Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding multiple vulnerabilities identified in Contec Health’s CMS8000 Patient Monitor. These flaws pose significant security risks, potentially allowing remote attacks, privacy breaches, and unauthorized data access. The vulnerabilities,…

Read more →

A critical unauthenticated Remote Code Execution (RCE) vulnerability has been identified in D-Link’s DSL-3788 routers, specifically hardware revisions Ax/Bx running firmware version v1.01R1B036_EU_EN or below. This flaw enables attackers to gain full remote access to the device, posing significant security…

Read more →

Microsoft has announced updates to its Microsoft 365 (M365) Bug Bounty Program, offering expanded services, clearer guidelines, and bounty rewards ranging from $500 to a significant $27,000. The initiative reflects Microsoft’s ongoing commitment to cybersecurity and enlisting global security researchers…

Read more →

Authorities have delivered a major blow to the cybercrime world by dismantling two of the largest hacking forums globally—Cracked.io and Nulled.to—bringing down platforms that catered to over 10 million users. This Europol-supported operation, dubbed “Operation Talent“, was spearheaded by German authorities…

Read more →

Tata Technologies, a leading provider of engineering and IT services, has reported a ransomware attack on its IT infrastructure. The company disclosed the incident through an official communication to stock exchanges, including the Bombay Stock Exchange (BSE) and the National…

Read more →

A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed by cybersecurity researchers. Introduced by James Forshaw and further developed using the Responder and krbrelayx tools, this approach exploits local name resolution protocols like LLMNR…

Read more →

Doppler, the leading provider of secrets management solutions, announced a new integration with Datadog, a cloud application monitoring and security platform. This collaboration provides engineering and operations teams with an integrated solution for securely managing sensitive credentials and gaining insights…

Read more →

A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored cyberespionage operation, tracked as CL-STA-0048. The campaign targeted high-value organizations in South Asia, particularly a telecommunications company. Employing rare tactics and tools, the attackers leveraged…

Read more →

Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed to exploit tax filing season. These operations, targeting countries such as the UK, US, Switzerland, and Australia, leverage tax-related themes to dupe victims into divulging…

Read more →

The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated threat. This Ransomware-as-a-Service (RaaS) operation, first observed in May 2024, has rapidly evolved, executing coordinated attacks that disrupt critical processes, encrypt data, and hinder recovery…

Read more →

Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass, is facing scrutiny after the discovery of severe memory protection vulnerabilities in its products. Despite having established itself as a trusted name for safeguarding user…

Read more →

Microsoft has introduced “Administrator Protection” (AP), a sophisticated security feature aimed at elevating Windows operating system security by redefining how administrative privileges are managed and reducing the risk of privilege escalation attacks. Detailed in its latest technical blog post, this…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued seven Industrial Control Systems (ICS) advisories, highlighting critical vulnerabilities in systems vital to industrial and operational processes. These advisories aim to enhance awareness and encourage mitigation strategies to maintain the…

Read more →

In a recent discovery by Socket researchers, a malicious npm package named postcss-optimizer has been identified as an operation spearheaded by the North Korean state-sponsored group, Lazarus Advanced Persistent Threat (APT). Tied to past campaigns and employing code-level similarities, the…

Read more →

TeamViewer, a widely used remote access software, has announced a critical vulnerability in its Windows clients. The company disclosed on January 28, 2025, that its software is affected by a security flaw that could allow local attackers to escalate privileges.…

Read more →

A recent investigation conducted by STRIKE, a division of SecurityScorecard, has unveiled the intricate and far-reaching operation of the Lazarus Group, a North Korean advanced persistent threat (APT) group. Dubbed “Operation Phantom Circuit,” the campaign highlights a deliberate and sophisticated…

Read more →

Cybersecurity researchers have uncovered a sophisticated Android malware campaign known as “Tria Stealer,” which is targeting users in Malaysia and Brunei to collect sensitive information such as SMS data, call logs, WhatsApp messages, and emails. The malware campaign, which has…

Read more →

A new wave of cybercrime is surfacing as hackers exploit compromised emails and digital advertising platforms to create a thriving underground economy. This illegal marketplace, primarily hosted on the dark web, trades in aged and pre-verified accounts, offering tech-savvy criminals…

Read more →

In a critical development within the AI industry, researchers at Noma Security have disclosed the discovery of a high-severity Remote Code Execution (RCE) vulnerability in Lightning AI Studio, a widely adopted AI development platform. The vulnerability, assigned a CVSS score…

Read more →

Cybersecurity researchers have identified a persistent trend in which threat actors exploit vulnerabilities in government websites to further phishing campaigns. Based on data spanning November 2022 through November 2024, malicious actors have misused numerous .gov top-level domains (TLDs) across more…

Read more →