Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

GitLab has announced the release of critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address a high-severity HTML injection vulnerability that could lead to cross-site scripting (XSS) attacks. The patched versions, 17.5.1, 17.4.3, and…

Read more →

Multiple Xerox printer models, including EC80xx, AltaLink, VersaLink, and WorkCentre, have been identified as vulnerable to an authenticated remote code execution (RCE) attack. This vulnerability tracked as CVE-2024-6333, poses a significant risk, fully allowing attackers with administrative web credentials to…

Read more →

Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software. The vulnerability could allow remote attackers to execute commands with root-level privileges. The flaw, CVE-2024-20329, affects devices running a vulnerable release of Cisco…

Read more →

Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious actors could exploit. The update is now available on the Stable channel, with version 130.0.6723.69/.70 for Windows and Mac and version 130.0.6723.69 for Linux. The…

Read more →

A database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has…

Read more →

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post…

Read more →

Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware, a particularly active variant between 2023 and early 2024. This flaw allows victims of this specific Mallox variant to decrypt their files without paying a…

Read more →

A recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could allow unauthorized users to gain root access. This security flaw, publicly disclosed on August 30, 2024, and last modified on September…

Read more →

Tor Browser 14.0 has been officially launched. It brings significant updates and new features to enhance user privacy and browsing experience. This release is built on Firefox ESR 128, integrating a year’s worth of updates and improvements from Firefox while…

Read more →

Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where attackers impersonate legitimate entities and trick victims into divulging sensitive information or downloading malware. The BazarCall…

Read more →

Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over 10,000 stars) within hours.  These vulnerabilities include Local File Inclusion (LFI), Cross-Site Scripting (XSS), Server-Side Request…

Read more →

Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script.  The…

Read more →

Researchers discovered vulnerabilities in the Chromium web browser that allowed malicious extensions to escape the sandbox and execute arbitrary code on the user’s system.  These vulnerabilities exploited the privileged nature of WebUI pages, which provide the user interface for Chromium’s…

Read more →

IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally exposed a server…

Read more →

Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations on October 14, 2024. The campaign targeted logistics, manufacturing, government, and political entities.  An attack leveraged various non-spoofed direct-path DDoS attack vectors, including well-known nuisance networks,…

Read more →

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint public service announcement (PSA) warning of sophisticated tactics foreign actors are employing to spread disinformation ahead of the 2024 U.S. general election.…

Read more →

Winnebago Public Schools (WPS) in Nebraska was the victim of a cyberattack on October 21, 2024, which caused significant disruptions to its operations. The school district has been scrambling to restore its systems and maintain essential services. Superintendent Kamau Turner…

Read more →

A sophisticated malware loader known as Bumblebee has resurfaced, posing a significant threat to corporate networks worldwide. Cybersecurity researchers at Netskope Threat Labs have uncovered a new infection chain linked to Bumblebee. This marks its first appearance since Operation Endgame,…

Read more →

The Federal Bureau of Investigation (FBI) has apprehended Eric Council Jr., a 25-year-old resident of Athens, Alabama, for his alleged involvement in the unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024. The incident…

Read more →

Hackers impersonated the cybersecurity firm ESET to distribute destructive wiper malware. The campaign, which began on October 8, 2024, utilized phishing emails that appeared to originate from ESET’s legitimate domain. The malicious emails, purportedly from “ESET’s Advanced Threat Defense Team,”…

Read more →