The AhnLab Security intelligence Center (ASEC) has identified a sophisticated campaign where threat actors are leveraging Hangul Word Processor (.hwp) documents to disseminate the RokRAT remote access trojan (RAT), marking a departure from traditional methods that relied on shortcut (LNK)…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
NoName057(16) Hackers Target 3,700 Unique Devices Over the Last 13 Months
The pro-Russian hacktivist collective NoName057(16) has been documented executing distributed denial-of-service (DDoS) attacks against over 3,700 unique hosts, predominantly targeting government and public-sector entities in European nations aligned against Russia’s invasion of Ukraine. Emerging in March 2022 amid the full-scale…
UNC3944 Exploits VMware vSphere to Deploy Ransomware and Steal Data from Organizations
The Google Threat Intelligence Group has uncovered a highly advanced cyber operation orchestrated by the threat actor UNC3944, also linked to aliases such as “0ktapus,” “Octo Tempest,” and “Scattered Spider”. This financially motivated group has intensified its focus on sectors…
Splunk Guide to Detect, Mitigate, and Respond to the CitrixBleed 2 Vulnerability
The cybersecurity landscape is grappling with CVE-2025-5777, informally known as “CitrixBleed 2,” an out-of-bounds memory read vulnerability affecting Citrix NetScaler ADC and Gateway devices. This flaw, echoing the notorious CVE-2023-4966 from 2023, enables unauthenticated attackers to leak sensitive memory contents,…
Researchers Exploit Cursor Background Agents to Take Over Amazon EC2 Instance
Security researchers have successfully exploited vulnerabilities in Cursor’s Background Agents to gain unauthorized access to an Amazon EC2 instance, demonstrating critical risks associated with SaaS applications that integrate deeply with cloud infrastructure. The researchers immediately disclosed their findings to Cursor’s…
AI-Driven Wi-Fi Biometrics WhoFi Tracks Humans Behind Walls with 95.5% Accuracy
Researchers have introduced WhoFi, an AI-powered deep learning pipeline that leverages Wi-Fi Channel State Information (CSI) for person re-identification (Re-ID), achieving a remarkable 95.5% Rank-1 accuracy on the NTU-Fi dataset. Traditional visual Re-ID systems, reliant on convolutional neural networks (CNNs)…
Chinese Hackers Launch Targeted Campaign to Infect Windows Systems with Ghost RAT and PhantomNet Malware
Zscaler ThreatLabz, in collaboration with TibCERT, has uncovered two linked attack campaigns dubbed Operation GhostChat and Operation PhantomPrayers, attributed with high confidence to a China-nexus advanced persistent threat (APT) group. These operations targeted the Tibetan community by capitalizing on heightened…
Google Introduces OSS Rebuild to Boost Security in Open-Source Package Ecosystems
Google has unveiled OSS Rebuild, a pioneering project designed to enhance trust in package registries by independently reproducing upstream artifacts. This initiative targets the escalating threat of supply chain attacks on widely-used dependencies across Python’s PyPI, JavaScript/TypeScript’s npm, and Rust’s…
TP-Link Network Video Recorder Vulnerability Enables Arbitrary Command Execution
TP-Link has disclosed critical security vulnerabilities affecting two of its VIGI Network Video Recorder models, potentially allowing attackers to execute arbitrary commands on the underlying operating system. The vulnerabilities, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and…
Metasploit Module Released to Exploit SharePoint 0-Day Vulnerabilities
Security researchers have released a Metasploit exploitation module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server, marking a significant escalation in the threat landscape for enterprise collaboration platforms. The module exploits a chain of unauthenticated remote code execution flaws identified…
GitLab Publishes Security Update Addressing Several Vulnerabilities in Community and Enterprise Edition
GitLab has released critical security patches addressing six vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with two high-severity cross-site scripting (XSS) flaws requiring immediate attention from self-managed installations. The security update, distributed through versions 18.2.1, 18.1.3,…
AWS Client VPN for Windows Vulnerability Could Allow Privilege Escalation
Amazon Web Services has disclosed a critical security vulnerability in its Client VPN software for Windows that could allow non-administrative users to escalate their privileges to root-level access during the installation process. The vulnerability, tracked as CVE-2025-8069, affects multiple versions…
Weidmueller Industrial Routers Exposed to Remote Code Execution Flaws
Multiple high-severity security vulnerabilities have been discovered in Weidmueller Industrial Routers, potentially allowing attackers to execute arbitrary code with root privileges on affected devices. The German industrial automation company has released security patches to address five critical flaws affecting its…
SonicWall SMA 100 Vulnerabilities Allow Remote Execution of Arbitrary JavaScript
Cybersecurity vendor SonicWall issued a critical advisory highlighting three serious vulnerabilities affecting its Secure Mobile Access (SMA) 100 series appliances. Impacting SMA 210, SMA 410, and SMA 500v models running firmware version 10.2.1.15-81sv and earlier, the flaws could allow unauthenticated…
Key Operator of World’s Largest XSS Dark Web Platform Detained
International law enforcement agencies have dismantled one of the world’s most influential Russian-speaking cybercrime platforms following the arrest of its suspected administrator in a coordinated operation spanning France, Ukraine, and broader European cooperation. The takedown of xss.is represents a significant…
CISA Alerts on Google Chromium Input Validation Flaw Actively Exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe input validation vulnerability in Google Chromium that is currently being actively exploited by threat actors. The vulnerability, designated as CVE-2025-6558, poses significant risks to millions…
Hidden Backdoor in WordPress Plugins Grants Attackers Ongoing Access to Websites
Security researchers have discovered a concerning trend in which a highly skilled malware campaign has been targeting WordPress websites by using the frequently disregarded mu-plugins directory to insert a covert backdoor. This directory, short for “must-use plugins,” houses automatically activated…
Operation CargoTalon Targets Russian Aerospace & Defense to Deploy EAGLET Implant
SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as товарно-транспортная накладная (TTN) logistics documents, critical for Russian…
New ACRStealer Exploits Google Docs and Steam for C2 Server Using DDR Technique
ACRStealer, an infostealer malware that has been circulating since last year and gained momentum in early 2025, continues to evolve with sophisticated modifications aimed at evading detection and complicating analysis. Initially documented by AhnLab Security Intelligence Center (ASEC) for leveraging…
Clorox Files Lawsuit Against Cognizant Over Employee Password Leak to Hackers
The Clorox Company filed a major lawsuit against IT services provider Cognizant on July 22, 2025, seeking $380 million in damages over a devastating cyberattack that the cleaning products giant claims was enabled by Cognizant’s security failures. The lawsuit, filed…