Aggregator

Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX. Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool it tracks

Trustwave SpiderLabs has played a crucial role in monitoring new ransomware variants in the incredibly unstable ransomware threat landscape of 2025, where dozens of new groups have emerged and caused extensive disruptions across multiple sectors. Among these, the KAWA4096 ransomware has been identified as a notable newcomer, first detected in June 2025. This strain has […]

The post KAWA4096 Ransomware Employs WMI Techniques to Delete Backup Snapshots appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Telegram Scrapper 2.0: A powerful Python script that allows you to scrape messages and media from Telegram channels using the Telethon library

The founders of Indian cryptocurrency exchange CoinDCX said no customer funds were affected in a more than $40 million theft from reserves.

Компания выпустила бесплатный декриптор для жертв шифровальщика.

Threat actors are increasingly adopting AI-powered cloaking services to obfuscate phishing domains, counterfeit e-commerce sites, and malware distribution endpoints from automated security scanners. This technique, known as cloaking, involves dynamically serving innocuous “white pages” to detection mechanisms while directing legitimate users to malicious “black pages.” Leveraging advancements in JavaScript fingerprinting, machine learning algorithms, and behavioral […]

The post AI-Powered Cloaking Tools Help Threat Actors Hide Malicious Domains from Security Scans appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

W3b0s1nt (WebOSINT): A Python script for passive Domain Intelligence gathering

New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict

The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. "The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware," Kaspersky researchers Denis Kulik and Daniil Pogorelov said. "One of the C2s [command-and-control servers] was a captive

У вас Android и карта под рукой? Тогда вы идеальная жертва новой схемы.

Fake npm website used in phishing attack to steal maintainer token, leading to malware in popular JavaScript packages like eslint-config-prettier.

Arch Linux 项目发出安全警告，7 月 16 日晚 8 点左右（UTC+2）一个恶意软件包上传到了 Arch User Repository(AUR)，几个小时后同一位用户又上传了两个恶意包，这些软件包会安装来自同一个 GitHub 库的脚本，该脚本被识别为 RAT（远程访问木马）。三个恶意软件包都与 Firefox 或其分支相关： librewolf-fix-bin，firefox-patch-bin，zen-browser-patched-bin。开发者建议如果安装了这些恶意软件包，立即清除并采取安全防御措施。Reddit 用户随后报告了更多的恶意 AUR 包，相关软件包在被举报之后迅速移除了。

ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. [...]

Traditional security testing tools can’t keep pace with modern threats—or prove which vulnerabilities truly matter. Discover how Adversarial Exposure Validation (AEV) bridges the gap by continuously simulating real-world attacks to reveal exploitable exposures, prioritize risk, and empower smarter security decisions. Learn why AEV is the missing link in your CTEM strategy and how BreachLock is leading the way.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability, which was classified as problematic, has been found in WP-Members Plugin up to 3.5.4.1 on WordPress. Affected by this issue is the function wpmem_login_link of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-7495. The attack may be launched remotely. There is no exploit available.