Cisco has disclosed a critical security vulnerability in its Secure Firewall Management Center software that could allow unauthenticated attackers to remotely execute shell commands with elevated privileges. The flaw, tracked as CVE-2025-20265, carries a maximum CVSS score of 10.0 and…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Ransomware Actors Combine Legitimate Tools with Custom Malware to Evade Detection
Operators behind the Crypto24 strain are employing highly coordinated, multi-stage attacks that blend legitimate system tools with bespoke malware to infiltrate networks, maintain persistence, and evade endpoint detection and response (EDR) systems. According to detailed analysis from Trend Micro researchers,…
Threat Actors Leverage CrossC2 to Extend Cobalt Strike to Linux and macOS
JPCERT/CC verified a number of events in which threat actors were seen using CrossC2, an unofficial extension tool that creates Cobalt Strike Beacons that work with Linux and macOS. This campaign, which targeted Active Directory (AD) infrastructures, involved the use…
PS1Bot: Multi-Stage Malware Framework Targeting Windows Systems
Cisco Talos researchers have uncovered an aggressive malware campaign active since early 2025, deploying a sophisticated multi-stage framework dubbed PS1Bot, primarily implemented in PowerShell and C#. This threat actor leverages malvertising and SEO poisoning to distribute compressed archives with file…
New NFC-Based PhantomCard Malware Targets Android Banking Users
ThreatFabric analysts have uncovered PhantomCard, a sophisticated NFC-based Trojan designed to relay sensitive card data from victims’ devices to cybercriminals. This malware, which primarily targets banking customers in Brazil but shows potential for global expansion, exemplifies the growing interest among…
Google Mandates License or Certification for Crypto App Developers
The cryptocurrency ecosystem is experiencing heightened scrutiny from both regulatory authorities and criminal organizations, as Google Play implements stringent publishing requirements for crypto applications while the FBI warns of sophisticated recovery scams targeting previous fraud victims. These developments highlight the…
Threat Actors Use Advanced Tactics to Personalize Phishing for Malware Delivery
Threat actors are using topic customization as a more advanced strategy in targeted malware-delivery phishing campaigns as the environment of cyber threats changes. This method involves crafting personalized subject lines, attachment names, and embedded links to mimic authentic communications, fostering…
Hackers Exploit Microsoft Flaw to Breach Canadian House of Commons to Gain Unauthorized Access
The Canadian House of Commons has fallen victim to a significant cyberattack orchestrated by an unidentified “threat actor” who successfully exploited a recent Microsoft vulnerability to access sensitive government employee data. The incident, which occurred on Friday, August 9, 2025,…
Qilin Ransomware Dominates July with Over 70 Claimed Victims
The Qilin ransomware group has solidified its position as the most active threat actor in July 2025, marking its third top ranking in four months following the downturn of former leader RansomHub. According to cybersecurity intelligence from Cyble, Qilin claimed…
Microsoft IIS Web Deploy Vulnerability Allows Remote Code Execution
Microsoft has disclosed a critical security vulnerability in its Internet Information Services (IIS) Web Deploy tool that could allow attackers to execute arbitrary code remotely on affected systems. The vulnerability, designated as CVE-2025-53772, was announced on August 12, 2025, and…
CISA Publishes Operational Technology Guide for Critical Infrastructure Stakeholders
The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with eight other national cyber agencies, has released a comprehensive “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators.” Published on August 13, 2025, this new guide equips critical…
FireWood Malware Targets Linux Systems for Command Execution and Data Theft
Intezer’s Research Team has uncovered a new, low-detection variant of the FireWood backdoor, a sophisticated Linux-based remote access trojan (RAT) initially discovered by ESET researchers. Linked to the “Project Wood” malware lineage dating back to 2005, FireWood is associated with…
EncryptHub Turns Brave Support Into a Dropper; MMC Flaw Completes the Run
Trustwave SpiderLabs researchers have uncovered a sophisticated EncryptHub campaign that ingeniously abuses the Brave Support platform to deliver malicious payloads, leveraging the recently disclosed CVE-2025-26633 vulnerability in Microsoft Management Console (MMC). Dubbed MSC EvilTwin, this flaw enables attackers to execute…
Splunk Publishes Defender’s Guide to Spot ESXi Ransomware Early
Splunk has released a comprehensive defender’s guide aimed at helping cybersecurity teams detect and prevent ransomware attacks targeting ESXi infrastructure before they can cause widespread damage. The guide comes as organizations continue to face mounting pressure from cybercriminals who increasingly…
‘AI Induced Destruction’ – How AI Misuse is Creating New Attack Vectors
Cybersecurity firms are reporting a disturbing new trend in 2025: artificial intelligence assistants designed to boost productivity are inadvertently becoming destructive forces, causing massive system failures and data breaches. These incidents represent a fundamental shift from traditional external cybersecurity threats…
Windows Out-of-Box-Experience Flaw Enables Full Administrative Command Prompt Access
A newly documented vulnerability in Windows’ Out-of-Box-Experience (OOBE) allows users to bypass security restrictions and gain full administrative access to command prompt functionality, even when Microsoft’s intended protective measures are in place. Security researchers have identified an alternative method to…
Attackers Need Just One Vulnerability to Own Your Rooted Android
Android privilege escalation has been transformed by rooting frameworks such as KernelSU, APatch, and SKRoot, which use advanced kernel patching techniques to enable unauthorized code execution at the kernel level. These tools hook into critical system calls, such as prctl,…
Proxyware Campaign Piggybacks on Popular YouTube Video Download Services
The AhnLab Security Intelligence Center (ASEC) has uncovered fresh instances of proxyware distribution by threat actors leveraging deceptive advertising on freeware sites. Building on prior reports, such as the “DigitalPulse Proxyware Being Distributed Through Ad Pages” analysis, this campaign continues…
Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public
Security researchers have disclosed critical vulnerabilities in Xerox FreeFlow Core that enable unauthenticated remote attackers to execute arbitrary code on vulnerable systems. The proof-of-concept exploits are now publicly available, raising immediate concerns for organizations using the popular print orchestration platform.…
Critical WordPress Plugin Vulnerability Puts 70,000+ Sites at Risk of Remote Code Execution
A severe security vulnerability has been discovered in a popular WordPress plugin used by over 70,000 websites worldwide, potentially exposing them to complete takeover by malicious actors. The vulnerability, tracked as CVE-2025-7384, affects the “Database for Contact Form 7, WPforms,…