Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) have introduced a new security metric designed to improve vulnerability management. The proposed Likely Exploited Vulnerabilities (LEV) metric aims to enhance organizations’…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication
Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security and SD-WAN orchestration platform used by large enterprises, service providers, and government entities. Despite responsible disclosure efforts over a 90-day period, these vulnerabilities remain unpatched,…
Cisco Identity Services RADIUS Vulnerability Allows Attackers to Trigger Denial of Service Condition
Cisco has disclosed a significant security vulnerability in its Identity Services Engine (ISE) that could enable unauthenticated remote attackers to cause denial of service conditions by exploiting flaws in the RADIUS message processing feature. The vulnerability, which was discovered during…
Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks
GitLab has issued critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with three high-risk flaws enabling denial-of-service (DoS) attacks dominating the threat landscape. The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7…
Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection
The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of backdoor malware being distributed alongside a Monero coin miner. This malware leverages the PyBitmessage library, a Python implementation of the Bitmessage protocol, to establish covert peer-to-peer (P2P) communications.…
Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack
Coinbase users have become the prime targets of an intricate social engineering campaign since early 2025. Reports from on-chain investigator Zach reveal that over $300 million is stolen annually through these meticulously coordinated attacks, with a staggering $45 million lost…
New Process Injection Technique Evades EDR by Injecting Malicious Code into Windows Processes
Researchers revealed this method exploits shared memory regions and thread context manipulation to execute malicious payloads without triggering standard detection heuristics. Novel process injection technique leveraging execution-only primitives has demonstrated the ability to bypass leading Endpoint Detection and Response (EDR)…
Attackers Exploit BIND DNS Server Vulnerability to Crash Servers Using Malicious Packets
The vulnerability in BIND DNS server software allowed attackers to crash DNS servers by sending specifically crafted malicious packets. This flaw, identified as CVE-2023-5517, could cause named (the BIND DNS server process) to terminate unexpectedly with an assertion failure when…
Grafana Zero-Day Vulnerability Allows Attackers to Redirect Users to Malicious Sites
The High-severity cross-site scripting (XSS) vulnerability has been discovered in Grafana, prompting the immediate release of security patches across all supported versions. The vulnerability (CVE-2025-4123) enables attackers to redirect users to malicious websites where arbitrary JavaScript code can be executed.…
ThreatBook Recognized as a Notable Vendor in Global Network Analysis and Visibility (NAV) Report
ThreatBook, a global leader cyber threat and response solutions backed by threat intelligence and AI, has been recognized as a notable vendor in Forrester’s Network Analysis And Visibility Solutions Landscape, Q2 2025 report. This marks a major milestone in ThreatBook’s…
Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees
ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate payroll fraud against a manufacturing sector customer. This deceptive strategy involves crafting fake authentication portals that mirror legitimate organizational login pages, manipulating search engine results to…
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication
A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers at Kaspersky, this attack leverages a self-replicating propagation mechanism to…
Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security
A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content Progressive Web App (PWA) scam. This attack, which redirects users to sites like hxxps://xjdm166[.]com, leverages the unique capabilities of PWAs…
71 Fake Websites Impersonating German Retailer to Steal Payment Information
Recorded Future Payment Fraud Intelligence has uncovered a sprawling network of 71 fraudulent e-commerce domains designed to impersonate a prominent German international discount retailer, with lidlorg[.]com identified as the central node of this scam operation. First detected on April 19,…
PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram
A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some reports), has surfaced as a significant cyber threat, targeting sensitive data such as web browser passwords and application session tokens. First observed in the wild around…
Windows 11 Introduces Enhanced Administrator Protection to Strengthen Security Against Elevated Privilege Attacks
Microsoft has unveiled Administrator Protection, a groundbreaking security feature for Windows 11 designed to safeguard systems against privilege escalation attacks. This new capability creates a security boundary around administrative operations, significantly reducing the attack surface that hackers exploit when targeting…
New Scan Uncovers 150K Industrial Systems Worldwide Vulnerable to Cyberattacks
A groundbreaking study leveraging advanced application-layer scanning has exposed approximately 150,000 industrial control systems (ICS) worldwide that are directly accessible on the public internet, posing severe risks of catastrophic cyberattacks. Conducted over a year from January 2024 to January 2025,…
PowerDNS Vulnerability Allows Attackers to Trigger DoS Attacks Through Malicious TCP Connections
PowerDNS has released a critical security update to address a vulnerability in its DNSdist load balancer that could allow remote attackers to trigger denial of service attacks without authentication. The issue, tracked as CVE-2025-30193, was patched in version 1.9.10 released…
19-Year-Old Hacker Admits Guilt in Major Cyberattack on PowerSchool
Massachusetts college student stands accused of orchestrating a sweeping cyberattack on PowerSchool, a widely used educational software provider, resulting in the theft of confidential data from millions of students and teachers. The accused, Matthew D. Lane, age 19, has agreed…
IBM Warns: One-Third of Cyber Attacks Use Advanced Tactics to Steal Login Credentials
IBM X-Force’s 2024 cybersecurity report, nearly one-third of cyber intrusions now rely on identity-based attacks, exploiting valid login credentials to breach systems. This alarming trend, continuing for the second consecutive year, highlights a shift in threat actor strategies, moving away…