Aggregator

Threat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named “card_detail_20250610.html.lnk,” cleverly disguises itself as a legitimate HTML document from a financial institution, exploiting user trust in routine security procedures. Historically, these actors relied on PowerShell scripts for keylogging […]

The post Malicious LNK File Posing as Credit Card Security Email Steals User Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

You must login to view this content

Lumma Stealer, a notorious information-stealing malware-as-a-service (MaaS) platform, has swiftly reemerged after a coordinated global law enforcement operation in May 2025. The U.S. Department of Justice, alongside international partners, seized approximately 2,300 malicious domains integral to Lumma’s command-and-control (C&C) infrastructure, including administrative login panels. This disruption severed connections between infected endpoints and exfiltration servers, temporarily […]

The post Lumma Stealer Masquerades as Pirated Apps to Steal Logins and Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Synology has issued an urgent security advisory addressing critical vulnerabilities in its BeeDrive desktop application for Windows that could allow attackers to execute malicious code and delete arbitrary files. The company disclosed three separate Common Vulnerabilities and Exposures (CVE) identifiers on July 22, 2025, all classified with “Important” severity ratings, prompting immediate user action to […]

The post Synology BeeDrive for Desktop on Windows Vulnerabilities Let Hackers Run Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Remote Monitoring and Management (RMM) software has long been the silent partner of help-desk engineers, automating patch cycles and troubleshooting sessions across sprawling enterprises. Over the past year, however, the same remote consoles have been quietly repurposed by ransomware gangs that crave the built-in trust, elevated privileges, and encrypted tunnels these tools provide. By masquerading […]

The post Ransomware Gangs Leveraging RMM Tools to Attack Organizations and Exfiltrate Data appeared first on Cyber Security News.

A sophisticated new variant of the macOS.ZuRu malware, originally identified in 2021, has resurfaced, employing a trojanized version of the Termius SSH client to deploy a modified Khepri command-and-control (C2) beacon. This iteration, detected in late May 2025, demonstrates advanced evasion techniques aimed at developers and IT professionals, facilitating persistent remote access while circumventing macOS […]

The post New ZuRu Malware Variant Targets macOS via Termius SSH Exploit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ANY.RUN’s services processes data on current threats daily, including attacks affecting supply chains. In this case study, we analyze examples of DHL brand abuse. The company is a leading global logistic operator, and attackers exploit its recognition to send phishing emails, potentially targeting its partners.   We will demonstrate how ANY.RUN’s solutions can be used to […]

The post Beating Supply Chain Attacks: DHL Impersonation Case Study   appeared first on ANY.RUN's Cybersecurity Blog.

The Clorox Company, a leading household goods manufacturer, has filed a $380 million lawsuit against IT services provider Cognizant Technology Solutions. The lawsuit accuses Cognizant’s help-desk agents of inadvertently providing hackers with access to Clorox’s network during a security breach in August 2023. This intrusion severely disrupted operations and led to months of product shortages. […]

The post Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers appeared first on Cyber Security News.

One or more vulnerabilities affecting Cisco Identity Services Engine (ISE) are being exploited in the wild, Cisco has confirmed by updating the security advisory for the flaws. About the vulnerabilities The three vulnerabilities affect Cisco’s Identity Services Engine (ISE) – a network security policy and access control system for enterprises – and Cisco ISE Passive Identity Connector (ISE-PIC), which is a lightweight identity service that allows Cisco ISE to passively gather user identity information. CVE-2025-20281 … More →

The post Maximum severity Cisco ISE vulnerabilities exploited by attackers appeared first on Help Net Security.