – Patch for iOS Zero-day, MacOS & More
Apple has responded to a newly discovered zero-day vulnerability affecting its operating systems by releasing an array of security updates to protect users from potential exploitation. The updates span iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and Safari, demonstrating Apple’s commitment…
New Phishing Scam Targets Amazon Prime Membership to Steal Credit Card Data
A recent investigation has uncovered a sophisticated phishing campaign leveraging malicious PDF files to redirect unsuspecting users to fake Amazon-branded phishing websites. Researchers from Unit 42 reported that this campaign utilizes PDFs containing embedded links as an initial lure to…
Hackers Use Hidden Text Salting to Bypass Spam Filters and Evade Detection
In the latter half of 2024, Cisco Talos identified a significant increase in email threats leveraging “hidden text salting,” also referred to as HTML poisoning. This deceptive yet effective technique enables cybercriminals to bypass email parsers, confuse spam filters, and…
New Hacker Group Using 7z & UltraVNC Tool to Deploy Malware Evading Detection
A sophisticated cyber campaign targeting Russian-speaking entities has been identified by cybersecurity researchers, unveiling a deceptive operation imitating the Tactics, Techniques, and Procedures (TTPs) of the Gamaredon APT group. The attackers believed to be part of the GamaCopy group, exploited…
Hackers Mimic USPS To Deliver Malicious PDF In Attack Targeted Mobile Devices
In a detailed analysis published on January 27, 2025, Zimperium’s zLabs team uncovered a sophisticated phishing campaign targeting mobile devices through malicious PDF files. Disguised as communications from the United States Postal Service (USPS), this campaign employs advanced social engineering…
Stratoshark – A New Wireshark Tool Released for Cloud
The masterminds behind the revolutionary network analyzer Wireshark have unveiled a new tool, Stratoshark, designed to bring their proven methodology to system call analysis. Marking over 25 years since Wireshark’s inception, this latest development continues the legacy of democratizing complex…
Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access
A critical authentication vulnerability in Fortinet’s FortiGate SSL VPN appliance tracked as CVE-2024-55591, has been weaponized in active attacks. Threat actors have exploited this vulnerability to gain super-admin privileges, bypassing the authentication mechanism, and compromising devices globally. Cybersecurity experts warn organizations using…
Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows
A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0. The issue, classified as a Relative Path Traversal vulnerability, exposes Solr instances running on Windows to potential risks of arbitrary file path manipulation and write-access.…
Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft
IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory Integrator and IBM Security Verify Directory Integrator products. The vulnerabilities, identified through the Common Vulnerabilities and Exposures (CVE) system, expose users to various risks, including sensitive…
White House Considers Oracle-Led Takeover of TikTok with U.S. Investors
In a significant development, the Trump administration is reportedly formulating a plan to prevent a nationwide ban on TikTok, involving Oracle and a consortium of private investors. Under the proposed arrangement, ByteDance, TikTok’s Chinese parent company, would retain a minority…
Critical Isolation Vulnerability in Intel Trust Domain Extensions Exposes Sensitive Data
Researchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel Trust Domain Extensions (TDX), a foundational technology designed to ensure robust isolation between virtual machines (VMs) in secure environments. The study reveals that hardware performance…
GitHub Vulnerability Exposes User Credentials via Malicious Repositories
A cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper handling of credential protocols can lead to sensitive data leaks. From GitHub Desktop to Git Credential Manager and Git LFS, these issues were uncovered during a…
Burp Suite 2025.1 Released, What’s New!
Burp Suite 2025.1, is packed with new features and enhancements designed to improve your web application testing workflow. This latest version brings exciting upgrades like auto-pausing Burp Intruder attacks based on response content, exporting Collaborator interactions to CSV, highlighting Content-Length…
New Phishing Framework Attack Multiple Brands Login Pages To Steal Credentials
Researchers have identified a sophisticated phishing tactic leveraging Cloudflare’s workers.dev, a free domain name service, to execute credential theft campaigns. The modus operandi involves a generic phishing page that can impersonate any brand, with significant technical ingenuity aimed at deceiving…
Chrome Security Update – Patch for 3 High-Severity Vulnerabilities
Google has released a critical update for the Chrome browser, addressing three high-severity security vulnerabilities. This patch, part of the latest Stable channel release, ensures users remain protected from potential threats. The new version rolled out progressively, underscores Chrome’s commitment…
Apache Solr For Windows instances Vulnerability Allows Arbitrary Path Write-Access
A critical security vulnerability (CVE-2024-52012) affecting Apache Solr instances on Windows has been identified, allowing attackers to gain arbitrary file path write access using the “configset upload” API. The flaw, categorized as a relative path traversal vulnerability, poses a moderate…
LockBit Ransomware: 11-Day Timeline from Initial Compromise to Deployment
A well-coordinated cyber intrusion, spanning 11 days, culminated in the deployment of LockBit ransomware across a corporate environment. The attack, which began with the execution of a malicious file posing as a Windows Media Configuration Utility, displayed a sophisticated playbook…
Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices
A recent cybersecurity attack involving a Trojanized version of the XWorm Remote Access Trojan (RAT) builder has compromised over 18,000 devices worldwide. This sophisticated malware, primarily distributed via GitHub repositories, Telegram channels, and other platforms, has targeted cybersecurity novices, also…
New SCAVY Framework to Detect Memory Corruption Privilege Escalation in Linux Kernel
A breakthrough framework named SCAVY has been introduced to proactively detect memory corruption targets that could potentially lead to privilege escalation in the Linux kernel. Presented at the prestigious USENIX Security Symposium in August 2024, the framework aims to address long-standing gaps…