Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass Apple’s System Integrity Protection (SIP). Known as CVE-2024-44243, this vulnerability could be exploited to load third-party kernel extensions, resulting in severe security implications for macOS users.…

Read more →

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new step-by-step guide designed to help organizations select and deploy secure operational technology (OT) products. The guide, titled “Secure by Demand:…

Read more →

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that is impacting some Microsoft 365 (M365) users. The problem, which surfaced earlier today, is preventing affected users from accessing certain M365 applications, raising concerns for businesses…

Read more →

Cybercriminals are executing sophisticated phishing attacks targeting Microsoft 365 users by employing deceptive URLs that closely resemble legitimate O365 domains, creating a high degree of trust with unsuspecting victims.  The attackers leverage social engineering tactics, often claiming imminent password expiration,…

Read more →

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers used scheduled tasks to execute pcalua.exe to run malicious binaries and Python scripts, including the RPivot client.py script to connect to a remote server.  Evidence suggests…

Read more →

A proof-of-concept (PoC) exploit has been publicly disclosed for a critical vulnerability impacting macOS systems, identified as CVE-2024-54498. This vulnerability poses a significant security risk by allowing malicious applications to bypass the macOS Sandbox, a key security feature designed to isolate…

Read more →

A newly disclosed security vulnerability in IBM Robotic Process Automation (RPA) has raised concerns about potential data breaches. The vulnerability, tracked as CVE-2024-51456, could allow remote attackers to exploit cryptographic weaknesses and access sensitive information. IBM has released a security bulletin detailing the…

Read more →

The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people. The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the…

Read more →

Malware actors leverage popular platforms like YouTube and social media to distribute fake installers. Reputable file hosting services are abused to host malware and make detection challenging.  Password protection and encoding techniques further complicate analysis and evade early sandbox detection.…

Read more →

Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database.  On checkout pages, the malware is designed to steal credit card information from users who are visiting those pages.…

Read more →

The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people. The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the…

Read more →

A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data. This vulnerability exposes users to cross-site scripting (XSS) attacks, potentially compromising sensitive information. IBM Watsonx.ai Vulnerability The issue arises from improper…

Read more →

Cybercriminals are exploiting the recent critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept exploits for CVE-2024-49113 (dubbed “LDAPNightmare”).  These malicious PoCs, often disguised as tools to demonstrate the vulnerability’s impact, are designed to trick security researchers and system…

Read more →

The QSC Loader service DLL named “loader.dll” leverages two distinct methods to obtain the path to the Core module code. It either extracts the path from the system directory “drivers\msnet” or reads and deletes a 256-byte path string from the…

Read more →

Fraudsters in the Middle East are exploiting a vulnerability in the government services portal. By impersonating government officials, they target individuals who have filed commercial complaints.  Using Remote Access Software, the fraudsters can then steal credit card information and conduct…

Read more →

A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been shown to pose a significant and ever-evolving cyber threat.  The malware leverages a multifaceted approach to evade detection and maintain persistence, employing advanced techniques such…

Read more →

Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved platforms. Identified as CVE-2025-21598, this flaw allows unauthenticated remote attackers to exploit a critical out-of-bounds read vulnerability in the routing protocol daemon (rpd). The vulnerability…

Read more →

CrowdStrike, a leader in cybersecurity, uncovered a sophisticated phishing campaign that leverages its recruitment branding to propagate malware disguised as an “employee CRM application.” This alarming attack vector begins with a fraudulent email impersonating CrowdStrike’s hiring team, coaxing recipients into…

Read more →

Apple Inc. says its commitment to user privacy, emphasizing that its products, such as the digital assistant Siri, are designed to safeguard personal data from the very beginning and not used for any advertising purpose. “Apple has never used Siri…

Read more →

Walker County Schools has reported that unauthorized access to personal data belonging to students and educators was achieved through the company’s student information system vendor, PowerSchool. Superintendent Damon Raines informed the community about the breach following an email notification from…

Read more →