Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people. The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the…

Read more →

A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data. This vulnerability exposes users to cross-site scripting (XSS) attacks, potentially compromising sensitive information. IBM Watsonx.ai Vulnerability The issue arises from improper…

Read more →

Cybercriminals are exploiting the recent critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept exploits for CVE-2024-49113 (dubbed “LDAPNightmare”).  These malicious PoCs, often disguised as tools to demonstrate the vulnerability’s impact, are designed to trick security researchers and system…

Read more →

The QSC Loader service DLL named “loader.dll” leverages two distinct methods to obtain the path to the Core module code. It either extracts the path from the system directory “drivers\msnet” or reads and deletes a 256-byte path string from the…

Read more →

Fraudsters in the Middle East are exploiting a vulnerability in the government services portal. By impersonating government officials, they target individuals who have filed commercial complaints.  Using Remote Access Software, the fraudsters can then steal credit card information and conduct…

Read more →

A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been shown to pose a significant and ever-evolving cyber threat.  The malware leverages a multifaceted approach to evade detection and maintain persistence, employing advanced techniques such…

Read more →

Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved platforms. Identified as CVE-2025-21598, this flaw allows unauthenticated remote attackers to exploit a critical out-of-bounds read vulnerability in the routing protocol daemon (rpd). The vulnerability…

Read more →

CrowdStrike, a leader in cybersecurity, uncovered a sophisticated phishing campaign that leverages its recruitment branding to propagate malware disguised as an “employee CRM application.” This alarming attack vector begins with a fraudulent email impersonating CrowdStrike’s hiring team, coaxing recipients into…

Read more →

Apple Inc. says its commitment to user privacy, emphasizing that its products, such as the digital assistant Siri, are designed to safeguard personal data from the very beginning and not used for any advertising purpose. “Apple has never used Siri…

Read more →

Walker County Schools has reported that unauthorized access to personal data belonging to students and educators was achieved through the company’s student information system vendor, PowerSchool. Superintendent Damon Raines informed the community about the breach following an email notification from…

Read more →

The International Civil Aviation Organization (ICAO), a United Nations agency responsible for coordinating global aviation standards, has reported a significant information security incident that has exposed the personal data of approximately 42,000 applicants.  The agency is actively investigating the breach,…

Read more →

A new and sophisticated phishing scam has been uncovered, leveraging Microsoft 365 domains to trick users into compromising their PayPal accounts. The attack exploits legitimate-looking sender addresses and URLs, making it harder for victims to recognize the phishing attempt. Security…

Read more →

The malicious Southeast Asian APT group known as OceanLotus (APT32) has been implicated in a sophisticated attack that compromises the privacy of cybersecurity professionals. A recent investigation by the ThreatBook Research and Response Team revealed that a popular privilege escalation…

Read more →

The Green Bay Packers, Inc. has confirmed that its online merchandise store was hacked, leading to the theft of credit card data from over 8,500 customers. The incident, which occurred on September 23, 2024, was discovered nearly three months later…

Read more →

A Data Leak Site (DLS) belonging to a new extortion group named Morpheus, which has stolen data from Arrotex Pharmaceuticals (Australia) on December 12th and PUS GmbH (Germany) on December 20th.  Morpheus offers stolen data for sale on the DLS,…

Read more →

Malicious packages “solanacore,” “solana login,” and “walletcore-gen” on npmjs target Solana developers with Windows trojans and malware for keylogging and data exfiltration via Slack webhooks and ImgBB APIs. These recently discovered crypto-stealers exhibit unusual transparency, openly revealing their malicious intent…

Read more →

is this website safe? In this digital world, Check a website is safe is the most critical concern since there are countless malicious websites available everywhere over the Internet, and it is tough to find a trustworthy website.  We need…

Read more →

GitLab has announced the release of critical updates to its Community Edition (CE) and Enterprise Edition (EE), specifically versions 17.7.1, 17.6.3, and 17.5.5. These updates are essential for maintaining security and stability across all self-managed GitLab installations and should be…

Read more →

A series of serious vulnerabilities have been identified in Palo Alto Networks’ Expedition migration tool, which could allow attackers to gain unauthorized access to sensitive data, including cleartext passwords and device configurations. The vulnerabilities, detailed in multiple Common Vulnerabilities and…

Read more →

The Wireshark development team announced the release of Wireshark version 4.4.3, a critical update that brings several bug fixes and enhancements to this widely used network protocol analyzer. Renowned for its ability to troubleshoot, analyze, and educate users about network…

Read more →