SentinelLABS has exposed a sophisticated series of cryptocurrency scams where threat actors distribute malicious smart contracts masquerading as automated trading bots, resulting in the drainage of user wallets exceeding $900,000 USD. These scams leverage obfuscated Solidity code deployed on platforms…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least…
UAC-0099 Hackers Weaponize HTA Files to Deploy MATCHBOIL Loader Malware
UAC-0099 is a threat actor organization that has been targeting state officials, defense forces, and defense-industrial firms in a series of sophisticated cyberattacks that Ukraine’s CERT-UA has been investigating. The attacks typically initiate with phishing emails from UKR.NET addresses, featuring…
Threat Actors Use GenAI to Launch Phishing Attacks Mimicking Government Websites
Threat actors are increasingly leveraging generative AI (GenAI) tools to craft highly convincing phishing websites that impersonate legitimate government portals. As highlighted by Zscaler ThreatLabz in their recent reports and blogs, the dual nature of GenAI empowering productivity for legitimate…
Sophisticated DevilsTongue Spyware Tracks Windows Users Worldwide
Insikt Group has uncovered new infrastructure tied to the Israeli spyware vendor Candiru, now operating under Saito Tech Ltd., highlighting the persistent deployment of its advanced DevilsTongue malware. Utilizing Recorded Future Network Intelligence, researchers identified eight distinct operational clusters, each…
CAPTCHAgeddon: Fake CAPTCHA Used in New ClickFix Attack to Deploy Malware Payload
ClickFix, which began as a red-team simulation tool in September 2024, has quickly developed into a widespread malware delivery system that outcompetes its predecessors, such as the ClearFake phony browser update fraud. Initially demonstrated by security researcher John Hammond for…
Fake Antivirus App Delivers LunaSpy Malware to Android Devices
A sophisticated cybercrime campaign has been discovered targeting Android users through fake antivirus applications that actually deliver LunaSpy spyware to victims’ devices. Security researchers have identified this malicious operation as an active threat that exploits users’ security concerns to gain…
WhatsApp Adds Security Feature to Help Users Spot and Avoid Malicious Messages
WhatsApp is rolling out enhanced security measures to combat the surge in scam messages targeting users worldwide, as criminal organizations increasingly exploit messaging platforms to defraud unsuspecting victims. The new features come as federal authorities report a dramatic spike in…
Pandora Jewellery Hit by Cyberattack, Customer Data Compromised
Pandora, the world-renowned Danish jewelry retailer, recently suffered a major cybersecurity incident involving unauthorized access to customer information through a third-party vendor platform. The company confirmed the cyberattack was promptly identified and contained, with immediate security reinforcements implemented. Official communications…
Rockwell Arena Simulation Flaws Allow Remote Execution of Malicious Code
Rockwell Automation has disclosed three critical memory corruption vulnerabilities in its Arena Simulation software that could allow attackers to execute malicious code remotely. The vulnerabilities, discovered during routine internal testing, affect all versions of Arena Simulation 16.20.09 and earlier, potentially…
Akira Ransomware Uses Windows Drivers to Bypass AV/EDR in SonicWall Attacks
Security researchers have identified a sophisticated new tactic employed by Akira ransomware operators, who are exploiting legitimate Windows drivers to evade antivirus and endpoint detection systems while targeting SonicWall VPN infrastructure. This development represents a significant escalation in the group’s…
Threat Actors Poison Bing Search Results to Distribute Bumblebee Malware via ‘ManageEngine OpManager’ Queries
Threat actors leveraged SEO poisoning techniques to manipulate Bing search results, directing users querying for “ManageEngine OpManager” to a malicious domain, opmanager[.]pro. This site distributed a trojanized MSI installer named ManageEngine-OpManager.msi, which covertly deployed the Bumblebee malware loader while installing…
Chinese Hackers Exploit SharePoint Flaws to Deploy Backdoors, Ransomware, and Loaders
Unit 42 researchers have identified significant overlaps between Microsoft’s reported ToolShell exploit chain targeting SharePoint vulnerabilities and a tracked activity cluster dubbed CL-CRI-1040. This cluster, active since at least March 2025, deploys a custom malware suite named Project AK47, comprising…
Chinese Hackers Breach Exposes 115 Million U.S. Payment Cards
Security researchers have uncovered a highly advanced network of Chinese-speaking cybercriminal syndicates orchestrating smishing attacks that exploit digital wallet tokenization, potentially compromising up to 115 million payment cards in the United States alone. These operations, which evolved dramatically since August…
Trend Micro Apex One Hit by Actively Exploited RCE Vulnerability
Trend Micro has issued an urgent security bulletin warning customers of critical remote code execution vulnerabilities in its Apex One on-premise management console that are being actively exploited by attackers in the wild. The cybersecurity company disclosed two command injection…
Adobe AEM Forms 0-Day Vulnerability Allows Attackers to Run Arbitrary Code
Adobe has released critical security updates for Adobe Experience Manager (AEM) Forms on Java Enterprise Edition following the discovery of two severe vulnerabilities that could enable attackers to execute arbitrary code and read sensitive files from affected systems. Critical Security…
10 Best IT Asset Management Tools in 2025
In today’s fast-paced digital landscape, effective IT Asset Management (ITAM) is crucial for organizations to maintain control over their hardware, software, and cloud assets. Modern ITAM tools in 2025 are evolving beyond simple inventory management, incorporating AI and machine learning…
Threat Actors Weaponizing RMM Tools to Gain System Control and Exfiltrate Data
Adversaries are using Remote Monitoring and Management (RMM) tools more frequently as dual-purpose weapons for initial access and persistence in the constantly changing world of cyber threats. These legitimate software solutions, typically employed by IT professionals for system administration, are…
Millions of Dell PCs at Risk from Broadcom Vulnerability Enabling Remote Hijack
Cybersecurity researchers at Cisco Talos have discovered five critical vulnerabilities in Dell’s ControlVault3 security hardware that could affect millions of business laptops worldwide. The flaws, collectively dubbed “ReVault,” enable attackers to remotely hijack systems and maintain persistent access even after…
CISA Alerts on Ongoing Exploits Targeting D-Link Device Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its campaign to protect U.S. networks by adding three newly exploited D-Link device vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. The alert, issued on August 5, 2025, emphasizes a rising…