Aggregator

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. [...]

FireScam is multi-stage malware disguised as a fake “Telegram Premium” app that steals data and maintains persistence on compromised devices and leverages phishing websites to distribute its payload and infiltrate Android devices.   It is Android malware disguised as a fake Telegram Premium app distributed via a phishing website mimicking RuStore, which steals user data like […]

The post New FireScam Android Malware Abusing Firebase Services To Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Какие технологии помогут человечеству достичь ближайшей звезды?

Over the past year, malicious actors have been abusing OAST services for data exfiltration, C2 channel establishment, and multi-stage attacks by leveraging compromised JavaScript, Python, and Ruby packages. OAST tools, initially designed for ethical researchers to perform network interactions, can also be exploited by threat actors for malicious purposes such as data exfiltration and pivot […]

The post Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit. [...]

We can't put defense on hold until Inauguration Day.

A phishing campaign spoofing the United States Social Security Administration emerged in September 2024, delivering emails with embedded links to a ConnectWise Remote Access Trojan (RAT) installer.  These emails, disguised as updated benefits statements, employed various techniques, including mismatched links and “View Statement” buttons, to deceive recipients.  It initially leveraged ConnectWise infrastructure for its command […]

The post Hackers Mimic Social Security Administration To Deliver ConnectWise RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

1 月 7 日 9 时 05 分发生于西藏日喀则市定日县的 6.8 级地震至今已造成 126 人死亡，188 人受伤。地震震源深度约为 10 千米，周边地区甚至邻国尼泊尔、不丹、印度都有明显震感。地震震中位于青藏高原的拉萨地块内部，距离地震最近的断层为登么错断裂，距离约 11 千米，震源机制为拉张型破裂。印度板块与欧亚板块碰撞造成的青藏高原隆升、地壳缩短增厚和广泛的高原变形。

1993 年发布的 FPS 游戏《Doom》衍生出了名为 Doom running on everything（DROE）的文化现象，尝试在任何有屏幕的东西上运行这款游戏。现在开发者兼 CEO Guillermo Rauch 将 Doom 变成了可玩的 CAPTCHA 以区分机器人和人类。基于 Doom 的 CAPTCHA 是至今最难的 CAPTCHA 测试之一，因为它使用的是游戏的噩梦难度。它是一个 WebAssembly 应用，利用 Web 开发工具 v0 使用人类语言和提示开发的。v0 来自 Vercel，而 Rauch 正是该公司的 CEO。它可能不太合法，Doom 的引擎开源了，但游戏素材没有开源。

The United Nation’s International Civil Aviation Organization (ICAO) confirmed on Monday that it’s “actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organizations.” The statement came a few days after 42,000 documents allegedly stolen from the organizations have been offered for sale on a underground forum. The forum user, who goes by Natohub, claims that the stolen documents contain user data: first and last name, … More →

The post UN aviation agency investigating possible data breach appeared first on Help Net Security.

As banks increasingly face competition for market share from digitally native neobanks and fintechs, many have embraced digital transformation and new technologies to level the playing field. Innovation has been key to ensuring the best customer experience, which is essential for customer retention and attracting new...

Локальная разработка моделей теперь доступна каждому.

The Kaspersky researchers investigation into the EAGERBEE backdoor revealed its deployment within Middle Eastern ISPs and government entities of novel components, including a service injector that injects the backdoor into running services.  Post-installation, EAGERBEE deploys plugins with diverse functionalities as follows: How Does Attack Work?  The attackers initially compromised the system through an unknown vector. […]

The post EAGERBEE Malware Updated It’s Arsenal With Payloads & Command Shells appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Ruby. It has been declared as problematic. This vulnerability affects unknown code of the component OpenSSL Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2025-0306. The attack can be initiated remotely. There is no exploit available.