GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search engine results, pushing malicious websites to the top where unsuspecting users are likely to click. In recent years, this tactic, often known as SEO poisoning or black hat SEO, has seen cybercriminals hijack the reputation of legitimate websites to promote […]

The post Threat Actors Manipulate Search Results to Lure Users to Malicious Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the Google Play Store to distribute Android malware. These websites, hosted on newly registered domains, create a façade of credible application installation pages, enticing victims with downloads that appear legitimate, including apps like Google Chrome. The sites are engineered with features […]

The post Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers are exploiting what’s known as “Dangling DNS” records to take over corporate subdomains, posing significant threats to organizations’ security frameworks. This attack vector has been increasingly noted by security teams, highlighting the need for constant vigilance in DNS configuration management. A New Threat Landscape Subdomain takeovers occur when a misconfigured or unused subdomain’s DNS […]

The post Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware, signaling its resurgence with attacks targeting Windows, Linux, and ESXi environments. HelloKitty ransomware, initially appearing in October 2020 as a fork of DeathRansom, has evolved significantly in its encryption methods. The ransomware now embeds an RSA-2048 public key, which is […]

The post HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of industries across the globe. In March 2025, this group alone managed to compromise 84 organizations, while new groups like Arkana and CrazyHunter have introduced sophisticated tools and strategies to intensify ransomware attacks. Sophistication in Attack Methods Ransomware groups in March […]

The post RansomHub Ransomware Group Hits 84 Organizations as New Threat Actors Emerge appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious endeavors. Email bombing, known also as a “spam bomb,” involves flooding a target’s email inbox with a massive volume of emails, overwhelming the recipient and disguising potential phishing or credential theft attempts. Understanding Email Bombing Email bombing works by attackers […]

The post Threat Actors Leverage Email Bombing to Evade Security Tools and Conceal Malicious Activity appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Semiconductor companies, pivotal in the tech industry for their role in producing components integral to everything from consumer electronics to critical defense systems, are under siege from sophisticated cyber threats. These firms design, manufacture, and sell semiconductors, crucial elements with conductivity between that of a conductor and an insulator, and are prime targets for cybercriminals […]

The post Threat Actors Launch Active Attacks on Semiconductor Firms Using Zero-Day Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Enterprises are facing heightened cyber threats as attackers increasingly target network infrastructure, particularly routers, following a trend noted in Forescout Research Vedere Labs’ 2025 report on the riskiest connected devices. The Forescout report reveals a significant shift in the cybersecurity landscape, where routers have now surpassed traditional endpoints as the primary target for cyberattacks. This […]

The post Hackers Exploit Router Flaws in Ongoing Attacks on Enterprise Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors are using open-source software (OSS) repositories to install malicious code into trusted applications, particularly targeting cryptocurrency software. The ReversingLabs (RL) research team has identified a pattern where attackers upload seemingly legitimate packages to repositories like npm, which then inject malicious “patches” into users’ local installations of crypto wallet software. Hijacking Open Source Packages […]

The post Threat Actors Exploit Legitimate Crypto Packages to Deliver Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The notorious Tycoon 2FA phishing kit continues its evolution with new strategies designed to slip past endpoint detection systems. This development was highlighted in a recent analysis, showcasing several sophisticated techniques aimed at thwarting detection and analysis. Obfuscation with Invisible Unicode Characters and Proxies Tycoon 2FA’s latest iteration has introduced an obfuscation method using invisible […]

The post Tycoon 2FA Phishing Kit Uses Advanced Evasion Techniques to Bypass Endpoint Detection Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

INE Security Highlights How Practical, immersive training environments help defense contractors meet DoD cybersecurity requirements Defense contractors are facing increased pressure to meet the Department of Defense’s stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines. INE Security, a leading global provider of cybersecurity training and certifications, is highlighting how hands-on cybersecurity labs […]

The post Hands-On Labs: The Key to Accelerating CMMC 2.0 Compliance appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten new Industrial Control Systems (ICS) advisories to address critical vulnerabilities and exploits that could impact key industrial systems. Released on April 10, 2025, these advisories provide crucial insights into ongoing cybersecurity risks, helping industries mitigate threats and protect critical infrastructure. The advisories highlight a range […]

The post CISA Issues 10 ICS Advisories Addressing Critical Vulnerabilities and Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Sensata Technologies Holding PLC, a global leader in sensor solutions and electrical protection, is currently grappling with the fallout of a ransomware attack that has disrupted its operations and compromised sensitive files. The breach, first reported on April 6, 2025, has temporarily impacted critical business functions, including manufacturing, shipping, and support services, as indicated in […]

The post Sensata Technologies Breached: Ransomware Attack Key Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity experts at Sublime have uncovered a complex malware campaign revolving around TROX Stealer, an information stealer that employs urgency to deceive victims. This malware, first detected in December 2024, highlights an intricate attack chain designed to extract sensitive data from everyday consumers. TROX Stealer’s success hinges on the psychological tactic of urgency, prompting victims […]

The post TROX Stealer Harvests Sensitive Data Including Stored Credit Cards and Browser Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Smishing Triad, a Chinese eCrime group, has launched an extensive operation targeting users across more than 121 countries. This campaign, primarily focused on stealing banking credentials, has evolved to include diverse industries, from postal and logistics to finance and retail sectors. Expansion of Phishing Operations Recent data from server logs analyzed by Silent Push reveal […]

The post Chinese eCrime Group Targets Users in 120+ Countries to Steal Banking Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A severe security flaw enabling unauthenticated remote code execution (RCE) with root privileges has been uncovered in select Calix networking devices, raising alarms for organizations using legacy hardware. The vulnerability resides in TCP port 6998 and impacts end-of-life (EOL) devices running vulnerable CWMP services. Vulnerability Overview The issue stems from improper input sanitization in the […]

The post Calix Devices Vulnerable to Pre-Auth RCE on Port 6998, Root Access Possible appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has fortified its Exchange Server and SharePoint Server security by integrating advanced Antimalware Scan Interface (AMSI) capabilities. This measure, aimed at countering sophisticated attack vectors, represents a crucial step to safeguard on-premises infrastructure that serves as the backbone of many organizations worldwide. Why AMSI Integration Matters Exchange and SharePoint Servers are critical assets for […]

The post Microsoft Boosts Exchange and SharePoint Security with Updated Antimalware Scan appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability in AMD CPUs has been uncovered, enabling attackers with administrative privileges to bypass microcode signature verification and execute malicious code. Designated as CVE-2024-36347 (CVSS score: 6.4, Medium), the flaw impacts multiple generations of AMD EPYC™ server processors and select consumer Ryzen™ chips. Vulnerability Overview Google researchers identified a weakness in AMD’s microcode patch verification algorithm, […]

The post AMD CPU Signature Verification Vulnerability Enables Unauthorized Microcode Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent cybersecurity revelation has demonstrated how researchers successfully bypassed Windows Defender antivirus mechanisms using advanced techniques involving XOR encryption and direct system calls. This breakthrough has sparked discussions about the effectiveness of traditional antivirus measures against increasingly sophisticated attack vectors. A Vulnerability Unearthed The research, published by Hackmosphere, sheds light on how weaknesses in […]

The post Researchers Exploit Windows Defender with XOR and System Calls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-22457, has been disclosed by Ivanti, sparking concerns across the cybersecurity industry. The flaw, which affects several Ivanti products, allows attackers to execute arbitrary code remotely, potentially compromising sensitive enterprise environments. Researchers, including the Rapid7 vulnerability team, have provided a detailed breakdown of how the flaw was exploited and what […]

The post Ivanti 0-Day RCE Flaw Exploitation Details Revealed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.