A troubling new cyber threat has emerged targeting WordPress websites, where a malicious plugin masquerading as a legitimate tool tricks visitors into downloading harmful software. Disguised as “Yoast SEO” with convincing metadata, this plugin was recently uncovered in the /wp-content/plugins/contact-form/…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Massive Botnet Targets ASUS Routers by Injecting Malicious SSH Keys
GreyNoise Research has publicly disclosed a sophisticated cyberattack campaign that has compromised over 9,000 ASUS routers worldwide. First detected by GreyNoise’s proprietary AI-powered analysis tool, Sift, on March 18, 2025, the campaign leverages a combination of brute-force attacks, authentication bypasses,…
Critical OneDrive Flaw Lets Malicious Websites Access All Your Files
A newly revealed vulnerability in Microsoft’s OneDrive File Picker has placed millions of users at risk, enabling popular web applications, including ChatGPT, Slack, Trello, and ClickUp, to gain full read access to users’ entire OneDrive accounts. The flaw, uncovered by…
APT Hackers Turn Google Calendar Into Command Hub Using TOUGHPROGRESS Malware, Google Alerts
Google Threat Intelligence Group (GTIG), a sophisticated malware campaign dubbed “TOUGHPROGRESS” has been uncovered, orchestrated by the notorious PRC-based threat actor APT41, also known as HOODOO. Identified in late October 2024, this campaign exploits a compromised government website to distribute…
Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands
The Zanubis Android banking Trojan has evolved into a highly sophisticated threat, initially targeting financial institutions in Peru before expanding its scope to virtual cards and cryptocurrency wallets. This malware, known for impersonating legitimate Peruvian Android apps, tricks users into…
Worldwide Operation Shuts Down Hundreds of Ransomware Servers and Domains, Ending Key Attack Infrastructure
Law enforcement and judicial officials, working together with Europol and Eurojust, have dealt a devastating blow to the worldwide ransomware ecosystem in a historic international operation. From May 19 to 22, 2025, Operation Endgame targeted the critical infrastructure behind ransomware…
Cybercriminals Are Turning Ordinary Citizens Into Money Mules in a New ‘Rent-a-Bank-Account’ Scam
Cybercriminals are exploiting vulnerable individuals by transforming them into unwitting money mules through a sophisticated fraud known as the ‘rent-a-bank-account’ scam. This scam involves fraudsters enticing people, often those in financial distress, with promises of quick cash in exchange for…
Apple Blocked 2 million Malicious App & $9 Billion in Fraudulent Transactions
Apple has strengthened the App Store as a bulwark of confidence, a remarkable testament to its commitment to customer safety. According to the company’s annual fraud analysis, over the past five years, Apple has thwarted more than $9 billion in…
DragonForce Ransomware Actors Exploits RMM Tools to Gain Access to Organizations
Sophos Managed Detection and Response (MDR) successfully responded to a sophisticated targeted attack orchestrated by threat actors leveraging DragonForce ransomware. The attackers gained unauthorized access to a Managed Service Provider’s (MSP) remote monitoring and management (RMM) tool, SimpleHelp, using it…
Earth Lamia Hackers Exploits Vulnerabilities in Web Applications to Attack Multiple Industries
Cybersecurity researchers at Trend Research have uncovered the aggressive operations of Earth Lamia, an Advanced Persistent Threat (APT) group with a China-nexus, targeting organizations across Brazil, India, and Southeast Asia since 2023. This threat actor has demonstrated a sophisticated approach…
XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code
Citrix has issued a high-severity security bulletin addressing multiple vulnerabilities—CVE-2025-27462, CVE-2025-27463, and CVE-2025-27464—affecting XenServer VM Tools for Windows. These vulnerabilities allow attackers with the ability to execute arbitrary unprivileged code within a guest Windows VM to escalate privileges and compromise…
Russian APT28 Hackers Attacking NATO-aligned Organizations to Steal Sensitive Data
Russia’s GRU-backed APT28, widely known as Fancy Bear, has intensified its cyber espionage campaign against NATO-aligned organizations. Active since at least 2007, this notorious threat actor has been attributed to a series of sophisticated attacks targeting critical infrastructure, government entities,…
Evertz SDN Vulnerabilities Enable Unauthenticated Arbitrary Command Execution
A newly disclosed critical vulnerability (CVE-2025-4009) in Evertz’s Software Defined Video Network (SDVN) product line exposes a wide range of broadcasting infrastructure to unauthenticated remote code execution. The flaw, uncovered by ONEKEY Research Labs, affects the core web administration interface…
Zscaler to Acquire Red Canary, Enhancing AI-Powered Security Operations
Zscaler, Inc. (NASDAQ: ZS), the global leader in cloud security, has announced a definitive agreement to acquire Red Canary, a top Managed Detection and Response (MDR) provider. This strategic move is set to transform security operations by integrating Zscaler’s AI-driven…
Threat Actors Weaponize Fake AI-Themed Websites to Deliver Python-based infostealers
Mandiant Threat Defense has uncovered a malicious campaign orchestrated by the threat group UNC6032, which capitalizes on the global fascination with artificial intelligence (AI). Since at least mid-2024, UNC6032 has been deploying fake AI video generator websites to distribute malware,…
251 Malicious IPs Target Cloud-Based Device Exploiting 75 Exposure Points
On May 8, 2025, cybersecurity researchers at GreyNoise detected a highly orchestrated scanning operation targeting 75 known exposure points across the internet in just 24 hours. The campaign, executed by 251 malicious IP addresses—all geolocated to Japan and hosted on…
SilentWerewolf Attack Combines Legitimate Tools with Code Obfuscation for Stealthy Infiltration
The threat actor dubbed SilentWerewolf has employed advanced phishing techniques to infiltrate organizations in Russia and Moldova, focusing on critical sectors such as nuclear energy, aircraft, and mechanical engineering. Starting on March 11, the first campaign used spearphishing emails with…
VenomRAT Malware Introduces New Tools for Password Theft and Stealthy Access
A malicious cyber campaign leveraging VenomRAT, a potent Remote Access Trojan (RAT), has been uncovered, posing a significant threat to unsuspecting users through a deceptive website mimicking Bitdefender’s Antivirus for Windows download page. The fraudulent domain, “bitdefender-download[.]com,” lures victims with…
Threat Actors Weaponizing DCOM to Harvest Credentials on Windows Systems
Threat actors are now leveraging the often-overlooked Component Object Model (COM) and its distributed counterpart, Distributed Component Object Model (DCOM), to harvest credentials on Windows systems. As traditional red team methods like direct access to the Local Security Authority Subsystem…
Emerging FormBook Malware Threatens Windows Users with Complete System Takeover
A critical cybersecurity threat has surfaced targeting Microsoft Windows users, as detailed in the latest analysis of the FormBook malware. Documented in Part II of a comprehensive FormBook analysis blog, this malware variant poses a severe risk by enabling attackers…