Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Threat actors are using open-source software (OSS) repositories to install malicious code into trusted applications, particularly targeting cryptocurrency software. The ReversingLabs (RL) research team has identified a pattern where attackers upload seemingly legitimate packages to repositories like npm, which then…

Read more →

Enterprises are facing heightened cyber threats as attackers increasingly target network infrastructure, particularly routers, following a trend noted in Forescout Research Vedere Labs’ 2025 report on the riskiest connected devices. The Forescout report reveals a significant shift in the cybersecurity…

Read more →

Semiconductor companies, pivotal in the tech industry for their role in producing components integral to everything from consumer electronics to critical defense systems, are under siege from sophisticated cyber threats. These firms design, manufacture, and sell semiconductors, crucial elements with…

Read more →

Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious endeavors. Email bombing, known also as a “spam bomb,” involves flooding a target’s email inbox with a massive volume of emails, overwhelming the recipient and…

Read more →

INE Security Highlights How Practical, immersive training environments help defense contractors meet DoD cybersecurity requirements Defense contractors are facing increased pressure to meet the Department of Defense’s stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines. INE Security,…

Read more →

Sensata Technologies Holding PLC, a global leader in sensor solutions and electrical protection, is currently grappling with the fallout of a ransomware attack that has disrupted its operations and compromised sensitive files. The breach, first reported on April 6, 2025,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten new Industrial Control Systems (ICS) advisories to address critical vulnerabilities and exploits that could impact key industrial systems. Released on April 10, 2025, these advisories provide crucial insights into ongoing…

Read more →

Cybersecurity experts at Sublime have uncovered a complex malware campaign revolving around TROX Stealer, an information stealer that employs urgency to deceive victims. This malware, first detected in December 2024, highlights an intricate attack chain designed to extract sensitive data…

Read more →

Microsoft has fortified its Exchange Server and SharePoint Server security by integrating advanced Antimalware Scan Interface (AMSI) capabilities. This measure, aimed at countering sophisticated attack vectors, represents a crucial step to safeguard on-premises infrastructure that serves as the backbone of…

Read more →

A severe security flaw enabling unauthenticated remote code execution (RCE) with root privileges has been uncovered in select Calix networking devices, raising alarms for organizations using legacy hardware. The vulnerability resides in TCP port 6998 and impacts end-of-life (EOL) devices…

Read more →

Smishing Triad, a Chinese eCrime group, has launched an extensive operation targeting users across more than 121 countries. This campaign, primarily focused on stealing banking credentials, has evolved to include diverse industries, from postal and logistics to finance and retail…

Read more →

A vulnerability in AMD CPUs has been uncovered, enabling attackers with administrative privileges to bypass microcode signature verification and execute malicious code. Designated as CVE-2024-36347 (CVSS score: 6.4, Medium), the flaw impacts multiple generations of AMD EPYC™ server processors and select consumer…

Read more →

A critical unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-22457, has been disclosed by Ivanti, sparking concerns across the cybersecurity industry. The flaw, which affects several Ivanti products, allows attackers to execute arbitrary code remotely, potentially compromising sensitive enterprise environments. Researchers, including the Rapid7…

Read more →

A recent cybersecurity revelation has demonstrated how researchers successfully bypassed Windows Defender antivirus mechanisms using advanced techniques involving XOR encryption and direct system calls. This breakthrough has sparked discussions about the effectiveness of traditional antivirus measures against increasingly sophisticated attack…

Read more →

A newly disclosed vulnerability affecting Jenkins Docker images has raised serious concerns about network security. The vulnerability, stemming from the reuse of SSH host keys, could allow attackers to impersonate Jenkins build agents and hijack sensitive network traffic. Vulnerability Details…

Read more →

Microsoft has released an urgent patch for Office 2016 to address a critical issue causing key applications like Word, Excel, and Outlook to crash unexpectedly. The new update, KB5002623, was issued on April 10, 2025, following widespread reports of performance…

Read more →

The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been observed targeting a Western country’s military mission located within Ukraine, employing an updated, PowerShell-based version of its GammaSteel infostealer malware. This campaign, which began in…

Read more →

AhnLab Security Intelligence Center (ASEC) has unearthed a complex cyber campaign in which attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware to unsuspecting Korean users. This operation has employed cracked software and torrents as vectors for spreading…

Read more →

RansomHub, a leading Ransomware-as-a-Service (RaaS) group that emerged in early 2024, has found itself grappling with internal turmoil. The instability came to light on April 1st, 2025, when several of its client chat portals, critical for ransomware negotiations, went offline,…

Read more →

A Cisco’s Smart Install protocol (CVE-2018-0171), first patched in 2018, remains a pervasive threat to global network infrastructure due to widespread misconfigurations and exploitation by state-sponsored threat actors. The flaw allows unauthenticated attackers to execute arbitrary code on Cisco switches…

Read more →

The threat actor known as GOFFEE has launched a series of targeted attacks against critical sectors within the Russian Federation, utilizing advanced malware and phishing techniques. The group’s latest campaign involves the deployment of PowerModul, a PowerShell-based implant, to escalate…

Read more →

A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave over 100,000 websites at risk. The issue, discovered by security researcher mikemyers, allows attackers to create rogue administrative users on sites where the plugin is not…

Read more →

AI has recently been added to the list of things that keep cybersecurity leaders awake. The increasing popularity of and easy access to large language models (LLMs), such as ChatGPT, DeepSeek, and Gemini, have enabled threat actors to scale and…

Read more →

A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing…

Read more →

SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client. These vulnerabilities, identified via several Common Vulnerabilities and Exposures (CVEs), could allow malicious actors to exploit privilege management flaws, trigger local privilege escalation, or manipulate…

Read more →

Dell Technologies has issued an urgent security advisory to its users, warning of several critical vulnerabilities in its PowerScale OneFS operating system. These flaws, if exploited, could allow attackers to take over high-privileged user accounts, bypass authorization controls, and disrupt…

Read more →

A critical security vulnerability has been discovered in the Langflow AI Builder, a popular tool for creating agentic AI workflows. The flaw, tracked as CVE-2025-3248, enables unauthenticated remote attackers to compromise servers running Langflow, potentially leading to full server control.  Security…

Read more →

Cybersecurity researchers are raising alarms about Cable, a potent open-source post-exploitation toolkit designed to exploit Active Directory (AD) vulnerabilities. With 298 GitHub stars and 33 forks since its release, this .NET-based tool is rapidly gaining traction among threat actors for its…

Read more →

A critical vulnerability has been discovered in TP-Link’s Smart Hub, potentially exposing users’ Wi-Fi credentials to malicious actors. This flaw could allow attackers to gain unauthorized access to sensitive information, posing significant risks to affected users. The vulnerability, identified as CVE-2025-0072,…

Read more →

A hacker operating under the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, a leading e-commerce platform used globally to power online stores. The breach, allegedly carried out on April 6, 2025, has reportedly compromised sensitive…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts regarding two actively exploited vulnerabilities in the Linux Kernel. The flaws, tagged as CVE-2024-53197 and CVE-2024-53150, both reside in the USB-audio driver. These vulnerabilities could potentially allow attackers to manipulate…

Read more →

In a major victory against cybercrime, law enforcement agencies across North America and Europe have dismantled the infrastructure behind the Smokeloader malware, a notorious pay-per-install (PPI) botnet service. This decisive action, a continuation of the groundbreaking Operation Endgame from May…

Read more →

The cybersecurity realm has encountered a formidable adversary with the emergence of CatB ransomware, also known as CatB99 or Baxtoy. First identified in late 2022, this strain has caught the eye of security analysts due to its sophisticated evasion techniques…

Read more →

AkiraBot, identified by SentinelLABS, represents a sophisticated spam bot framework that targets website chats and contact forms to promote low-quality SEO services. Since its inception in September 2024, AkiraBot has impacted over 420,000 unique domains, successfully spamming at least 80,000…

Read more →

Southeast Asian Advanced Persistent Threat (APT) group OceanLotus, also known as APT32, has been identified as employing GitHub to conduct a sophisticated poison attack against Chinese cybersecurity professionals. The ThreatBook Research and Response Team has meticulously analyzed this incident, which…

Read more →

A newly disclosed denial-of-service (DoS) vulnerability in Palo Alto Networks’ PAN-OS software enables attackers to force firewalls into repeated reboots using maliciously crafted packets. Tracked as CVE-2025-0128, the flaw impacts SCEP (Simple Certificate Enrollment Protocol) authentication and poses significant risks to…

Read more →

A sophisticated new red team technique dubbed “RemoteMonologue” has emerged, enabling attackers to remotely harvest NTLM credentials without deploying malicious payloads or accessing the Local Security Authority Subsystem Service (LSASS). As traditional methods of credential theft face increasing scrutiny from…

Read more →

The open-source Linux firewall solution, IPFire, has officially released its latest version, IPFire 2.29 – Core Update 193. This landmark update introduces cutting-edge post-quantum encryption capabilities for IPsec tunnels, along with extensive system upgrades to bolster security, performance, and hardware optimization for…

Read more →

Palo Alto Networks has disclosed a medium-severity vulnerability (CVE-2025-0127) in its PAN-OS software, enabling authenticated administrators on VM-Series firewalls to execute arbitrary commands with root privileges. The flaw, discovered internally, affects specific legacy PAN-OS versions and requires immediate patching for impacted users.…

Read more →

The OpenSSH team has announced the release of OpenSSH 10.0 on April 9, marking an important milestone for one of the most widely-used open-source tools in secure communications. With significant protocol changes, security advancements, and new features, this version aims to provide…

Read more →

Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal underground, revealing the intricate web of tools, techniques, and cultural elements defining this notorious cybercrime ecosystem. The report highlights the sophistication and resilience of this…

Read more →

Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow—a…

Read more →

The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting scope since late December 2024. Initially, the group focused on infiltrating India’s government, defense, maritime sectors, and university students. Recent developments indicate an inclusion of…

Read more →

The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as Scattered Spider. Active since at least 2022, this group has been consistently refining its strategies for system compromise, data exfiltration, and identity theft. Silent Push…

Read more →

Threat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic, costing businesses millions. This type of fraud involves artificially triggering SMS verification requests by creating numerous synthetic identities or using automated bots, thereby inflating the…

Read more →

North Korean threat actors have demonstrated their adept use of social engineering techniques combined with Python scripting to infiltrate secure networks. The Democratic People’s Republic of Korea (DPRK) operatives are leveraging the accessibility and power of Python to craft initial…

Read more →

GreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video Recorders (DVRs). The surge in malicious activity, peaking on April 3, 2025, with over 2,500 unique IP addresses, suggests a new variant of the notorious Mirai…

Read more →

In a disturbing escalation of cyber threats, a new malware campaign dubbed ‘HollowQuill’ has been identified targeting academic institutions and government agencies worldwide. This sophisticated attack leverages weaponized PDF documents to infiltrate systems, using a combination of social engineering and…

Read more →

Microsoft has disclosed a new security vulnerability in Windows operating systems, tracked as CVE-2025-29809. This flaw, classified with Important severity, impacts the Kerberos authentication protocol, potentially enabling attackers to bypass critical security features. The vulnerability stems from weaknesses described under CWE-922: Insecure Storage of…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert highlighting a critical vulnerability in Gladinet CentreStack, a cloud-based enterprise file-sharing platform. The issue, tracked as CVE-2025-30406, involves the use of a hard-coded cryptographic key that could enable attackers to…

Read more →

The cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors. Hellcat, which emerged in mid-2024, now employs a sophisticated blend of psychological manipulation, zero-day vulnerabilities, and…

Read more →

Ransomware attacks have continued their relentless assault on organizations worldwide, with a focus on data exfiltration and subsequent blackmail through leak site posts. Rapid7 Labs’ analysis of internal and public data provides insights into the evolving landscape of ransomware threats.…

Read more →

Microsoft has uncovered a sophisticated ransomware campaign exploiting a zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824. The vulnerability allows attackers to escalate privileges from a standard user account to SYSTEM level, enabling widespread deployment…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a critical vulnerability in the Microsoft Windows Common Log File System (CLFS) Driver. The vulnerability, tracked as CVE-2025-29824, poses a significant security risk by allowing…

Read more →

GCHQ’s National Cyber Security Centre (NCSC), in collaboration with international and industry partners, has issued a global alert regarding two dangerous spyware applications – MOONSHINE and BADBAZAAR – aiming to help vulnerable communities protect themselves from digital surveillance. The NCSC…

Read more →

A critical flaw in Apache mod_auth_openidc (versions ≤2.4.16.10) allows unauthenticated attackers to bypass authentication and access protected resources. The bug, CVE-2025-31492, patched in version 2.4.16.11, affects systems using OIDCProviderAuthRequestMethod POST without an application-level gateway or load balancer. Technical Breakdown The vulnerability stems from improper…

Read more →

Microsoft has disclosed an active exploitation of a zero-day vulnerability in the Windows Common Log File System (CLFS) driver, tracked as CVE-2025-29824. The flaw, classified as an Elevation of Privilege (EoP) vulnerability, has been assigned a CVSS score of 7.8, indicating its significant security…

Read more →

Google has rolled out a critical update for its Chrome browser, addressing a high-severity vulnerability that could allow remote code execution. The flaw, identified as CVE-2025-3066, targets Chrome’s Site Isolation feature, underscoring the importance of regular browser updates in protecting…

Read more →

In today’s digital era, organizations face an ever-growing threat landscape, with cyberattacks, data breaches, and system failures becoming increasingly common. Incident response has emerged as a vital component of cybersecurity strategies, ensuring businesses can effectively detect, manage, and recover from…

Read more →

Elastic, the company behind Kibana, has released critical security updates to address a high-severity vulnerability identified as CVE-2024-12556. The flaw, referred to as “Kibana Prototype Pollution,” could allow attackers to execute arbitrary code by exploiting a combination of unrestricted file…

Read more →

A recently discovered vulnerability in the AWS Systems Manager (SSM) Agent, a cornerstone of Amazon Web Services (AWS) used for managing EC2 instances and on-premises servers, has raised critical security concerns. This security flaw, identified as a Path Traversal vulnerability,…

Read more →

Microsoft has rolled out its April 2025 Patch Tuesday update, addressing 121 security vulnerabilities across its software ecosystem. This comprehensive update includes fixes for critical issues such as the elevation of privilege, remote code execution, and information disclosure vulnerabilities. Among…

Read more →

Cybersecurity experts have uncovered an alarming escalation in cyber-espionage operations targeting Ukrainian critical sectors, as outlined in CERT-UA’s latest alert, CERT-UA#14303. The campaign, attributed to the UAC-0226 hacking group, leverages a sophisticated C/C++-based stealer called GIFTEDCROOK to infiltrate systems, steal…

Read more →

A recent malware distribution scheme has been uncovered on SourceForge, the popular software hosting and distribution platform. Cybercriminals have leveraged SourceForge’s subdomain feature to deceive users with fake downloads of software applications, embedding malicious files into the infection chain. This…

Read more →

A recently disclosed SQL injection vulnerability in older versions of the Shopware platform has raised concerns among online shop operators. Although Shopware has addressed the issue in its latest release (version 6.5.8.13), it has been revealed that the fix provided…

Read more →

In a disturbing evolution of financial fraud, cybercriminals are leveraging advanced techniques to exploit mobile payment systems such as Apple Pay and Google Wallet. Once reliant on magnetic stripe card cloning, fraudsters have adapted to breakthroughs in card security technology…

Read more →

Vidar Stealer a notorious information-stealing malware has adopted a deceptive method to disguise itself as Microsoft’s BGInfo application. By exploiting a legitimate tool widely used by IT professionals to display system details, attackers have demonstrated advanced techniques to evade detection…

Read more →

A newly disclosed vulnerability in Zoom Workplace Apps (tracked as CVE-2025-27441 and CVE-2025-27442) allows attackers to inject malicious scripts via cross-site scripting (XSS) flaws, posing risks to millions of users globally. The medium-severity vulnerability, with a CVSS score of 4.6,…

Read more →

Fortinet has revealed and resolved several vulnerabilities within its range of products, such as FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiVoice, FortiWeb, and FortiSwitch. These weaknesses vary from inadequate filtering of log outputs to unconfirmed password modifications and poorly secured credentials. The…

Read more →

Ivanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing multiple vulnerabilities in its Endpoint Manager (EPM) products. The updates for EPM 2024 SU1 and EPM 2022 SU7 resolve six critical and medium-severity flaws that could…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in CrushFTP, a popular file transfer server solution. Identified as CVE-2025-31161, the vulnerability allows attackers to bypass authentication, posing significant risks to organizations relying…

Read more →

Over 5,000 Ivanti Connect Secure devices remain vulnerable to a critical remote code execution (RCE) flaw, according to data from the Shadowserver Foundation. The vulnerability, tracked as CVE-2025-22457, stems from a stack-based buffer overflow issue, enabling unauthenticated attackers to execute arbitrary…

Read more →

Recent research by Unit 42 highlights critical vulnerabilities in the use of OpenID Connect (OIDC) within continuous integration and continuous deployment (CI/CD) environments. OIDC, an extension of the OAuth protocol, is widely adopted for secure authentication and authorization, playing a…

Read more →

A sophisticated cryptomining campaign has been uncovered, targeting developers through malicious Visual Studio Code (VS Code) extensions. These extensions, masquerading as legitimate tools, have collectively accumulated over one million installations, exposing the scale of the attack. Researchers at ExtensionTotal detected…

Read more →

Radware’s comprehensive research into the cybersecurity landscape has uncovered significant trends shaping the financial services industry’s vulnerabilities in 2024. The analysis, conducted across 46 deep-web hacker forums, identified over 26,000 threat actors’ discussions that revealed increasingly sophisticated cyberattack methods. The…

Read more →

The National Institute of Standards and Technology (NIST) has announced that all Common Vulnerabilities and Exposures (CVEs) with a publication date before January 1, 2018, will now be marked with a “Deferred” status within the National Vulnerability Database (NVD). This…

Read more →

Google has announced a groundbreaking update to its Chrome browser that addresses a vulnerability in the web browser’s code, which has been leaking users’ browsing history for over two decades. This long-standing issue stems from the CSS :visited selector—a web design feature…

Read more →

SAP Security Patch Day has introduced a critical update to address vulnerabilities in SAP products, including high-severity code injection weaknesses. A total of 18 new Security Notes, along with 2 updates to existing notes, were released to tackle serious risks such as unauthorized…

Read more →

Oracle Corporation has officially confirmed a cybersecurity breach in which hackers infiltrated its systems and stole client login credentials. This marks the second security incident disclosed by the software giant in less than a month, raising alarm among customers and…

Read more →

The Linux kernel community has witnessed another milestone with the release of Linux 6.15-rc1, the first release candidate for the forthcoming Linux 6.15 stable release. Announced by Linus Torvalds on April 6, 2025, in Phoronix blog, this marks the conclusion…

Read more →

The Google Threat Intelligence Group (GTIG) has unearthed a novel phishing campaign leveraging Windows Remote Desktop Protocol (.RDP) files to facilitate unauthorized remote access. Dubbed “Rogue RDP,” this campaign specifically targeted European government and military organizations in late 2024. The…

Read more →

Originally discovered in 2020 as a Phishing-as-a-Service (PhaaS) platform, Morphing Meerkat has since evolved into a sophisticated cybercriminal tool. Initially capable of mimicking login pages for only five email services, the platform has expanded its capabilities, now encompassing over 100…

Read more →

A threat actor disclosed internal data from Medialand, a prominent bulletproof hosting (BPH) provider long associated with Yalishanda, a cybercriminal organization tracked as LARVA-34. The breach has exposed the backend systems and operational infrastructure of Medialand, which has historically facilitated…

Read more →

Google has issued critical security updates to address a recently discovered zero-day vulnerability actively exploited in Android devices. The Android Security Bulletin for April 2025 highlights the details of multiple security vulnerabilities, including high-profile issues such as CVE-2024-53150 and CVE-2024-53197, which have reportedly…

Read more →

WK Kellogg Co., one of the world’s leading cereal and snack manufacturers, has fallen victim to a significant data breach, exposing the sensitive information of an undisclosed number of individuals. The breach, which occurred on December 7, 2024, was only…

Read more →

A new malicious AI tool, Xanthorox AI, has emerged on underground hacker forums. Dubbed the “Killer of WormGPT and all EvilGPT variants,” Xanthorox AI is poised to outpace previous AI-powered cyber tools in its versatility, stealth, and offensive capabilities, making it…

Read more →

A critical vulnerability (CVE-2025-32032) has been identified in Apollo Router, a widely used GraphQL federation tool, allowing attackers to trigger resource exhaustion and denial-of-service (DoS) conditions. Rated 7.5 (High) on the CVSS v3.1 scale, the flaw impacts users running unpatched versions of…

Read more →

A critical vulnerability identified as CVE-2025-30401 was recently disclosed, highlighting a major security flaw in WhatsApp for Windows. This issue, which primarily affects desktop application versions prior to 2.2450.6, allowed attackers to exploit mismatched file metadata to execute arbitrary code on unsuspecting…

Read more →

Security researchers have uncovered a critical vulnerability (CVE-2025-3155) in Ubuntu’s default help browser Yelp that could expose sensitive system files including SSH private keys. The flaw impacts Ubuntu desktop installations and stems from improper handling of XML content in GNOME’s…

Read more →

TechCrunch has uncovered a concerning development in consumer-grade spyware: a stealthy Android monitoring app that employs password-protected uninstallation to prevent removal. This app, which abuses built-in Android features like overlay permissions and device admin access, exemplifies the escalating technical sophistication…

Read more →

In a sophisticated cybercrime operation, the Smishing Triad, a China-based group, has been identified as the orchestrator behind a surge in smishing campaigns targeting consumers in the US and UK. These campaigns exploit toll payment services like FasTrak, E-ZPass, and…

Read more →

A newly identified Linux backdoor named “Auto-Color,” first observed between November and December 2024, has been targeting government organizations and universities across North America and Asia. This malware, initially disguised as a benign color-enhancement tool, employs sophisticated tactics, techniques, and…

Read more →

Cybercriminals are intensifying phishing campaigns to spread the Grandoreiro banking trojan, targeting users primarily in Mexico, Argentina, and Spain. A detailed analysis by Forcepoint X-Labs reveals the sophisticated techniques employed by these attackers to evade detection and deliver malware. Phishing…

Read more →

In a sophisticated cyberattack, the notorious ToddyCat APT group utilized a previously unknown vulnerability in ESET’s Command Line Scanner (ecls) to mask their malicious activities. The attack came to light when researchers detected a suspicious file named version.dll in the…

Read more →

In a sophisticated attack targeting individuals searching for PDF documents online, cybercriminals are using deceptive CAPTCHA mechanisms combined with Cloudflare’s Turnstile to distribute the LegionLoader malware. According to Netskope Threat Labs, this campaign, which started in February 2025, has affected…

Read more →

Cybersecurity experts at Symantec have uncovered a sophisticated phishing campaign targeting various sectors across multiple countries, leveraging the Windows screensaver file format (.scr) as a vector for malware distribution. This method, while seemingly innocuous, allows attackers to execute malicious code…

Read more →

In a groundbreaking development in the field of cybersecurity, AI has reached a pivotal moment, surpassing elite human red teams in the creation of effective spear phishing attacks. According to research conducted by Hoxhunt, AI agents have demonstrated a 24%…

Read more →

SuspectFile.com has uncovered a complex web of overlapping claims and accusations within the cybercrime underworld, highlighting a case involving the ransomware groups HellCat, Rey, and grep, along with the controversial group Babuk2. The investigation delves into two significant cyberattacks: one…

Read more →

Deep visibility into malware-siphoned data can help close gaps in traditional defenses before they evolve into major cyber threats like ransomware and account takeover SpyCloud, the leading identity threat protection company, today released new analysis of its recaptured darknet data…

Read more →

A 20-year-old Noah Urban, a resident of Palm Coast, Florida, pleaded guilty to a series of federal charges in a Jacksonville courtroom. Urban, linked to the infamous Scattered Spider hacking group, admitted to charges of conspiracy, wire fraud, and aggravated…

Read more →