Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Researchers observed a URL attempts to exploit a server-side vulnerability by executing multiple commands through PHP’s system() function. It downloads a malicious executable from a remote server, executes it locally, and attempts to download the same executable using wget while…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of critical vulnerabilities in various software, particularly spotlighting an unspecified vulnerability in Oracle WebLogic Server. This announcement comes as part of CISA’s efforts to enhance…

Read more →

Casio Computer Co., Ltd. has confirmed a significant cybersecurity breach after its servers were targeted in a sophisticated ransomware attack. The incident, which occurred on October 5, prompted an immediate forensic investigation involving external security specialists. Casio deeply regrets any…

Read more →

Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways, such as Stripe, on compromised or fraudulent WordPress websites.  By seamlessly integrating with Telegram, PhishWP facilitates…

Read more →

Over the past year, malicious actors have been abusing OAST services for data exfiltration, C2 channel establishment, and multi-stage attacks by leveraging compromised JavaScript, Python, and Ruby packages. OAST tools, initially designed for ethical researchers to perform network interactions, can…

Read more →

FireScam is multi-stage malware disguised as a fake “Telegram Premium” app that steals data and maintains persistence on compromised devices and leverages phishing websites to distribute its payload and infiltrate Android devices.   It is Android malware disguised as a fake…

Read more →

The Kaspersky researchers investigation into the EAGERBEE backdoor revealed its deployment within Middle Eastern ISPs and government entities of novel components, including a service injector that injects the backdoor into running services.  Post-installation, EAGERBEE deploys plugins with diverse functionalities as…

Read more →

A phishing campaign spoofing the United States Social Security Administration emerged in September 2024, delivering emails with embedded links to a ConnectWise Remote Access Trojan (RAT) installer.  These emails, disguised as updated benefits statements, employed various techniques, including mismatched links…

Read more →

The January 2025 Android Security Bulletin has issued important updates regarding critical vulnerabilities that affect Android devices. Users are urged to ensure their devices are updated to the latest security patch level, which as per the bulletin, should be 2025-01-05…

Read more →

India has unveiled its draft Digital Personal Data Protection Rules, designed to operationalize the Digital Personal Data Protection Act, 2023 (DPDP Act). As the nation strides forward in the digital age, these rules are pivotal in creating a framework that…

Read more →

Hackers have successfully infiltrated Argentina’s Airport Security Police (PSA) payroll system, raising alarms about the safety of sensitive personnel information. This incident has revealed significant vulnerabilities in employee data management, as attackers accessed confidential salary records and tampered with pay…

Read more →

Cybercrimes have always existed as a result of internet usage in our society. Traversing the wide web, hackers are trying to exploit any nooks and crannies in the system. While many new types of crimes are arising on the internet,…

Read more →

An alarming new development emerged in the cybersecurity landscape with the release of a proof-of-concept (PoC) exploit targeting the critical vulnerability identified as CVE-2024-6387. This vulnerability, discovered by researchers at Qualys, allows remote unauthenticated attackers to execute arbitrary code on…

Read more →

The popular cookie management extension EditThisCookie has been the target of a malicious impersonation. Originally a trusted tool for Chrome users, EditThisCookie allowed users to manage cookie data in their browsers. However, after significant scrutiny, the legitimate version has been…

Read more →

A critical vulnerability has been identified in the popular UpdraftPlus: WP Backup & Migration Plugin, potentially impacting over 3 million WordPress websites. This security flaw allows unauthenticated attackers to exploit a PHP Object Injection vulnerability through deserialization of untrusted input.…

Read more →

A recent blog post by developer Jeff Johnson has brought to light a new feature in Apple’s Photos app within the recently launched iOS 18. Titled “Enhanced Visual Search,” this toggle permits iPhones to transmit photo data to Apple by…

Read more →

BARWM, a novel backdoor attack approach for real-world deep learning (DL) models deployed on mobile devices. Existing backdoor attacks often suffer from limitations such as altering the model structure or relying on easily detectable, sample-agnostic triggers.  By utilizing DNN-based steganography…

Read more →

An attacker with physical access can abruptly restart the device and dump RAM, as analysis of this memory may reveal FVEK keys from recently running Windows instances, compromising data encryption.  The effectiveness of this attack is, however, limited because the…

Read more →

The Python script leverages low-level interactions with the Windows operating system, which imports crucial libraries like `System.Reflection`, `ctypes`, and `wintypes`, enabling it to directly invoke Windows APIs.  It allows the script to manipulate system behavior at a fundamental level, potentially…

Read more →

The researcher proposes a game-theoretic approach to analyze the interaction between the model defender and attacker in trigger-based black-box model watermarking.  They design payoff functions for both players and determine the optimal strategies for each player, which provides a theoretical…

Read more →