Cyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate archive files, a tactic that exploits the commonality of such attachments in business correspondence. Despite…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
MuddyWater APT Targets CFOs via OpenSSH; Enables RDP and Scheduled Tasks
A sophisticated spear-phishing campaign attributed to the Iranian-linked APT group MuddyWater is actively compromising CFOs and finance executives across Europe, North America, South America, Africa, and Asia. The attackers impersonate recruiters from Rothschild & Co, deploying Firebase-hosted phishing pages that…
Threat Actors Weaponize PDF Editor Trojan to Convert Devices into Proxies
Researchers have discovered a complex campaign using trojanized software that uses authentic code-signing certificates to avoid detection and turn compromised machines into unintentional residential proxies, according to a recent threat intelligence notice from Expel Security. The operation begins with files…
High-Severity Mozilla Flaws Allow Remote Code Execution
Mozilla has released Firefox 142 to address multiple critical security vulnerabilities that could enable remote attackers to execute arbitrary code on affected systems. The Mozilla Foundation Security Advisory 2025-64, announced on August 19, 2025, details nine distinct vulnerabilities ranging from…
Kali Vagrant Rebuilt Released with Pre-Configured Command-Line VMs
Kali Linux has announced a major overhaul of its Vagrant virtual machine distribution system, transitioning from HashiCorp’s Packer to the DebOS build system for creating pre-configured command-line accessible VMs. This strategic shift unifies Kali’s VM building infrastructure while introducing new…
FBI Warns Russian State Hackers Targeting Critical Infrastructure Networking Devices
The Federal Bureau of Investigation (FBI) has issued a stark warning to the public, private sector, and international partners regarding persistent cyber threats from actors affiliated with the Russian Federal Security Service’s (FSB) Center 16. This unit, recognized in cybersecurity…
Russian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial System Configs
Static Tundra, a Russian state-sponsored threat actor connected to the FSB’s Center 16 unit, has been responsible for a sustained cyber espionage effort, according to information released by Cisco Talos. Operating for over a decade, this group specializes in compromising…
Microsoft 365 Adds New Feature for Admins to Manage Link Creation Policies
Microsoft announced on August 20, 2025, a significant enhancement to its Microsoft 365 administrative capabilities with the introduction of new tenant-level controls for managing org-wide sharing links for user-built Copilot agents. This feature, scheduled for general availability in mid-September 2025,…
New SHAMOS Malware Targets macOS Through Fake Help Sites to Steal Login Credentials
Cybersecurity researchers at CrowdStrike identified and thwarted a sophisticated malware campaign deploying SHAMOS, an advanced variant of the Atomic macOS Stealer (AMOS) malware, orchestrated by the cybercriminal group COOKIE SPIDER. Operating under a malware-as-a-service model, COOKIE SPIDER rents out this…
Commvault Backup Suite Flaws Allow Attackers to Breach On-Premises Systems
Security researchers have uncovered a critical series of vulnerabilities in Commvault’s backup and data management software that could enable attackers to achieve remote code execution and compromise on-premises infrastructure. The flaws, discovered by Watchtowr Labs, represent a significant threat to…
UNC5518 Group Hacks Legitimate Sites with Fake Captcha to Deliver Malware
The financially motivated threat group UNC5518 has been infiltrating trustworthy websites to install ClickFix lures, which are misleading phony CAPTCHA pages, as part of a complex cyber campaign that has been monitored since June 2024. These malicious pages trick users…
QUIC-LEAK Vulnerability Allows Attackers to Drain Server Memory and Cause DoS
Security researchers at Imperva have disclosed a critical pre-handshake memory exhaustion vulnerability in the widely-used LSQUIC QUIC implementation that enables remote attackers to crash servers through denial-of-service attacks. The flaw, designated CVE-2025-54939 and dubbed “QUIC-LEAK,” bypasses standard QUIC connection-level protections…
New Campaign Uses Active Directory Federation Services to Steal M365 Credentials
Researchers at Push Security have discovered a new phishing campaign that targets Microsoft 365 (M365) systems and uses Active Directory Federation Services (ADFS) to enable credential theft. This attack vector exploits Microsoft’s authentication redirect mechanisms, effectively turning a legitimate service…
MITM6 + NTLM Relay Attack Enables Full Domain Compromise
Cybersecurity researchers are highlighting a dangerous attack technique that combines rogue IPv6 configuration with NTLM credential relay to achieve complete Active Directory domain compromise, exploiting default Windows configurations that most organizations leave unchanged. Attack Leverages Default Windows IPv6 Behavior The…
22-year-old Operator of ‘Rapper Bot’ Botnet Charged for Launching 3 Tbps DDoS Attack
Federal authorities have charged a 22-year-old Oregon man with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever discovered, marking a significant victory in the ongoing battle against cybercriminal infrastructure. Ethan Foltz of Eugene, Oregon, faces federal charges…
Operator of ‘Rapper Bot’ DDoS Botnet Faces Charges
Federal authorities have charged a 22-year-old Oregon man with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever discovered, marking a significant victory in the ongoing battle against cybercriminal infrastructure. Ethan Foltz of Eugene, Oregon, faces federal charges…
CISA Issues Four ICS Advisories on Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) released four critical Industrial Control Systems (ICS) advisories on August 19, 2025, alerting organizations to current security vulnerabilities and potential exploits affecting critical infrastructure systems. These advisories provide essential information for administrators and…
Apple Confirms Critical 0-Day Under Active Attack – Immediate Update Urged
Apple has issued an emergency security update for iOS 18.6.2 and iPadOS 18.6.2 to address a critical zero-day vulnerability that the company confirms is being actively exploited in sophisticated attacks against targeted individuals. The update, released on August 20, 2025,…
Critical Flaw in Apache Tika PDF Parser Exposes Sensitive Data to Attackers
A critical XML External Entity (XXE) vulnerability has been discovered in Apache Tika’s PDF parser module, potentially allowing attackers to access sensitive data and compromise internal systems. The flaw, tracked as CVE-2025-54988, affects a wide range of Apache Tika deployments…
PromptFix Exploit Forces AI Browsers to Execute Hidden Malicious Commands
Cybersecurity researchers have uncovered critical vulnerabilities in AI-powered browsers that allow attackers to manipulate artificial intelligence agents into executing malicious commands without user knowledge, introducing what experts are calling a new era of “Scamlexity” in digital security threats. The research,…