GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A newly disclosed path traversal vulnerability (CVE-2024-4885) in Progress Software’s WhatsUp Gold network monitoring solution has raised alarms across the cybersecurity community. Rated as critical, this flaw enables unauthenticated attackers to execute arbitrary code on affected systems by exploiting improper input validation in file path handling mechanisms. The vulnerability, classified under CWE-22 (Improper Limitation of […]

The post Progress WhatsUp Gold Path Traversal Vulnerability Exposes Systems to Remote code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March 3, 2025, about actively exploiting a critical command injection vulnerability (CVE-2023-20118) affecting end-of-life Cisco Small Business RV Series Routers. The flaw, which carries a CVSSv3.1 score of 6.5, enables authenticated attackers to execute arbitrary commands with root privileges, potentially compromising entire […]

The post CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have uncovered a surge in the use of Advanced Encryption Standard (AES) encryption by threat actors to shield malicious payloads from detection. This technique, combined with code virtualization and staged payload delivery, is being employed by malware families such as Agent Tesla, XWorm, and FormBook/XLoader to evade static analysis tools and sandbox environments. […]

The post Threat Actors Exploiting AES Encryption for Stealthy Payload Protection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kaspersky’s latest report on mobile malware evolution in 2024 reveals a significant increase in cyber threats targeting mobile devices. The security firm’s products blocked a staggering 33.3 million attacks involving malware, adware, or unwanted mobile software throughout the year. Mobile Malware Landscape Evolves with New Distribution Schemes Adware continued to dominate the mobile threat landscape, […]

The post 33.3 Million Cyber Attacks Targeted Mobile Devices in 2024 as Threats Surge appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT) devices and network routers has surged dramatically, reaching unprecedented levels. According to recent data from F5 Labs, the total number of scanning events increased by 91% in 2024 compared to the previous year, with a staggering 8.7 million events recorded. This […]

The post Routers Under Attack as Scanning Attacks on IoT and Networks Surge to Record Highs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google is rolling out a new privacy-focused feature called Shielded Email, designed to prevent apps and services from accessing users’ primary email addresses during sign-ups. The feature, first discovered in a Google Play Services APK teardown by Android Authority months ago, will generate unique email aliases for each app or website, shielding users’ real addresses from potential data […]

The post Google Launches Shielded Email to Keep Your Address Hidden from Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity experts are warning of an increasing trend in fileless attacks, where hackers leverage PowerShell and legitimate Microsoft applications to deploy malware without leaving significant traces on compromised systems. These sophisticated attacks, which have been around for over two decades, are proving particularly effective in bypassing traditional antivirus solutions and complicating incident response efforts. PowerShell […]

The post Hackers Using PowerShell and Microsoft Legitimate Apps to Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Unit 42 researchers have observed a threat actor group known as JavaGhost exploiting misconfigurations in Amazon Web Services (AWS) environments to conduct sophisticated phishing campaigns. Active for over five years, JavaGhost has pivoted from website defacement to leveraging compromised cloud infrastructure for financial gain. The group’s attacks stem from exposed long-term AWS access keys, which […]

The post JavaGhost: Exploiting Amazon IAM Permissions for Phishing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new variant of malware, dubbed “Poco RAT,” has emerged as a potent espionage tool in a campaign targeting Spanish-speaking users in Latin America. Security researchers at Positive Technologies Expert Security Center (PT ESC) have linked this malware to the notorious Dark Caracal group, known for its cyber-mercenary operations. The campaign employs weaponized PDF files […]

The post New Poco RAT Via Weaponized PDF Attacking Users to Capture Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The United States has suspended offensive cyber operations against Russia under an order issued by Defense Secretary Pete Hegseth, according to multiple confirmed reports. The directive, first revealed by The Record and corroborated by The New York Times and The Washington Post, marks a notable shift in the Pentagon’s cyber strategy amid escalating global tensions. While U.S. Cyber Command—tasked with […]

The post U.S. Suspends Cyberattacks Against Russia appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have uncovered a sophisticated phishing campaign leveraging Google Ads and PayPal’s infrastructure to deceive users and steal sensitive personal data. The attackers exploited vulnerabilities in Google’s ad policies and PayPal’s “no-code checkout” feature to create fraudulent payment links that appeared legitimate, tricking victims into engaging with fake customer support agents. Exploitation of Google […]

The post Hackers Abused Google and PayPal’s Infrastructure to Steal Users Personal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new campaign involving the notorious remote access trojan (RAT) Njrat has been uncovered, leveraging Microsoft’s Dev Tunnels service for command-and-control (C2) communication. This service, intended to help developers securely expose local services to the internet for testing and debugging, is being exploited by attackers to establish covert connections with their C2 servers. The abuse […]

The post Njrat Exploits Microsoft Dev Tunnels for C2 Communication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered new evidence that North Korean threat actors, particularly the Lazarus Group, are actively using Astrill VPN to conceal their true IP addresses during cyberattacks and fraudulent IT worker schemes. Silent Push, a cybersecurity firm, recently acquired infrastructure and logs from the Lazarus subgroup known as “Contagious Interview” or “Famous Chollima,” confirming […]

The post North Korean IT Workers Hide Their IPs Using Astrill VPN appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered five significant vulnerabilities in Paragon Partition Manager’s BioNTdrv.sys driver, affecting versions prior to 2.0.0. These flaws, identified as CVE-2025-0285, CVE-2025-0286, CVE-2025-0287, CVE-2025-0288, and CVE-2025-0289, pose serious security risks, enabling attackers to escalate privileges to SYSTEM level and potentially cause denial-of-service (DoS) scenarios. Multiple Critical Flaws Discovered in BioNTdrv.sys Driver The vulnerabilities, […]

The post Paragon Partition Manager Vulnerabilities Allow Attackers to Escalate Privileges and Trigger DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent investigation by cybersecurity experts has unveiled a series of advanced cyberattacks orchestrated by the notorious Advanced Persistent Threat (APT) group known as “Space Pirates.” Leveraging their customized malware arsenal, including the LuckyStrike Agent backdoor, the group has been targeting IT organizations and government agencies across Russia and neighboring regions. The attacks have been […]

The post Space Pirates Hackers Attacking IT Organizations With LuckyStrike Using OneDrive appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Network penetration testing is a cybersecurity practice that simulates cyberattacks on an organization’s network to identify vulnerabilities and improve security defenses. Ethical hackers, or penetration testers, use tools and techniques to mimic real-world hacking attempts, targeting network components like routers, firewalls, servers, and endpoints. The goal is to uncover weaknesses before malicious actors exploit them, […]

The post Network Penetration Testing Checklist – 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

At the upcoming Black Hat Asia 2025 conference, cybersecurity experts will unveil a groundbreaking vulnerability in modern dashcam technology, exposing how hackers can exploit these devices to breach privacy and steal sensitive data. The session, titled DriveThru Car Hacking: Fast Food, Faster Data Breach, will be held on April 3, 2025, at Marina Bay Sands, […]

The post Hackers can Crack Into Car Cameras Within Minutes Exploiting Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Belgium’s State Security Service (VSSE) has suffered what is being described as its most severe security breach to date. For nearly two years, a group of Chinese hackers exploited a vulnerability in Barracuda’s Email Security Gateway Appliance, a cybersecurity tool used by the VSSE, to access approximately 10% of the agency’s email traffic. The breach, […]

The post Chinese Hackers Breach Belgium State Security Service as Investigation Continues appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hacktivism, once synonymous with symbolic website defacements and distributed denial-of-service (DDoS) attacks, has evolved into a sophisticated tool for cyber warfare and influence operations. Recent research highlights how state-sponsored actors are increasingly leveraging hacktivist tactics to conduct large-scale cyber campaigns, blurring the lines between grassroots activism and government-directed operations. These groups, often cloaked in anonymity […]

The post Hacktivist Groups Emerge With Powerful Tools for Large-Scale Cyber Operations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Multi-factor authentication (MFA), long considered a cornerstone of cybersecurity defense, is facing a formidable new threat: “Pass-the-Cookie” attacks. Recent findings reveal from Long Wall shows that threat actors exploit browser session cookies to bypass MFA entirely, granting full access to corporate accounts without requiring passwords or authentication tokens. This technique poses a significant risk to organizations […]

The post New Pass-the-Cookie Attacks Bypass MFA, Giving Hackers Full Account Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.