GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A recent cybersecurity threat has emerged in the form of a steganographic campaign that uses seemingly harmless JPG files to distribute multiple types of malware, including password stealers like Remcos and AsyncRAT. This sophisticated attack begins with a phishing email containing a malicious Excel document that exploits a known vulnerability, CVE-2017-0199, to initiate the infection […]

The post New Steganographic Malware Hides in JPG Files to Deploy Multiple Password Stealers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent discovery by Palo Alto Networks’ Unit 42 has shed light on sophisticated malware targeting Internet Information Services (IIS) servers. This malware, developed in C++/CLI, a rare choice for malware authors, has been designed to mimic the behavior of cmd.exe to evade detection. The malware operates as a passive backdoor, integrating itself into the […]

The post New C++-Based IIS Malware Mimics cmd.exe to Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In recent security research, vulnerabilities in the Kentico Xperience CMS have come to light, highlighting significant risks for users who rely on this Content Management System (CMS). Specifically, two primary issues were identified: an Authentication Bypass vulnerability and a Post-Authentication Remote Code Execution (RCE) vulnerability. These vulnerabilities, collectively forming a powerful exploit chain, allow attackers to gain full control […]

The post Kentico Xperience CMS Vulnerability Enables Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability, identified as CVE-2025-24016, has been discovered in the Wazuh Security Information and Event Management (SIEM) platform. This vulnerability affects versions 4.4.0 to 4.9.0 and allows attackers with API access to execute arbitrary Python code remotely, potentially leading to complete system compromise. The flaw stems from the unsafe deserialization of Distributed API (DAPI) […]

The post Wazuh SIEM Vulnerability Enables Remote Malicious Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A series of vulnerabilities has been discovered in Espressif Systems’ ESP32 devices, specifically affecting the BluFi module within the ESP-IDF framework. BluFi is designed to simplify WiFi configuration using a Bluetooth interface. These flaws, identified by the NCC Group, enable attackers to execute arbitrary code on ESP32 devices and potentially access sensitive information such as […]

The post Espressif Systems Flaws Allow Hackers to Execute Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent and significant cybersecurity threat has emerged involving a critical vulnerability in Apache Tomcat, identified as CVE-2025-24813. This vulnerability allows for remote code execution, potentially allowing hackers to hijack servers running Apache Tomcat. The exploitation of this vulnerability is a serious concern, as it could lead to widespread unauthorized access and malicious activities on […]

The post Hackers Exploit Tomcat Vulnerability to Hijack Apache Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Apple has announced the integration of end-to-end encryption (E2EE) for Rich Communication Services (RCS) on iPhones. This development follows the introduction of RCS in iOS 18, marking a new era in mobile messaging with enhanced privacy and security features. The GSMA, a key organizer behind this technology, has released new specifications incorporating E2EE based on […]

The post Apple Introduces RCS End-to-End Encryption for iPhone Messages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent disclosure by Cisco Talos’ Vulnerability Discovery & Research team highlighted several vulnerability issues in Adobe Acrobat. All of these vulnerabilities have been addressed by their respective vendors, aligning with Cisco’s third-party vulnerability disclosure policy. For detection of these vulnerabilities, users can utilize the latest Snort rule sets available from Snort.org and refer to […]

The post Adobe Acrobat Vulnerabilities Enable Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity experts have uncovered how hackers use Cascading Style Sheets (CSS) to deceive spam filters and monitor user behavior. This sophisticated technique allows malicious actors to remain under the radar while gaining insights into user preferences and actions. The abuse of CSS for both evasion and tracking poses substantial threats to privacy and security. The […]

The post Hackers Use CSS Tricks to Bypass Spam Filters and Monitor Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers exploit a vulnerability in TP-Link routers, specifically the TL-WR845N model, to gain full control over the system. This exploit allows unauthorized users to access the root shell credentials, giving them unrestricted access to manipulate and control the router. Here is a summary of the affected product and how the vulnerability can be exploited: Affected […]

The post Hackers Target TP-Link Vulnerability to Gain Full System Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting both Windows and Linux systems. The attack utilizes multiple stages of obfuscation, including encrypted payloads and COM object manipulation, to ultimately deploy miners for various cryptocurrencies including Monero, Ravencoin, and several others. This previously unreported exploitation method demonstrates how threat actors […]

The post Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Amazon Web Services’ Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service that facilitates communication between applications and users. While its scalability and integration capabilities make it a powerful tool for organizations, its misuse by adversaries for malicious purposes such as data exfiltration and phishing has raised significant security concerns. This article delves […]

The post AWS SNS Exploited for Data Exfiltration and Phishing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent alert from the Akamai Security Intelligence and Response Team (SIRT) has highlighted the exploitation of a severe command injection vulnerability in Edimax Internet of Things (IoT) devices. This vulnerability, designated as CVE-2025-1316, has been actively used by multiple botnets to spread Mirai malware. Mirai is notorious for compromising IoT devices and orchestrating distributed […]

The post Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cisco has issued a security advisory warning of a vulnerability in its IOS XR Software that could allow attackers to launch denial-of-service (DoS) attacks.  The vulnerability, identified as CVE-2025-20115, affects the Border Gateway Protocol (BGP) confederation implementation. The CVE-2025-20115 vulnerability affects the Border Gateway Protocol (BGP) confederation implementation in Cisco IOS XR Software, potentially allowing […]

The post Cisco Warns of Critical IOS XR Vulnerability Enabling DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The increasing popularity of generative artificial intelligence (GenAI) tools, such as OpenAI’s ChatGPT and Google’s Gemini, has attracted cybercriminals seeking to exploit these technologies for malicious purposes. Despite the guardrails implemented by traditional GenAI platforms to prevent misuse, cybercriminals have circumvented these restrictions by developing their own malicious large language models (LLMs), including WormGPT, FraudGPT, […]

The post DeepSeek R1 Jailbreaked to Create Malware, Including Keyloggers and Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft researchers have uncovered a surprisingly straightforward method that can bypass safety guardrails in most leading AI systems. In a technical blog post published on March 13, 2025, Microsoft’s Mark Russinovich detailed the “Context Compliance Attack” (CCA), which exploits the common practice of relying on client-supplied conversation history. The attack proves effective against numerous major […]

The post New Context Compliance Exploit Jailbreaks Major AI Models appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The notorious Lazarus group has been identified as leveraging compromised IIS servers to deploy malicious ASP web shells. These sophisticated attacks have been reported to facilitate the spread of malware, including the LazarLoader variant, and utilize privilege escalation tools to gain extensive control over infected systems. The Lazarus group, associated with North Korean actors, has […]

The post Lazarus Group Weaponizes IIS Servers for Deploying Malicious ASP Web Shells appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been identified in the ruby-saml library, a popular tool used for Single Sign-On (SSO) via Security Assertion Markup Language (SAML) on the service provider side. The vulnerabilities, designated as CVE-2025-25291 and CVE-2025-25292, allow attackers to bypass authentication and conduct account takeover attacks if they possess a valid signature created with […]

The post Critical ruby-saml Vulnerabilities Allow Attackers to Bypass Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Threat Intelligence has identified an ongoing phishing campaign that began in December 2024, targeting organizations in the hospitality industry by impersonating the online travel agency Booking.com. The campaign, tracked as Storm-1865, employs a sophisticated social engineering technique called ClickFix to deliver credential-stealing malware designed to conduct financial fraud and theft. This attack specifically targets […]

The post Ongoing Cyber Attack Mimic Booking.com to Spread Password-Stealing Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The U.S. Department of Justice has charged Rostislav Panev, a dual Russian and Israeli national, for his role as a developer of the notorious LockBit ransomware group. Panev, 51, was arrested in Israel in August following a U.S. provisional arrest request, and he is currently awaiting extradition to the United States. This action marks a […]

The post U.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.