Aggregator
«И это совсем не больно»: 40% тихоходок остались довольны первыми в мире нано-тату
Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities
A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group, tracked as “Operation SyncHole,” has compromised at least six South Korean organizations across software, IT, financial, semiconductor, and telecommunications sectors since November 2024. According to detailed research, the attackers employed a combination of watering hole attacks and exploited vulnerabilities in widely […]
The post Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Alleged Sale of Unauthorized Admin Access to Unidentified Online Course Platform in Madagascar
Randall Munroe’s XKCD ‘Tennis Balls’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Tennis Balls’ appeared first on Security Boulevard.
ELENOR-corp Ransomware Targets Healthcare Sector
ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools
In a alarming cybersecurity breach uncovered by Cisco Talos in 2023, a critical infrastructure enterprise fell victim to a meticulously orchestrated attack involving multiple threat actors. The initial access broker, identified as “ToyMaker” with medium confidence as a financially motivated entity, exploited vulnerabilities in internet-facing servers to infiltrate the network. A Sophisticated Multi-Actor Attack on […]
The post ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Threat Actors Exploiting Unsecured Kubernetes Clusters for Crypto Mining
In a startling revelation from Microsoft Threat Intelligence, threat actors are increasingly targeting unsecured Kubernetes clusters to conduct illicit activities such as cryptomining. The dynamic and complex nature of containerized environments poses significant challenges for security teams in detecting runtime anomalies or identifying the source of breaches. Rising Threats in Containerized Environments According to Microsoft’s […]
The post Threat Actors Exploiting Unsecured Kubernetes Clusters for Crypto Mining appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Знаете, что происходит с материей при абсолютном нуле? Спойлер: она отказывается играть по правилам
New Steganography Campaign Exploits MS Office Vulnerability to Distribute AsyncRAT
A recently uncovered cyberattack campaign has brought steganography back into the spotlight, showcasing the creative and insidious methods attackers employ to deliver malware. This operation, dubbed the “Stego-Campaign,” exploits a known Microsoft Office vulnerability, CVE-2017-0199, to initiate infections and ultimately deploy the notorious AsyncRAT malware. Innovative Attack Leverages Hidden Payloads in Images The vulnerability, first […]
The post New Steganography Campaign Exploits MS Office Vulnerability to Distribute AsyncRAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
FBI: Cybercrime Losses Rocket to $16.6B in 2024
ARMO: io_uring Interface Creates Security ‘Blind Spot’ in Linux
Researchers from security firm ARMO developed a POC rootkit called Curing that showed how the io_uring interface in Linux could be exploited by bad actors to bypass system calls, creating what they calle a "massive security loophole" in the operating system's runtime security.
The post ARMO: io_uring Interface Creates Security ‘Blind Spot’ in Linux appeared first on Security Boulevard.
Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell
Threat actors exploited a zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282, to deploy malicious tools including a web shell and a sophisticated remote access trojan (RAT) named DslogdRAT. According to a detailed analysis by JPCERT/CC, these attacks underscore the persistent and evolving risks surrounding Ivanti products, which have become a frequent target for […]
The post Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Weaponized SVG Files Used by Threat Actors to Redirect Users to Malicious Sites
Cybercriminals are increasingly weaponizing Scalable Vector Graphics (SVG) files to orchestrate sophisticated phishing campaigns. According to research from Intezer, a cybersecurity firm that triages millions of alerts for enterprises globally, attackers are embedding malicious JavaScript within SVG files to redirect unsuspecting users to credential-harvesting phishing sites. This technique, dubbed “Script in the Shadows,” has proven […]
The post Weaponized SVG Files Used by Threat Actors to Redirect Users to Malicious Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Ransomware attacks are rising — but quiet payouts could mean there’s more than actually reported
Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away. According to the annual report from the FBI’s Internet Crime Complaint Center (IC3), ransomware was the biggest threat to critical infrastructure last year, with complaints up 9%. More […]
The post Ransomware attacks are rising — but quiet payouts could mean there’s more than actually reported appeared first on Ransomware.org.
Frederick Health data breach impacts nearly 1 million patients
Новая атака на Linux: io_uring позволяет выполнять команды без системных вызовов
Alleged Leak of Data of Evilzone[.]st
Verizon 2025 DBIR: Third-party software risk takes the spotlight
It’s that time of year again: Verizon Business has released the 2025 edition of the Data Breach Investigations Report (DBIR), its 18th-annual report on cybercrime. The DBIR is famous for how well it captures the current state of things, analyzing tens of thousands of security incidents to understand the current threat landscape.
The post Verizon 2025 DBIR: Third-party software risk takes the spotlight appeared first on Security Boulevard.