GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A significant vulnerability has been identified in large language models (LLMs) such as ChatGPT, raising concerns over their susceptibility to adversarial attacks. Researchers have highlighted how these models can be manipulated through techniques like prompt injection, which exploit their text-generation capabilities to produce harmful outputs or compromise sensitive information. Prompt Injection: A Growing Cybersecurity Challenge […]

The post New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated malware campaign leveraging the Lumma InfoStealer has been identified, targeting educational institutions to distribute malicious files disguised as PDF documents. This campaign employs compromised school infrastructure to deliver weaponized LNK (shortcut) files masquerading as legitimate PDFs, initiating a multi-stage infection process. The Lumma InfoStealer, a Malware-as-a-Service (MaaS) offering, is designed to exfiltrate sensitive […]

The post Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have uncovered a new MageCart malware campaign targeting e-commerce websites running on the Magento platform. This attack exploits <img> HTML tags to conceal malicious JavaScript skimmers, enabling cybercriminals to steal sensitive payment information while evading detection by security tools. MageCart, a term used to describe credit card skimming malware, has evolved with increasingly […]

The post Cybercriminals Embedded Credit Card Stealer Script Within <img> Tag appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The rise of customized large language models (LLMs) has revolutionized artificial intelligence applications, enabling businesses and individuals to leverage advanced reasoning capabilities for complex tasks. However, this rapid adoption has also exposed critical vulnerabilities. A groundbreaking study by Zhen Guo and Reza Tourani introduces DarkMind, a novel backdoor attack targeting the reasoning processes of customized […]

The post DarkMind: A Novel Backdoor Attack Exploiting Customized LLMs’ Reasoning Capabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated cyber espionage campaign leveraging the EagerBee malware has been targeting government agencies and Internet Service Providers (ISPs) across the Middle East. This advanced backdoor malware, attributed to the Chinese-linked threat group CoughingDown, demonstrates cutting-edge stealth capabilities and persistence mechanisms, posing a significant threat to critical infrastructure in the region. Advanced Capabilities of EagerBee […]

The post EagerBee Malware Targets Government Agencies & ISPs with Stealthy Backdoor Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster. Intruder, a leader in attack surface management, has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, Intel. This new feature enhances cybersecurity professionals’ ability to quickly understand and assess vulnerabilities, addressing a […]

The post Intruder Expands ‘Intel’ Vulnerability Intelligence Platform with AI-Generated CVE Descriptions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A cybersecurity incident at Zacks Investment Research has exposed sensitive data belonging to 12 million users, marking the second major breach for the financial services firm since 2022. The compromised information includes email addresses, phone numbers, names, IP addresses, physical addresses, and weakly protected password hashes, raising concerns about identity theft and credential-stuffing attacks. Breach […]

The post Zacks Investment Data Breach Exposes 12 Million Emails and Phone Numbers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Directorate of Enforcement (ED) in Ahmedabad has dealt a significant blow to one of history’s largest cryptocurrency frauds, recovering Rs. 1,646 crore (approx. $219 million) in illicit crypto assets linked to the BitConnect Ponzi scheme during coordinated raids on 11 and 15 February. The operation—part of a years-long probe into the multi-billion-rupee scam—also seized Rs. 13.5 […]

The post BitConnect Scam Exposed as Indian Authorities Seize Illicit Gains appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated black-hat SEO poisoning campaign has compromised over 150 Indian government websites and financial institutions, redirecting millions of users to fraudulent gambling platforms promoting rummy and high-risk “investment” games. The operation, exploits vulnerabilities in government portals (.gov.in) and educational domains (.ac.in), leveraging search engine manipulation to siphon users toward scam websites. Exploiting Trusted Domains […]

The post Black-Hat SEO Poisioning Attacks Exploit Indian Government and Financial Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The popular file compression and archiving tool, WinRAR 7.10, has released with new features, interface enhancements, and improved performance. WinRAR 7.10 represents a landmark update that modernizes core components while addressing evolving user needs in data management and system security. With over 500 million users worldwide, WinRAR is the leading compression tool for efficient and […]

The post WinRAR 7.10 Latest Version Released – What’s New! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Juniper Networks has issued an urgent security bulletin for its Session Smart Router, Session Smart Conductor, and WAN Assurance Router product lines, revealing a critical API authentication bypass vulnerability (CVE-2025-21589) that enables unauthenticated attackers to gain full administrative control over devices. The flaw carries maximum severity ratings of 9.8 under CVSS v3.1 and 9.3 under […]

The post Juniper Issues Warning About Critical Authentication Bypass Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have uncovered a novel phishing campaign distributing the notorious Tycoon 2FA phishing kit through fraudulent timesheet notification emails, marking a concerning evolution in multi-layered credential theft operations.  The operation utilizes Pinterest’s visual bookmarking service as an intermediary redirector, demonstrating attackers’ increasing sophistication in bypassing traditional email security filters. Campaign Mechanics and Delivery Vector […]

The post Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A novel persistence mechanism exploiting Microsoft’s Text Services Framework (TSF) has been uncovered by researchers at Praetorian Labs, revealing a sophisticated method for maintaining long-term access to compromised systems. While requiring administrative privileges for initial deployment, this technique enables stealthy code execution across dozens of critical Windows processes through aboriginal system components designed for text […]

The post Microsoft Text Services Framework Exploited for Stealthy Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Two critical vulnerabilities in LibreOffice (CVE-2024-12425 and CVE-2024-12426) expose millions of users to file system manipulation and sensitive data extraction attacks. These flaws affect both desktop users opening malicious documents and server-side systems using LibreOffice for headless document processing. CVE-2024-12425: Path Traversal Enables Arbitrary File Writes The first vulnerability stems from improper path sanitization when […]

The post LibreOffice Vulnerabilities Allow Attackers to Write to Files and Extract Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers from Trend Micro’s Threat Hunting team have uncovered a sophisticated cyberattack campaign by the advanced persistent threat (APT) group Earth Preta, also known as Mustang Panda. The group has been leveraging new techniques to infiltrate systems and evade detection, primarily targeting government entities in the Asia-Pacific region, including Taiwan, Vietnam, Malaysia, and Thailand. Earth […]

The post Earth Preta APT Exploit Microsoft Utility Tool & Bypass AV Detection to Control Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

According to recent findings by cybersecurity researcher Johann Rehberger, OpenAI’s ChatGPT Operator, an experimental agent designed to automate web-based tasks, faces critical security risks from prompt injection attacks that could expose users’ private data. In a demonstration shared exclusively with OpenAI last month, Rehberger showcased how malicious actors could hijack the AI agent to extract […]

The post ChatGPT Operator Prompt Injection Exploit Leaks Private Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ransomware gangs are accelerating their operations, with the average time-to-ransom (TTR), the period between initial system compromise and the deployment of encryption, now standing at just 17 hours, according to recent cybersecurity analyses. This marks a significant shift from earlier tactics, where attackers often lurked in networks for days or weeks to maximize reconnaissance and […]

The post Ransomware Gangs Encrypt Systems 17 Hours After Initial Infection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable remote code execution (RCE). These attacks exploit vulnerabilities in WordPress core features and plugins, allowing hackers to gain unauthorized access, execute arbitrary code, and maintain control over compromised sites. The findings highlight the critical need for robust security measures in WordPress […]

The post Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered, exposing enterprise networks to credential theft and lateral attacks. The flaw, discovered by Rapid7 Principal IoT Researcher Deral Heiland, enables malicious actors to intercept Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) authentication data through pass-back attacks. The vulnerabilities, […]

The post Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking its first update since 2022. This sophisticated malware continues to target macOS users by infecting Xcode projects, a critical tool for Apple developers. The latest variant introduces advanced obfuscation techniques, updated persistence mechanisms, and novel infection strategies, making it more challenging […]

The post New XCSSET Malware Targets macOS Users Through Infected Xcode Projects appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.