A recently disclosed security vulnerability in CrushFTP, identified as CVE-2025-2825, has become the target of active exploitation attempts following the release of publicly available proof-of-concept (PoC) exploit code. Shadowserver Foundation, a reputable cybersecurity monitoring organization, disclosed the alarming surge in…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
CISA Warns of Cisco Smart Licensing Utility Credential Flaw Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning organizations about a critical vulnerability in Cisco’s Smart Licensing Utility (SLU) software that has reportedly been exploited in cyberattacks. The vulnerability, assigned CVE-2024-20439, stems from a static…
Linux Lite 7.4 Final Released: Enhanced GUI and Bug Fixes
Linux Lite, a popular lightweight Linux distribution aimed at making Linux accessible to beginners, has officially released its Linux Lite 7.4 Final version. This release comes with several incremental updates that improve functionality, address bugs, and refine the user interface, ensuring a…
Hackers Deploy 24,000 IPs to Breach Palo Alto Networks GlobalProtect
A wave of malicious activity targeting Palo Alto Networks PAN-OS GlobalProtect portals has been observed, with nearly 24,000 unique IPs attempting unauthorized access over the past 30 days. This coordinated effort, flagged by cybersecurity firm GreyNoise, highlights the growing sophistication…
Triton RAT Uses Telegram for Remote System Access and Control
Cado Security Labs has uncovered a new Python-based Remote Access Tool (RAT) named Triton RAT, which leverages Telegram for remote system access and data exfiltration. This open-source malware, available on GitHub, is designed to execute a wide range of malicious…
DarkCloud: An Advanced Stealer Malware Sold on Telegram to Target Windows Data
DarkCloud, a highly advanced stealer malware, has emerged as a significant threat to Windows systems since its debut in 2022. Initially gaining traction through underground forums, the malware is now widely sold on Telegram, making it accessible to cybercriminals worldwide.…
“Lazarus Hackers Group” No Longer Refer to a Single APT Group But a Collection of Many Sub-Groups
The term “Lazarus Group,” once used to describe a singular Advanced Persistent Threat (APT) actor, has evolved to represent a complex network of sub-groups operating under shared objectives and tactics. This shift reflects the growing scale and diversification of their…
Earth Alux Hackers Use VARGIET Malware to Target Organizations
A new wave of cyberattacks orchestrated by the advanced persistent threat (APT) group Earth Alux has been uncovered, revealing the use of sophisticated malware, including the VARGEIT backdoor, to infiltrate critical industries. Linked to China, Earth Alux has been targeting…
Operation HollowQuill – Weaponized PDFs Deliver a Cobalt Strike Malware Into Gov & Military Networks
In a recent revelation by SEQRITE Labs, a highly sophisticated cyber-espionage campaign, dubbed Operation HollowQuill, has been uncovered. The operation targets academic, governmental, and defense-related networks in Russia using weaponized decoy PDFs to deliver Cobalt Strike malware implants. The campaign…
Konni RAT Exploit Windows Explorer Limitations To Launches a Multi-Stage Attack & Steal Data
Konni RAT, a highly advanced Remote Access Trojan (RAT), has emerged as a significant cybersecurity threat, leveraging Windows Explorer limitations to execute multi-stage attacks. This malware employs a combination of batch files, PowerShell scripts, and VBScript to infiltrate systems, exfiltrate…
Weaponized Zoom Installer Used by Hackers to Gain RDP Access and Deploy BlackSuit Ransomware
Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors utilized a trojanized Zoom installer to infiltrate systems, gain remote desktop protocol (RDP) access, and ultimately deploy the BlackSuit ransomware. The operation demonstrates a highly coordinated, multi-stage malware delivery…
Threat Actors Embed Malware in WordPress Sites to Enable Remote Code Execution
Security researchers have uncovered a new wave of cyberattacks targeting WordPress websites through the exploitation of the “mu-plugins” (Must-Use plugins) directory. This directory, designed to load plugins automatically without requiring activation, has become an attractive hiding spot for threat actors…
Russian Hackers Leverage Bulletproof Hosting to Shift Network Infrastructure
Russian-aligned cyber threat groups, UAC-0050 and UAC-0006, have significantly escalated their operations in 2025, targeting entities worldwide with a focus on Ukraine. These groups employ bulletproof hosting services to mask their network infrastructure, enabling sophisticated campaigns involving financial theft, espionage,…
Windows 11 Insider Released – Microsoft Removes BypassNRO.cmd Script to Enhance Security
Microsoft has launched Windows 11 Insider Preview Build 26200.5516 to the Dev Channel with exciting new updates, including innovative features and a key security enhancement. Among the major changes is the removal of the widely known BypassNRO.cmd script, a move aimed at bolstering…
A New Microsoft Tool Automatically Detects, Diagnoses, and Resolves Boot Issues in Windows
Microsoft has unveiled a transformational tool aimed at addressing one of the most frustrating challenges in modern computing: boot failures. Aptly named “Quick Machine Recovery,” this new feature automatically detects, diagnoses, and resolves critical system issues that prevent Windows devices…
Beware! A Fake Zoom Installer Drops BlackSuit Ransomware on Your Windows Systems
Cybersecurity analysts have uncovered a sophisticated campaign exploiting a fake Zoom installer to deliver BlackSuit ransomware across Windows-based systems. The attack, documented by DFIR experts, highlights how threat actors are leveraging popular software to deceive unsuspecting victims into installing malware…
Linux Distribution Nitrux3.9.1 Releaed – What’s New
Nitrux Linux, renowned for its innovative approach to desktop computing, has unveiled its latest release, Nitrux 3.9.1, codenamed “mk.” This distribution, rooted in Ubuntu and utilizing Nomad as its desktop environment, brings substantial updates to its framework, apps, and system. Designed…
CrushFTP Vulnerability Lets Hackers Bypass Security and Seize Server Control
A newly disclosed authentication bypass vulnerability (CVE-2025-2825) in CrushFTP file transfer software enables attackers to gain complete control of servers without valid credentials. The vulnerability affects versions 10.0.0 through 11.3.0 of the popular enterprise file transfer solution, exposing organizations to…
Hackers Distributing Phishing Malware Via SVG Format To Bypass File Detection
Cybersecurity experts at the AhnLab Security Intelligence Center (ASEC) have uncovered a novel phishing malware distribution method leveraging the Scalable Vector Graphics (SVG) file format to bypass detection mechanisms. SVG, an XML-based vector image format widely used for icons, logos,…
Chinese Lotus Blossom Hackers leverages Windows Management Instrumentation for Network Movement
The Chinese Advanced Persistent Threat (APT) group known as Lotus Blossom, also referred to as Billbug, Thrip, or Spring Dragon, has intensified its cyber-espionage operations by employing advanced techniques, including the use of Windows Management Instrumentation (WMI) for lateral movement…