Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site scripting (XSS) and server-side request forgery (SSRF) attacks. These vulnerabilities, often overlooked in web applications, allow attackers to bypass security controls, steal data, and compromise servers. Email input fields…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims
A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed a surge in malicious activity tied to the Luna Moth hacking group. The actors are now leveraging fake helpdesk-themed domains to impersonate legitimate businesses and steal sensitive data.…
Researcher Uses Copilot with WinDbg to Simplify Windows Crash Dump Analysis
A researcher has unveiled a novel integration between AI-powered Copilot and Microsoft’s WinDbg, dramatically simplifying Windows crash dump analysis. For decades, debugging Windows crash dumps has been a labor-intensive task. Engineers have been stuck manually entering cryptic commands like !analyze -v and…
SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control
Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the “SonicBoom Attack Chain,” which allows hackers to bypass authentication and seize administrative control over SonicWall Secure Mobile Access (SMA) appliances. This attack leverages a combination of recently disclosed vulnerabilities,…
Apache Parquet Java Vulnerability Enables Remote Code Execution
A high-severity vulnerability (CVE-2025-46762) has been discovered in Apache Parquet Java, exposing systems using the parquet-avro module to remote code execution (RCE) attacks. The flaw, disclosed by Apache Parquet contributor Gang Wu on May 2, 2025, impacts versions up to…
NCSC Warns of Ransomware Attacks Targeting UK Organisations
National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber attacks targeting UK retailers. These incidents have prompted concerns about the evolving threat landscape, particularly regarding ransomware and data extortion techniques. The NCSC’s National Resilience Director,…
Claude AI Abused in Influence-as-a-Service Operations and Campaigns
Claude AI, developed by Anthropic, has been exploited by malicious actors in a range of adversarial operations, most notably a financially motivated “influence-as-a-service” campaign. This operation leveraged Claude’s advanced language capabilities to manage over 100 social media bot accounts across…
Threat Actors Attacking U.S. Citizens Via Social Engineering Attack
As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S. citizens, according to a detailed report from Seqrite Labs. Security researchers have uncovered a malicious campaign exploiting the tax season through sophisticated social engineering tactics,…
TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise
Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious financially motivated threat actor Golden Chickens, also known as Venom Spider. Active between January and April 2025, these tools signal a persistent evolution in the…
MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques
MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool in the arsenal of multiple threat actors, including the notorious TAG-124 (LandUpdate808) and SocGholish groups. This malware, identified in phishing and drive-by download campaigns, employs advanced…
Threat Actors Use AiTM Attacks with Reverse Proxies to Bypass MFA
Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging reverse proxies to intercept sensitive data. As phishing tactics grow more advanced, traditional defenses like spam filters and user training are proving insufficient. Attackers deploy…
Threat Actors Target Critical National Infrastructure with New Malware and Tools
A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. Spanning from at least May 2023 to…
New StealC V2 Upgrade Targets Microsoft Installer Packages and PowerShell Scripts
StealC, a notorious information stealer and malware downloader first sold in January 2023, has rolled out its version 2 (V2) in March 2025 with sophisticated enhancements. This latest iteration introduces a range of new capabilities, focusing on advanced payload delivery…
Subscription-Based Scams Targeting Users to Steal Credit Card Information
Cybersecurity researchers at Bitdefender have identified a significant uptick in subscription-based scams, characterized by an unprecedented level of sophistication and scale. These fraudulent operations, involving over 200 meticulously crafted websites, are designed to deceive users into divulging sensitive credit card…
Hackers Weaponize Go Modules to Deliver Disk‑Wiping Malware, Causing Massive Data Loss
Cybersecurity researchers uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem in April 2025. Hackers have weaponized three malicious Go modules-github[.]com/truthfulpharm/prototransform, github[.]com/blankloggia/go-mcp, and github[.]com/steelpoor/tlsproxy-to deploy devastating disk-wiping malware. Leveraging the decentralized nature of Go’s module system, where…
RansomHub Taps SocGholish: WebDAV & SCF Exploits Fuel Credential Heists
SocGholish, a notorious loader malware, has evolved into a critical tool for cybercriminals, often delivering payloads like Cobalt Strike and, more recently, RansomHub ransomware. Darktrace’s Threat Research team has tracked multiple incidents since January 2025, where threat actors exploited SocGholish…
Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives
North Korean nationals have successfully infiltrated the employee ranks of major global corporations at a scale previously underestimated, creating a pervasive threat to IT infrastructure and sensitive data worldwide. Security experts revealed at the RSAC 2025 Conference that the infiltration…
State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape
Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid ongoing conflicts. In 2024, Forescout Technologies Inc. documented 780 hacktivist attacks, predominantly conducted by four groups operating on opposite sides of the Russia-Ukraine and Israel-Palestine conflicts:…
Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications
Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to deploy a stealthy NodeJS backdoor. The attack, part of the broader KongTuke campaign, leverages compromised websites to distribute malicious JavaScript that ultimately deploys advanced remote access…
Tsunami Malware Surge: Blending Miners and Credential Stealers in Active Attacks
Security researchers have recently discovered a sophisticated malware operation called the “Tsunami-Framework” that combines credential theft, cryptocurrency mining, and potential botnet capabilities. The framework employs advanced evasion techniques to bypass security measures and maintain persistent access to infected systems. Analysis…