GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide, by hosting over 60 malicious repositories containing hundreds of trojanized Python files. Discovered by the ReversingLabs threat research team, this campaign represents a shift toward stealthier and more sophisticated tactics in open-source exploitation. Sophisticated Supply Chain […]

The post Threat Actor Exploit GitHub and Hosted 60 GitHub Repositories with 100s of Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google Threat Intelligence Group (GTIG), in collaboration with external partners, has uncovered a sophisticated phishing campaign orchestrated by a Russia state-sponsored cyber threat actor, tracked as UNC6293. Active from at least April through early June 2025, this campaign specifically targeted prominent academics and critics of Russia. GTIG assesses with low confidence that UNC6293 is associated […]

The post Sophisticated Phishing Attack Uses ASP Pages to Target Prominent Russia Critics – Google appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated cyberattack campaign has been uncovered, leveraging LogMeIn Resolve remote access software to gain unauthorized control over user systems. Security researchers report that the attack begins with a convincingly crafted invoice-themed spam email, designed to trick recipients into opening a malicious PDF attachment. This campaign highlights the ongoing threat of social engineering tactics and […]

The post LogMeIn Remote Access Abused in Targeted System Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A groundbreaking detection technique called Jitter-Trap has been unveiled by Varonis Threat Labs, promising to revolutionize how organizations identify one of the most elusive stages in the cyberattack lifecycle: post-exploitation and command-and-control (C2) communication. This method leverages the very randomness that threat actors use to evade detection, turning a classic evasion tactic into a powerful detection tool1. […]

The post Jitter-Trap: New Method Uncovers Stealthy Beacon Communications appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed vulnerability in Cisco’s AnyConnect VPN implementation for Meraki MX and Z Series devices poses a significant risk to enterprise networks, enabling unauthenticated attackers to disrupt remote access by triggering denial-of-service (DoS) conditions. The flaw, tracked as CVE-2025-20271, carries a high CVSS score of 8.6, underscoring its potential to impact organizations that rely […]

The post Cisco AnyConnect VPN Flaw Allows Attackers to Launch DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Thai authorities have dismantled a sophisticated criminal enterprise operating from the eight-storey Antai Holiday Hotel in Pattaya, unearthing both a high-stakes gambling den and a cybercrime ring specializing in ransomware attacks. The raid, conducted at 11:30 p.m. on June 16, followed intelligence reports of suspicious activity and heavy foreign presence at the hotel, particularly during […]

The post Ransomware Gang Busted by Authorities; Devices and Evidence Seized appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed vulnerability in Apache Traffic Server (ATS) has raised serious concerns among enterprise users and cloud providers, as attackers can exploit a flaw in the Edge Side Includes (ESI) plugin to trigger denial-of-service (DoS) attacks by exhausting server memory. The vulnerability, tracked as CVE-2025-49763, affects multiple versions of ATS and has prompted urgent […]

The post Apache Traffic Server Vulnerability Allows DoS Attacks Through Memory Exhaustion appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, posing a significant security threat to websites deployed using the Cloudflare adapter for Open Next. The flaw, now tracked as CVE-2025-6087, allows unauthenticated attackers to proxy arbitrary remote content through the vulnerable site’s domain, posing significant risks of phishing, data exposure, […]

The post Open Next SSRF Flaw in Cloudflare Lets Hackers Fetch Data from Any Host appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability known as Password Reset Link Poisoning has recently come under the spotlight, exposing web users and organizations to the risk of full account takeover. This flaw, which leverages Host Header Injection, enables attackers to manipulate the domain in password reset links, redirecting users to malicious sites and capturing sensitive reset tokens in the process, […]

The post Password Reset Link Poisoning Leads to Full Account Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A North Korean-affiliated threat actor called Famous Chollima (also known as Wagemole) has launched a sophisticated remote access trojan (RAT) campaign against Windows and MacOS devices, a concerning development discovered by Cisco Talos in May 2025. This group, suspected to comprise multiple coordinated entities, has introduced a Python-based variant dubbed “PylangGhost” alongside the previously documented […]

The post Chollima Hackers Target Windows and MacOS with New GolangGhost RAT Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The People’s Liberation Army (PLA) of China has adopted generative artificial intelligence (AI) to revolutionize its intelligence capabilities, marking a major step in modernizing military operations. According to recent analyses, the PLA has shown a clear intent to integrate generative AI, leveraging advanced large language models (LLMs) to enhance tasks such as data processing, intelligence […]

The post AI Revolutionizes PLA Military Intelligence with Rapid Deployment Across Operations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Russia’s sophisticated cyber warfare strategy emerges as a calculated blend of state power and non-state agility, leveraging private companies, hacktivists, and criminal proxies to amplify its digital dominance. The roots of this hybrid model trace back to the collapse of the Soviet Union in 1991, when economic turmoil and institutional breakdown created a lawless digital […]

The post Russia’s Digital Arsenal: The Strategic Use of Private Companies and Hacktivists in Cyber Operations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Halo Security’s Attack Surface Management Platform Honored for Exceptional Innovation and Successful Deployment Through The Channel Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live […]

The post Halo Security Honored with 2025 MSP Today Product of the Year Award appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly identified malware strain, dubbed LightPerlGirl, has emerged as a significant cybersecurity threat, leveraging deceptive fake CAPTCHA popups to infiltrate systems. Named after its internal copyright signature “Copyright (c) LightPerlGirl 2025,” which includes Russian-language strings, this malware is propagated through a cunning social engineering tactic known as the ClickFix attack. New Malware Campaign Exploits […]

The post Beware: Fake CAPTCHA Windows Stealthily Install LightPerlGirl Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

F6, a leading developer of technologies to combat cybercrime, has reported the emergence of SuperCard, a malicious modification of the legitimate NFCGate program, now targeting Android users globally, with recent attacks recorded in Russia. Initially detected in Europe during spring 2025, where it struck clients of European banks, this malware surfaced in Russia by May […]

The post SuperCard Malware Hijacks Android Devices to Steal Payment Card Data and Relay it to Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent vulnerability has been discovered in the Zyxel NWA50AX Pro, a WiFi 6 access point for small businesses, exposing it to an n-day flaw that allows arbitrary file deletion via a misconfigured CGI endpoint. This issue, tracked as CVE-2024-29974, highlights the risks of shared codebases and incomplete patching in embedded devices. Discovery and Technical […]

The post Zyxel NWA50AX Pro Hit by N-Day Flaw Allowing Arbitrary File Deletion appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mobile wallets like Apple Pay and Google Pay (GPay) have revolutionized the way we pay, offering speed and convenience that traditional cards can’t match. But as recent research and real-world incidents show, these digital wallets are not immune to attack. In fact, some of their most convenient features—like Express Transit mode—are now being exploited by […]

The post Hackers Exploit Transit Mode in Apple Pay and GPay to Steal Money appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has announced a significant enhancement to its Office 365 Defender suite with the introduction of Mail Bombing Detection, a new feature designed to combat the rising threat of email bombing attacks. This capability will be rolled out globally, starting in late June 2025, and is expected to reach all customers by late July 2025. […]

The post Microsoft Enhances Office 365 Defender to Stop Email Bombing Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Sysdig TRT has uncovered critical vulnerabilities in the GitHub Actions workflows of several high-profile open source projects, including those maintained by MITRE and Splunk. GitHub Actions, a popular platform for automating CI/CD pipelines, offers immense flexibility for developers but also harbors significant security risks when improperly configured. High-Profile Projects Compromised The Sysdig TRT’s proactive […]

The post MITRE and Splunk Expose Critical Vulnerabilities in Open Source GitHub Actions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The RapperBot botnet has resurfaced with unprecedented aggression, targeting network edge devices in a staggering series of over 50,000 attacks. Identified and detailed by researchers at Qianxin XLab, this botnet represents a sophisticated threat to Internet of Things (IoT) ecosystems, exploiting vulnerabilities in devices such as routers, IP cameras, and other connected hardware. New Wave […]

The post RapperBot Botnet Surges with 50,000+ Attacks Targeting Network Edge Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.