A new report from Entro Labs reveals that one in five exposed secrets in large organizations can be traced back to SharePoint. Rather than a flaw in SharePoint itself, the real culprit is a simple convenience feature: OneDrive’s default auto-sync.…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
MuddyWater Deploys Custom Multi-Stage Malware Hidden Behind Cloudflare
Since early 2025, cybersecurity analysts have witnessed a marked evolution in the tactics and tooling of MuddyWater, the Iranian state-sponsored Advanced Persistent Threat (APT) group. Historically known for broad Remote Monitoring and Management (RMM) campaigns, MuddyWater has pivoted to highly…
New Magecart Attack Injects Malicious JavaScript to Steal Payment Data
A new Magecart-style campaign has emerged that leverages malicious JavaScript injections to skim payment data from online checkout forms. The threat surfaced after security researcher sdcyberresearch posted a cryptic tweet hinting at an active campaign hosted on cc-analytics[.]com. Subsequent analysis…
China-Aligned TA415 Exploits Google Sheets & Calendar for C2
China-aligned TA415 hackers have adopted Google Sheets and Google Calendar as covert command-and-control (C2) channels in a sustained espionage campaign targeting U.S. government, academic, and think tank entities. By blending malicious operations into trusted cloud services, TA415 aims to evade…
Hackers Exploit AdaptixC2, an Emerging Open-Source C2 Tool
In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. While many C2 frameworks garner public attention, AdaptixC2 has remained largely under the radar—until Unit 42 documented its deployment by real-world threat actors. This…
Chaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to Takeover
Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for Kubernetes. Three of these flaws carry a maximum CVSS 3.1…
Apple Patches 0-Day Vulnerabilities in Older iPhones and iPads
Apple has released critical security updates for older iPhone and iPad models, addressing a zero-day vulnerability that has reportedly been exploited in sophisticated targeted attacks. The iOS 16.7.12 and iPadOS 16.7.12 updates, released on September 15, 2025, patch a serious…
Google Play Flooded With 224 Malicious Apps, 38 Million Downloads Deliver Malware
A global ad fraud and click fraud operation, dubbed SlopAds, comprising 224 Android apps that collectively amassed more than 38 million downloads across 228 countries and territories. Under the guise of AI-themed utilities, these apps employ advanced obfuscation techniques—such as…
Microsoft Takes Down 300+ Websites Behind RaccoonO365 Phishing Scheme
Microsoft’s Digital Crimes Unit (DCU) has seized control of 338 websites facilitating RaccoonO365, the rapidly expanding phishing-as-a-service platform that enables anyone to harvest Microsoft 365 credentials. Acting under a court order from the Southern District of New York, the DCU…
Palo Alto Networks and Microsoft Featured in MITRE ATT&CK Evaluations 2026
Two cybersecurity industry leaders have made significant announcements regarding their participation in the upcoming MITRE ATT&CK Evaluations, marking a notable shift in how major security vendors approach independent testing validation. Diagram illustrating core features of Palo Alto Networks’ Cortex XDR…
Adtech Abused by Threat Actors to Spread Malicious Advertisements
Malicious advertising campaigns have surged in sophistication, with cybercriminals exploiting and even operating adtech firms to deliver malware, credential stealers and phishing schemes directly through mainstream ad networks. A cluster of interconnected companies—run through shell corporations, hosted on compromised infrastructure,…
World’s Biggest Hacker Forum Admin Gets Resentenced to Serve Three More Years
Conor Brian Fitzpatrick, the founder and operator of BreachForums, has been resentenced to three more years in prison after a federal appeals court vacated his earlier light sentence. Authorities say Fitzpatrick created and ran one of the world’s largest English-language…
Kubernetes C# Client Flaw Exposes API Server to MiTM Attacks
A recently disclosed vulnerability in the Kubernetes C# client library allows attackers to carry out man-in-the-middle (MiTM) attacks against the API server. The flaw stems from improper certificate validation when using custom certificate authorities (CAs). As organizations increasingly rely on…
PureHVNC RAT Developers Exploit GitHub to Spread Pure Malware Source Code
The developers behind the PureHVNC remote access trojan (RAT) have been uncovered using GitHub repositories to host critical components and plugin source code for their Pure malware family. Check Point Research’s recent forensic analysis of an eight-day ClickFix intrusion campaign…
Python-Based “XillenStealer” Campaign Targets Windows Users’ Sensitive Data
A sophisticated Python-based information stealer named XillenStealer has emerged as a significant threat to Windows users, designed to harvest sensitive system data, browser credentials, and cryptocurrency wallet information. XillenStealer operates through a comprehensive builder framework called “XillenStealer Builder V3.0,” featuring…
New FileFix Steganography Campaign Spreads StealC Malware
A sophisticated new campaign that represents the first documented real-world deployment of FileFix attacks beyond proof-of-concept demonstrations. This campaign marks a significant evolution in social engineering tactics, combining advanced steganographic techniques with multilayered obfuscation to deliver the StealC information stealer…
Supply Chain Attack “Shai-Halud” Targets 477 NPM Packages
A major supply chain attack dubbed “Shai-Halud” has impacted the JavaScript ecosystem by targeting over 477 NPM packages, raising serious concerns among developers and organizations relying on software from the Node Package Manager (NPM) registry. This incident reveals both the…
BitPixie Windows Boot Manager Flaw Lets Hackers Escalate Privileges
A critical vulnerability nicknamed “BitPixie” in Windows Boot Manager allows attackers to bypass BitLocker drive encryption and escalate privileges, security researchers have revealed. The flaw exploits a weakness in the PXE soft reboot feature that fails to properly clear encryption…
Wave of 40,000+ Cyberattacks Target API Environments
The cybersecurity landscape has witnessed a dramatic escalation in API-targeted attacks during the first half of 2025, with security researchers documenting over 40,000 API incidents across more than 4,000 monitored environments. This surge represents a fundamental shift in how cybercriminals approach digital…
Linux Kernel KSMBD Flaw Lets Remote Attackers Drain Server Resources
A critical vulnerability in the Linux kernel’s KSMBD implementation has been discovered that allows remote attackers to completely exhaust server connection resources through a simple denial-of-service attack. The flaw, tracked as CVE-2025-38501 and dubbed “KSMBDrain,” enables malicious actors to render…