Aggregator

A red teamer is publishing research next month about how weaknesses in modern security products lay the groundwork for stealthy implants in AI-powered applications.

As the state responded to a pro-Iranian attack, officials tell CyberScoop that it avoided reaching out to the federal agency, partly because it has been “politicized and weakened” under the president.

The post After website hack, Arizona election officials unload on Trump’s CISA appeared first on CyberScoop.

The popular file transfer company CrushFTP has discovered a previously unknown vulnerability being exploited by hackers.

A new wave of cyber-attacks has emerged, exploiting Windows shortcut files (.LNK) combined with legitimate system utilities collectively known as Living-off-the-Land Binaries and Scripts (LOLBin/S) to deliver the DeerStealer infostealer through highly obfuscated multi-stage chains. Recent campaigns begin with phishing emails or fraudulent file shares containing weaponized .LNK files camouflaged as seemingly benign documents, often […]

The post DeerStealer Malware Spread Through Weaponized .LNK and LOLBin Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Новое исследование предлагает реалистичную модель для космических условий.

Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used JavaScript tooling libraries. The campaign, first reported on July 18, 2025, utilizes a typosquatted domain, npnjs.com, to mimic legitimate npm communications and trick developers into surrendering their authentication tokens. This multi-stage operation begins with automated emails scraped […]

The post Threat Actors Compromise Popular npm Packages to Steal Maintainers’ Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, was found in LedgerSMB. Affected is an unknown function. The manipulation leads to clickjacking. This vulnerability is traded as CVE-2021-3731. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in LedgerSMB. It has been rated as problematic. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2021-3693. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in LedgerSMB. This affects an unknown part of the component Error Message Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2021-3694. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

An developer recently came across a highly advanced phishing email that spoofs the [email protected] address in order to impersonate npm, the Node.js package registry. The email directed recipients to a malicious link on npnjs.com, a domain cleverly typosquatted to mimic npmjs.com by swapping ‘m’ for ‘n’. This fake site hosted a complete clone or proxy […]

The post Beware of npm Phishing Emails Targeting Developer Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. [...]

A targeted attack against a U.S.-based certified public accounting firm was discovered in May 2025 by cybersecurity experts, according to a recent study described in eSentire’s Threat Response Unit (TRU) Positives report. The campaign leveraged a novel crypter named “Ghost Crypt” to deliver PureRAT, a Remote Access Trojan (RAT) that has surged in prevalence throughout […]

The post Cybercriminals Use Zoho WorkDrive Folders to Spread Obfuscated PureRAT Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Сверхчистые наночастицы подготавливают поле для цифровых органов чувств.

For the latest discoveries in cyber research for the week of 21st July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Luxury retailer Louis Vuitton has suffered a cyber-attack that resulted in the exfiltration of certain personal data of customers from the UK, South Korea, Turkey, Italy, and Sweden after unauthorized access to […]

The post 21st July – Threat Intelligence Report appeared first on Check Point Research.

FortiGuard Labs has discovered a sophisticated new ransomware strain called NailaoLocker that represents a significant departure from conventional encryption malware. This Windows-targeting threat introduces the first documented use of China’s SM2 cryptographic standard in ransomware operations, marking a notable shift toward region-specific cryptographic implementations in cybercriminal activities. The malware’s name, derived from the Chinese word […]

The post NailaoLocker Ransomware Attacking Windows Systems Using Chinese SM2 Cryptographic Standard appeared first on Cyber Security News.

Kaspersky MDR analysts recently uncovered a sophisticated targeted attack by the Chinese-speaking cyberespionage group APT41 against government IT services in the African region, marking a notable escalation in the group’s activity on the continent, which had previously seen minimal incidents from this actor. The attackers embedded hardcoded names of internal services, IP addresses, and proxy […]

The post APT41 Hackers Exploiting Atexec and WmiExec Windows Modules for Malware Deployment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater  (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The first MuddyWater campaign was observed in late 2017, when the APT group targeted entities in […]

Former Hunters International ransomware gang, now World Leaks, claims 1.3 TB Dell data breach, leaking over 400K files with internal tools and user data.