A newly documented cache deception attack leverages mismatches in path normalization and delimiter handling between caching layers and origin servers to expose sensitive endpoints and steal authentication tokens. Researchers have demonstrated how subtle discrepancies in URL processing can trick a…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) released three Industrial Control Systems (ICS) advisories on August 26, 2025, detailing nine critical vulnerabilities in INVT VT-Designer and HMITool (CVSS v4 8.5). Multiple flaws in Schneider Electric Modicon M340 controllers (CVSS v4…
Critical Chrome Use-After-Free Flaw Enables Arbitrary Code Execution
Google has released an urgent security update for the Chrome Stable channel to address a critical use-after-free vulnerability in the ANGLE graphics library that could allow attackers to execute arbitrary code on vulnerable systems. The fixes arrive as part of Chrome Stable…
Hackers Abuse Compromised OAuth Tokens to Access and Steal Salesforce Corporate Data
Google Threat Intelligence Group (GTIG) has issued an advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as early as August 8, 2025, UNC6395 leveraged valid access and refresh tokens associated with the…
Citrix NetScaler ADC and Gateway Hit by Ongoing Attacks Exploiting 0-Day RCE
Cloud Software Group has issued an emergency security bulletin warning of active exploitation targeting three critical vulnerabilities in NetScaler ADC and NetScaler Gateway products. The vulnerabilities, tracked as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, present severe security risks including remote code execution and denial of service capabilities.…
New ZipLine Campaign Targets Critical Manufacturing Firms with In-Memory MixShell Malware
Check Point Research has uncovered a highly persistent phishing operation dubbed ZipLine, which reverses traditional attack vectors by exploiting victims’ own “Contact Us” web forms to initiate seemingly legitimate business communications. Targeting primarily U.S.-based manufacturing companies in supply chain-critical sectors,…
APT36 Targets Indian BOSS Linux Using Weaponized .desktop Shortcut Files
Researchers have unveiled ONEFLIP, a novel inference-time backdoor attack that compromises full-precision deep neural networks (DNNs) by flipping just one bit in the model’s weights, marking a significant escalation in the practicality of hardware-based attacks on AI systems. Unlike traditional…
Threat Actors Leverage AI Agents to Conduct Social Engineering Attacks
Cybersecurity landscapes are undergoing a paradigm shift as threat actors increasingly deploy agentic AI systems to orchestrate sophisticated social engineering attacks. Unlike reactive generative AI models that merely produce content such as deepfakes or phishing emails, agentic AI exhibits autonomous…
China-Based Threat Actor Mustang Panda’s TTPs Leaked
A significant milestone for cybersecurity experts is the disclosure of specific tactics, methods, and procedures (TTPs) used by Mustang Panda, an advanced persistent threat (APT) group based in China, which has illuminated their intricate activities. First observed in 2017 but…
Securden Unified PAM Flaw Allows Attackers to Bypass Authentication
Securden Unified PAM is a comprehensive privileged access management platform that is used to store, manage, and monitor credentials across human, machine, and AI identities in a variety of environments. Security researchers discovered four critical vulnerabilities in this platform during…
New Hook Android Banking Malware Emerges with Advanced Features and 107 Remote Commands
Zimperium’s zLabs research team has identified a sophisticated new variant of the Hook Android banking trojan, marking a significant escalation in mobile threat sophistication. This iteration incorporates ransomware-style overlays that display extortion messages, demanding payments via dynamically fetched wallet addresses…
Google Introduces Enhanced Developer Verification for Play Store App Distribution
Google has announced that all Android apps installed on approved devices will soon need to be able to be traced back to a verified developer identity in an effort to combat the growing wave of financial fraud operations and mobile…
OneFlip Attack Backdoors AI Systems by Flipping a Single Bit in Neural Networks
CYFIRMA researchers have uncovered a campaign they have codenamed “OneFlip”, an operation that demonstrates how a single-bit modification inside a seemingly benign file can be enough to re-pivot a neural-network-driven security workflow and open a backdoor on the underlying host.…
Weaponized PuTTY Delivered via Malicious Bing Ads Targets Kerberos and Active Directory Services
Cybersecurity incidents increasingly exploit human vulnerabilities, including those of privileged users, as demonstrated in recent compromises involving trojanized versions of the PuTTY SSH client distributed through malvertising on Microsoft’s Bing search engine. LevelBlue’s Managed Detection and Response (MDR) Security Operations…
PoC Exploit Published for Chrome 0-Day Already Under Active Attack
A proof-of-concept exploit for a high-severity Google Chrome zero-day vulnerability has been published publicly, less than three months after the flaw was first disclosed, amid reports of active in-the-wild exploitation. The vulnerability, tracked as CVE-2025-5419, stems from out-of-bounds reads and…
Microsoft Launches Tool to Migrate VMware VMs From vCenter to Hyper-V
Microsoft today announced the public preview of a new VM Conversion extension for Windows Admin Center, enabling IT administrators to migrate virtual machines from VMware vCenter to Hyper-V with minimal downtime. Available at no cost during its preview phase, the lightweight tool…
Beware! Fake Google Play Store Sites Used to Spread Android Malware
Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating…
PhpSpreadsheet Library Vulnerability Lets Attackers Inject Malicious HTML Input
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PhpSpreadsheet library, allowing attackers to inject malicious HTML input when processing spreadsheet documents. The vulnerability, assigned CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a high severity rating with CVSS…
CISA Alerts on Git Arbitrary File Write Flaw Actively Exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability in Git (CVE-2025-48384) that enables arbitrary file writes and has already been observed in active exploitation campaigns. The flaw arises from Git’s inconsistent handling…
Threat Actors Update Android Droppers to Remain Effective with Even Simple Malware
Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers served as innocuous entry points for payloads requiring elevated…