GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and a Mexican research institute in July 2024. The first variant closely resembles the CrowDoor malware […]

The post New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ESET researchers have connections between the newly emerged ransomware-as-a-service (RaaS) group RansomHub and established ransomware gangs, including Play, Medusa, and BianLian. Emerging Threat Actor Connects Multiple Ransomware Operations The investigation centered on RansomHub’s custom EDR killer tool, EDRKillShifter, which has gained popularity among ransomware affiliates since its introduction in May 2024. The research team identified […]

The post New Research Links RansomHub’s EDRKillShifter to Established Ransomware Gangs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated phishing campaign targeting the hospitality industry has been uncovered, with threat actors impersonating Booking.com to gain access to hotel systems and customer data. Microsoft Threat Intelligence has attributed the ongoing attacks, which began in December 2024 and continued through February 2025, to a group known as Storm-1865. The campaign primarily targets North America, […]

The post Threat Actors Use Fake Booking.com Emails to Deceive Hotel Staff and Gain System Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent investigation by DomainTools Investigations (DTI) has uncovered a massive phishing infrastructure targeting defense and aerospace entities, particularly those linked to the conflict in Ukraine. This sophisticated campaign involves a network of mail servers supporting domains that mimic legitimate organizations, designed to steal critical credentials from employees in these sectors. The infrastructure relies on […]

The post Large-Scale Phishing Campaign Targets Defense and Aerospace Companies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new ransomware strain, PlayBoy LOCKER, has been identified targeting Windows, NAS, and ESXi systems. First discovered in September 2024 as a Ransomware-as-a-Service (RaaS) offering, the malware later had its full source code put up for sale in November, potentially enabling wider distribution by other threat actors. New Ransomware Strain Emerges with Multi-OS Capabilities The […]

The post PlayBoy Locker Ransomware Targets Windows, NAS, and ESXi Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Synology announced the discovery and resolution of a moderate-severity vulnerability in their Mail Server, which could allow remote authenticated attackers to tamper with non-sensitive system configurations. This issue, documented under CVE-2025-2848, highlights the importance of maintaining updated software to prevent unauthorized access to system settings. Details of the Vulnerability The vulnerability in Synology Mail Server, […]

The post Synology Mail Server Vulnerability Enables Remote System Configuration Tampering appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A major cybersecurity incident has struck the New South Wales court system, as cybercrime detectives investigate a significant data breach affecting the Department of Communities and Justice (DCJ). The breach targeted the NSW Online Registry Website (ORW), a critical platform that houses sensitive information related to both civil and criminal cases across the state. The […]

The post Massive Data Breach Hits NSW Online Registry: 9,000+ Files Stolen appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity threats continue to evolve, with malicious actors exploiting popular platforms like Google Ads to spread malware. Recently, a sophisticated campaign targeting DeepSeek users has been uncovered, highlighting the ongoing risks associated with sponsored search results. The Threat Landscape DeepSeek, a rising platform, has become a lure for cybercriminals who are using fake sponsored Google […]

The post Malicious Google Ads Target DeepSeek Users to Spread Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity landscape has been disrupted by the emergence of Lucid, a sophisticated Phishing-as-a-Service (PhAAS) platform developed by Chinese-speaking threat actors. This advanced toolkit enables cybercriminals to conduct large-scale phishing campaigns, targeting 169 entities across 88 countries globally. Lucid’s innovation lies in its exploitation of Rich Communication Services (RCS) and Apple’s iMessage protocol to circumvent […]

The post Lucid PhAAS Platform Uses RCS and iMessage to Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers at Bitdefender have uncovered a significant evolution in the tactics of the RedCurl threat group, marking their first foray into ransomware deployment. This new strain, dubbed QWCrypt, specifically targets Hyper-V servers, showcasing a sophisticated and highly targeted approach to cyberattacks. Novel Ransomware Strain Emerges The QWCrypt ransomware, previously undocumented, represents a departure from […]

The post RedCurl Unleashes New Ransomware Targeting Hyper-V Servers Exclusively appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

 The Cybersecurity and Infrastructure Security Agency (CISA) has included a critical deserialization vulnerability affecting Sitecore CMS and Experience Platform (XP). This vulnerability, tracked as CVE-2019-9874, allows unauthenticated attackers to execute arbitrary code by manipulating HTTP POST parameters, specifically the __CSRFTOKEN field. The vulnerability exploits a weakness in the Sitecore.Security.AntiCSRF module, enabling malicious actors to send […]

The post CISA Adds Sitecore CMS Code Execution Vulnerability to Exploited List appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers at Zscaler ThreatLabz have identified a new sophisticated malware family called CoffeeLoader, which emerged around September 2024. This advanced loader employs numerous techniques to bypass security solutions and evade detection while delivering second-stage payloads, particularly the Rhadamanthys stealer. CoffeeLoader utilizes a specialized packer named Armoury that leverages the GPU to execute code, hindering […]

The post Advanced CoffeeLoader Malware Evades Security to Deliver Rhadamanthys Shellcode appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers at SentinelOne have discovered that ReaderUpdate, a macOS malware loader platform that has been active since at least 2020, has significantly evolved with new variants written in multiple programming languages. The malware, which previously went relatively unnoticed by many vendors, now includes versions written in Crystal, Nim, Rust, and most recently Go, in […]

The post New “ReaderUpdate” macOS Malware Evolves with Nim and Rust Variants appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recently disclosed vulnerability in Ingress-NGINX, tracked as CVE-2025-1974, has raised concerns about the security of Kubernetes environments. This vulnerability allows for Remote Code Execution (RCE) through the validating webhook server integrated into Ingress-NGINX. A Proof of Concept (PoC) exploit has been released, demonstrating how attackers could exploit this flaw. CVE-2025-1974 affects versions of Ingress-NGINX […]

The post PoC Exploit Released for Ingress-NGINX RCE Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent discovery has revealed a potential supply chain attack vulnerability in GitHub’s CodeQL repositories, which could have led to wide-ranging consequences for hundreds of thousands of GitHub users. The exploit hinges on a publicly exposed secret found in a GitHub Actions workflow artifact, which, if utilized by an attacker, could allow malicious code execution […]

The post CodeQLEAKED: GitHub Supply Chain Attack Enables Code Execution via CodeQL Repositories appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a concerning development for cybersecurity professionals, threat actors are increasingly utilizing a powerful tool called Atlantis AIO to automate and scale credential stuffing attacks across more than 140 platforms. This multi-checker tool, designed to exploit stolen user credentials, has emerged as a formidable weapon in the cybercriminal arsenal, enabling attackers to test millions of […]

The post Threat Actors Use “Atlantis AIO” Tool to Automate Credential Stuffing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers Dylan Tran and Jimmy Bayne have unveiled a new fileless lateral movement technique that exploits trapped Component Object Model (COM) objects in Windows systems. This method, based on research by James Forshaw of Google Project Zero, allows attackers to execute .NET managed code in the context of a server-side Distributed COM (DCOM) process. […]

The post Hackers Exploit COM Objects for Fileless Malware and Lateral Movement appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a significant escalation of illicit activities, B1ack’s Stash, a notorious dark web carding marketplace, has announced plans to release an additional 4 million stolen credit card records for free. This move is part of a broader strategy to attract cybercriminals and establish credibility within the underground economy. The marketplace first gained attention in April […]

The post B1ack’s Stash Marketplace Actors Set to Release 4 Million Stolen Credit Card Records for Free appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A Pakistan-based Advanced Persistent Threat (APT) group, likely APT36, has launched a multi-platform cyberattack campaign targeting Indian users through a fraudulent website impersonating the Indian Post Office. The attack, discovered by CYFIRMA researchers, exploits both Windows and Android vulnerabilities, demonstrating a significant evolution in the group’s tactics. Sophisticated Attack Leverages Youth Laptop Scheme The malicious […]

The post Pakistan APT Hackers Weaponize malicious IndiaPost Site to Target Windows and Android Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new malware strain called IOCONTROL has emerged, posing a significant threat to Internet of Things (IoT) devices and operational technology (OT) systems, particularly those in critical infrastructure. First observed in December 2024, IOCONTROL is allegedly created by the anti-Israeli and pro-Iranian hacktivist group “Cyber Av3ngers.” Technical Analysis Reveals Sophisticated Capabilities IOCONTROL employs advanced techniques […]

The post New IOCONTROL Malware Let Attackers Control Critical Infrastructure & Gain Remote Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.