Silent Push, a cybersecurity research firm, has introduced the term “infrastructure laundering” to describe a sophisticated method used by cybercriminals to exploit legitimate cloud hosting services for illegal purposes. This practice involves renting IP addresses from mainstream providers like Amazon…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
New Phishing Attack Hijacks High-Profile X Accounts to Promote Scam Sites
A new wave of phishing attacks has been identified, targeting high-profile accounts on the social media platform X (formerly Twitter). This campaign, analyzed by SentinelLABS, aims to hijack accounts belonging to prominent individuals and organizations, including U.S. political figures, international…
Lazarus Group Exploits Trusted Apps for Data Theft via Dropbox
In an alarming development, North Korea’s infamous Lazarus Group has been linked to a global cyber espionage campaign, code-named Operation Phantom Circuit. Beginning in September 2024, this operation exploited trusted software development tools to infiltrate systems worldwide, targeting cryptocurrency and…
New 0-Day Vulnerability in Arm Mali GPU Kernel Driver Exploited in the Wild
On February 3, 2025, Arm disclosed a vulnerability in the Mali GPU Kernel Driver that allows improper GPU processing operations. This issue affects Valhall GPU Kernel Driver versions ranging from r48p0 to r49p1 and r50p0 to r52p0, as well as…
Coyote Malware Launches Stealthy Attack on Windows Systems via LNK Files
FortiGuard Labs has issued a high-severity alert regarding the Coyote Banking Trojan, a sophisticated malware targeting Microsoft Windows users. Over the past month, researchers have identified malicious LNK files employing PowerShell commands to execute scripts and connect to remote servers,…
CryptoDNA: AI-Powered Cryptojacking Defense Against DDoS Threats in Healthcare IoT
The integration of Internet of Things (IoT) and Internet of Medical (IoM) devices has revolutionized healthcare, enabling real-time monitoring, remote diagnostics, and data-driven decision-making. However, these advancements have also introduced significant cybersecurity vulnerabilities, particularly Distributed Denial-of-Service (DDoS) attacks. These attacks…
Microsoft Introduces AI-Generated Team Avatars for Personalization
Tech giant Microsoft has unveiled a groundbreaking feature for its Microsoft Teams platform: AI-generated avatars designed to revolutionize meeting personalization. This innovative feature allows users to represent themselves in meetings as digital avatars, offering a dynamic alternative to traditional video…
Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users
Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that exposed the personal and health-related information of over 850,000 users. The company disclosed the incident in a recent filing with the U.S. Securities and Exchange Commission…
Linux 6.14 Released – What’s New
The Linux Kernel 6.14-rc1 (release candidate 1) has been officially announced by Linus Torvalds, marking the conclusion of the merge window. Described as notably “tiny” compared to previous release cycles, this development reflects the impact of the holiday season on…
PyPl Added Project Archival To Stop Attackers to Weaponize Malicious Packages
The Python Package Index (PyPI) has introduced a new feature that allows maintainers to mark projects as archived, signaling that the project is no longer actively maintained or expected to receive updates. This marks a significant step forward in supporting…
NVIDIA GPU Display Drivers Vulnerability Lets Attackers Access Files Remotely
NVIDIA has issued a critical security update to address multiple vulnerabilities in its GPU Display Driver and vGPU software, affecting both Windows and Linux systems. These vulnerabilities, disclosed in January 2025, pose risks such as denial of service (DoS), data…
APT37 Hackers Exploit Group Chats to Deliver Malicious LNK Files
In 2024, South Korea witnessed an alarming surge in Advanced Persistent Threat (APT) attacks, with the state-sponsored APT37 group emerging as a significant threat actor. Leveraging sophisticated techniques, the group targeted individuals and organizations through malicious Hancom Office HWP documents…
INDOHAXSEC Hacker Group Allegedly Breaches Malaysia’s National Tuberculosis Registry
The Indonesian hacker group “INDOHAXSEC” has allegedly breached the National Tuberculosis Registry (NTBR) of Malaysia, managed by the Ministry of Health. The group announced their claim via a post on a hacking forum, stirring fears over the safety of sensitive…
Devil-Traff: Emerging Malicious SMS Platform Powering Phishing Attacks
In the ever-evolving landscape of cybercrime, bulk SMS platforms like Devil-Traff have emerged as powerful tools for phishing campaigns, exploiting trust and compromising security on a massive scale. Employees in organizations today face an increasing volume of communications emails, instant…
ChatGPT’s Deep Research Breakthrough Enables Faster-Than-Human Task Handling
OpenAI has introduced “Deep Research,” a cutting-edge feature within ChatGPT that promises to revolutionize the way people handle complex and time-intensive tasks. Designed to synthesize vast amounts of information from the web in mere minutes, Deep Research aims to outperform…
Parrot 6.3 Release, What’s New
The cybersecurity realm received an exciting update this week with the release of Parrot 6.3, the latest version of the Parrot Security operating system. As one of the most trusted Linux distributions tailored for ethical hackers, penetration testers, and security researchers,…
Alibaba Cloud Storage Flaw Exposes Data to Unauthorized Uploads
A significant vulnerability has been discovered in the Alibaba Cloud Object Storage Service (OSS) that allows unauthorized users to upload data, posing critical security risks for organizations relying on this cloud solution. The vulnerability, caused by the misconfiguration of the…
BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised
BeyondTrust, a leading provider of identity and access management solutions, disclosed a zero-day breach impacting 17 Remote Support SaaS customers. The incident, detected on December 5, 2024, has been linked to the compromise of an infrastructure API key used to…
Microsoft Advertisers Account Hacked Using Malicious Google Ads
Cybersecurity experts have uncovered a sophisticated phishing campaign targeting Microsoft advertising accounts. The attack, orchestrated through malicious Google Ads, aims to steal login credentials of users accessing Microsoft’s advertising platform. This incident highlights the growing risk of malvertising, where cybercriminals…
Cybercriminals Exploit GitHub Infrastructure to Distribute Lumma Stealer
In a recent investigation, Trend Micro’s Managed XDR team identified a sophisticated malware campaign exploiting GitHub’s release infrastructure to distribute Lumma Stealer, along with SectopRAT, Vidar, and Cobeacon malware. This campaign underscores the evolving tactics of attackers leveraging trusted platforms…