GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in the Microsoft Windows Fast FAT File System Driver. This vulnerability, identified as CVE-2025-24985, poses a significant threat as it involves an integer overflow or wraparound issue, which could allow unauthorized attackers to execute harmful code on affected systems. The […]

The post CISA Warns of Exploitable Fast FAT Vulnerability in Microsoft Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) highlighted a critical vulnerability affecting the Microsoft Windows Win32 kernel subsystem. Identified as CVE-2025-24983, this use-after-free vulnerability in the Win32k component could potentially allow an authorized attacker to locally elevate privileges. The vulnerability is classified under CWE-416, which addresses issues related to use-after-free conditions that can lead to […]

The post CISA Warns of Microsoft Windows Win32 Kernel Subsystem Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent alert has highlighted the emergence of the AnubisBackdoor, a Python-based backdoor attributed to the Savage Ladybug group, which is reportedly linked to the notorious FIN7 cybercrime gang. This malware is designed to provide remote access, execute commands, and facilitate data exfiltration, all while evading detection by most antivirus solutions. Technical Analysis The AnubisBackdoor […]

The post Fully Undetected Anubis Malware Enables Hackers to Execute Remote Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have identified a renewed wave of attacks involving the Dark Crystal RAT (DCRat), a dangerous remote access Trojan that has resurfaced through a Malware-as-a-Service (MaaS) model. Attackers are actively targeting gamers by distributing malicious software disguised as gaming cheats and cracks, primarily through YouTube. Malware Distribution Exploits YouTube Platform The attackers behind DCRat […]

The post DCRat Malware Spreading via YouTube to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security issue has been identified in the Axios package for JavaScript, which poses significant risks to millions of servers due to server-side request forgery (SSRF) and credential leakage. This vulnerability occurs when absolute URLs are used in Axios requests, even when a base URL is specified. CVE-2025-27152 Overview The vulnerability associated with Axios is identified […]

The post Java Axios Package Vulnerability Threatens Millions of Servers with SSRF Exploit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has rolled out its March 2025 Patch Tuesday update, addressing a total of 57 vulnerabilities across its software ecosystem, including 6 actively exploited Zero-day vulnerabilities. This release includes fixes for: Issued on the second Tuesday of each month, this update is vital for users and administrators, as attackers are already exploiting several of these […]

The post Microsoft Patch Tuesday March 2025 – 6 Actively Exploited Zero-Days & 57 Vulnerabilities Are Fixed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly uncovered XML External Entity (XXE) injection vulnerability in PHP has demonstrated how attackers can bypass multiple security mechanisms to access sensitive configuration files and private keys. The vulnerability, detailed by web application security researcher Aleksandr Zhurnakov, highlights the risks posed by improper XML parsing configurations, even in seemingly secure implementations. The exploit leverages […]

The post PHP XXE Injection Vulnerability Allows Attackers to Access Config Files & Private Keys appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A threat actor known as “Rey” has come forward on a prominent dark web forum, claiming responsibility for a significant cyberattack on Jaguar Land Rover. The British multinational automotive company, renowned for its luxury and off-road vehicles, is said to have suffered a data breach that has exposed a substantial amount of internal data. Details […]

The post Jaguar Land Rover Allegedly Hacked – 700 Internal Documents Including Source Code Leaked appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) highlighted a critical vulnerability in Microsoft Windows’ New Technology File System (NTFS). The vulnerability, designated as CVE-2025-24984, pertains to an information disclosure issue that could potentially allow attackers to access sensitive data stored in NTFS. This type of vulnerability enables authorized attackers to read portions of heap memory […]

The post CISA Warns of Windows NTFS Vulnerability Exploited for Data Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Recent security bulletins from Zoom have highlighted several high-severity vulnerabilities in their client software, raising concerns about potential data breaches for users. The latest security updates, issued on March 11, 2025, address multiple critical issues that could impact the privacy and security of Zoom users. These vulnerabilities emphasize the importance of keeping software updated to […]

The post Zoom Client Security Flaws Could Lead to Data Breaches appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the active exploitation of a significant vulnerability in Microsoft Windows affecting the Microsoft Management Console (MMC). This security threat underscores the ongoing challenges faced by organizations in managing vulnerabilities and protecting against sophisticated cyber attacks. Details of the Vulnerability The vulnerability, CVE-2025-26633 that affects Microsoft […]

The post CISA Alerts on Active Exploitation of Microsoft Windows MMC Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SIM swapping fraud continues to pose a significant threat to individuals and financial institutions, despite ongoing efforts by telecom providers and regulatory bodies to enhance security measures. This type of fraud involves fraudsters gaining control of a victim’s phone number by swapping or porting their SIM card, often using stolen personal and financial information obtained […]

The post Threat Actors Evade Security Measures to Launch SIM Swap Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new ransomware variant, known as Ebyte Ransomware, has emerged as a significant threat to Windows users. Developed in the Go programming language, this ransomware employs sophisticated encryption techniques, including ChaCha20 and Elliptic Curve Integrated Encryption Scheme (ECIES), to lock user files and demand ransom payments. The ransomware, inspired by Prince Ransomware, adds a unique […]

The post Ebyte Ransomware Targets Windows Users with Advanced Encryption Techniques appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Historically, NULL pointer dereferences have been a significant vulnerability in operating systems, including macOS. These occur when software attempts to access memory at address 0 via a NULL pointer, leading to potential crashes or, under certain conditions, exploitation by attackers. In the past, attackers could exploit such vulnerabilities by mapping controlled memory at address 0, […]

The post macOS NULL Pointer Dereference Vulnerability Allow Attackers Exploits Kernel appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed security vulnerability in Apache Camel, tracked as CVE-2025-27636, has raised alarms across the cybersecurity community. The flaw allows attackers to inject arbitrary headers into Camel Exec component configurations, potentially enabling remote code execution (RCE). The vulnerability impacts several versions, including 3.10.0 through 3.22.3, 4.8.0 through 4.8.4, and 4.10.0 through 4.10.1. This exploit highlights the dangers of […]

The post Apache Camel Vulnerability Allows Attackers to Inject Arbitrary Headers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has issued a warning to Chromecast owners regarding the potential risks of performing a factory reset on their devices. This advisory comes as users have reported complications with device authentication after restoring their Chromecasts to factory settings. The warning highlights the importance of understanding the implications of a factory reset before proceeding. Background on […]

The post Google Warns Chromecast Owners Against Factory Reset appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A concerning cybersecurity threat has emerged with the discovery of AI-generated fake GitHub repositories designed to distribute malware, including the notorious SmartLoader and Lumma Stealer. These malicious repositories, crafted to appear legitimate, exploit GitHub’s trusted reputation to deceive users into downloading ZIP files containing malicious code. The campaign highlights the evolving tactics cybercriminals employ to […]

The post AI-Generated Fake GitHub Repositories Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly targeting military and government entities across various regions. This group, known for its aggressive expansion beyond traditional targets, has recently updated its toolset to include sophisticated malware designed for espionage. SideWinder’s primary targets have historically included entities in Pakistan, Sri Lanka, […]

The post SideWinder APT Deploys New Tools in Attacks on Military & Government Entities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for real-time analytics, has been publicly disclosed. The flaw, identified as CVE-2024-56325, allows remote attackers to bypass authentication on vulnerable installations, posing a critical threat to affected systems. Vulnerability Details The vulnerability stems from improper neutralization of special elements in URIs handled by […]

The post Apache Pinot Vulnerability Allows Attackers to Bypass Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded over 330 times. These packages mimic the names of widely trusted libraries, employing a typosquatting […]

The post Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.