The North Korean state-sponsored advanced persistent threat (APT) group known as ScarCruft has been linked to a sophisticated malware campaign targeting South Korean users. Disguised as a postal-code update notice, this infection chain was uncovered by S2W’s Threat Analysis and…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Weaponized npm Packages Target WhatsApp Developers with Remote Kill Switch
Socket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting developers integrating with the WhatsApp Business API. Two malicious npm packages, naya-flore and nvlore-hsc, published by the npm user nayflore using the email idzzcch@gmail.com, disguise themselves as legitimate…
Weaponizing Microsoft 365 Direct Send to Bypass Email Security Defenses
Security researchers at StrongestLayer, in collaboration with Jeremy, a seasoned Security Architect at a major manufacturing firm, have exposed a multi-layered spear phishing attack that exploits Microsoft 365’s Direct Send feature to infiltrate corporate email systems. The campaign, flagged initially…
CISA Warns of ‘ToolShell’ Exploitation Chain Targeting SharePoint Servers; IOCs and Detections Released
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an exploitation chain dubbed “ToolShell” targeting on-premises Microsoft SharePoint servers. It leverages multiple vulnerabilities including CVE-2025-49704 (a remote code execution flaw via code injection, CWE-94), CVE-2025-49706 (improper…
Gemini AI Exploited via Google Invite Prompt Injection to Steal Sensitive User Data
Security researchers have discovered a series of critical vulnerabilities in Google’s Gemini AI assistant that allow attackers to exploit the system through seemingly innocent Google Calendar invitations and emails, potentially compromising users’ sensitive data and even controlling their smart home…
IRGC-Linked Hackers Target Financial, Government, and Media Organizations
A sophisticated network of hackers with ties to Iran’s Islamic Revolutionary Guard Corps (IRGC) unleashed a barrage of cyber-operations designed to disrupt adversaries, steal sensitive data, and propagate ideological narratives. SecurityScorecard’s STRIKE threat intelligence team analyzed over 250,000 messages from…
Hackers Exploit Legitimate Drivers to Disable Antivirus and Weaken System Defenses
Threat actors have been deploying a novel antivirus (AV) killer since at least October 2024, leveraging the legitimate ThrottleStop.sys driver to execute Bring Your Own Vulnerable Driver (BYOVD) tactics. This malware, detected by Kaspersky as Win64.KillAV., systematically terminates AV processes,…
Akamai Ghost Platform Flaw Allows Hidden Second Request Injection
Akamai Technologies disclosed a critical HTTP request smuggling vulnerability affecting its content delivery network platform that could allow attackers to inject hidden secondary requests through a sophisticated exploitation technique. The vulnerability, designated CVE-2025-32094, was discovered through the company’s bug bounty…
‘Ghost Calls’ Attack Exploits Web Conferencing as Hidden Command-and-Control Channel
Security researchers have unveiled a sophisticated new attack technique called “Ghost Calls” that exploits popular web conferencing platforms to establish covert command-and-control (C2) channels, effectively turning trusted business communication tools into hidden pathways for cybercriminals. The technique, presented by Adam…
HTTP/1.1 Vulnerability Could Let Attackers Hijack Millions of Sites
Security researchers have unveiled a fundamental vulnerability in HTTP/1.1 that could allow attackers to hijack millions of websites, highlighting a persistent threat that has plagued web infrastructure for over six years despite ongoing mitigation efforts. PortSwigger’s latest research reveals that…
SocGholish Uses Parrot and Keitaro TDS to Spread Malware via Fake Updates
SocGholish, operated by the threat actor group TA569, has solidified its role as a prominent Malware-as-a-Service (MaaS) provider, functioning as an Initial Access Broker (IAB) that sells compromised system access to various cybercriminal clients. Since its emergence around 2017-2018, this…
Nvidia Denies Presence of Backdoors, Kill Switches, or Spyware in Its Chips
Nvidia has issued a comprehensive denial regarding allegations that its graphics processing units contain backdoors, kill switches, or spyware, emphasizing that such features would fundamentally undermine global digital infrastructure and cybersecurity principles. The chipmaker’s statement comes amid growing discussions among…
New Active Directory Attack Method Bypasses Authentication to Steal Data
Security researchers have uncovered a novel attack technique that exploits weaknesses in hybrid Active Directory (AD) and Entra ID environments to bypass authentication and exfiltrate sensitive data. The method, showcased at Black Hat USA 2025 by cybersecurity expert Dirk-jan Mollema,…
HeartCrypt-Packed ‘AVKiller’ Tool Actively Deployed in Ransomware Attacks to Disable EDR
Threat actors are placing a higher priority on neutralizing endpoint detection and response (EDR) systems in order to remain stealthy in the dynamic world of multi-stage cyberattacks. Since 2022, malware sophistication has surged, with tools specifically engineered to disable EDR…
WhatsApp Removes 6.8 Million Accounts Over Malicious Activity Concerns
WhatsApp has permanently removed 6.8 million accounts during the first half of 2024 as part of an aggressive crackdown on global scamming operations, parent company Meta announced this week. The massive account purge primarily targeted sophisticated fraud networks operating from…
Hackers Exploit Social Engineering to Gain Remote Access in Just 5 Minutes
Cybersecurity experts are raising alarms over a sophisticated social engineering attack that allowed threat actors to compromise corporate systems in under five minutes, according to a recent incident response investigation by NCC Group’s Digital Forensics and Incident Response (DFIR) team.…
New Microsoft Exchange Server Vulnerability Allows Unauthorized Admin Privilege Escalation
Microsoft has disclosed a high-severity security vulnerability affecting Exchange Server hybrid deployments that could allow attackers with administrative access to escalate privileges and potentially compromise an organization’s entire cloud and on-premises infrastructure. The vulnerability, tracked as CVE-2025-53786, was announced on…
Google’s Salesforce Environment Compromised – User Information Exfiltrated
Google has confirmed that one of its corporate Salesforce instances was breached in June by sophisticated threat actors, resulting in the theft of contact information for small and medium businesses. The incident highlights the growing threat of voice phishing attacks…
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT
North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware represents a reimplementation of the earlier…
Akira and Lynx Ransomware Target MSPs Using Stolen Credentials and Exploited Vulnerabilities
The Acronis Threat Research Unit (TRU) dissected recent samples from the Akira and Lynx ransomware families, revealing incremental enhancements in their ransomware-as-a-service (RaaS) models and double-extortion strategies. Both groups leverage stolen credentials, VPN vulnerabilities, reconnaissance, privilege escalation, defense evasion, and…