GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

The threat actor known as GOFFEE has launched a series of targeted attacks against critical sectors within the Russian Federation, utilizing advanced malware and phishing techniques. The group’s latest campaign involves the deployment of PowerModul, a PowerShell-based implant, to escalate their intrusion capabilities and carry out coordinated strikes effectively. PowerModul and Initial Infection Vectors PowerModul […]

The post GOFFEE Deploys PowerModul in Coordinated Strikes on Government and Energy Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A Cisco’s Smart Install protocol (CVE-2018-0171), first patched in 2018, remains a pervasive threat to global network infrastructure due to widespread misconfigurations and exploitation by state-sponsored threat actors. The flaw allows unauthenticated attackers to execute arbitrary code on Cisco switches and routers via exposed Smart Install Client services, enabling configuration theft, credential harvesting, and firmware […]

The post A Seven‑Year‑Old Cisco Flaw Now Lets Hackers Execute Code Remotely on Network Gear appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

RansomHub, a leading Ransomware-as-a-Service (RaaS) group that emerged in early 2024, has found itself grappling with internal turmoil. The instability came to light on April 1st, 2025, when several of its client chat portals, critical for ransomware negotiations, went offline, signaling potential internal strife. Affiliate Confusion and Infrastructure Breakdown RansomHub’s affiliates, who had been promised […]

The post RansomHub RaaS in Disarray After Affiliate Chat Access Suddenly Revoked appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Sapphire Werewolf has introduced a potent new weapon into its cyber arsenal, unveiling the latest iteration of the Amethyst stealer in a calculated phishing attack against an energy firm. According to the Report, the operation cunningly disguises a malicious payload as a mundane HR memo. The threat actor begins its attack with a fraudulent email, […]

The post Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google Cloud announced the launch of a pioneering open protocol named Agent2Agent (A2A), aiming to revolutionize how AI agents interact and automate complex enterprise workflows. Developed in collaboration with over 50 technology partners including Atlassian, Box, Cohere, and Salesforce, A2A promises to facilitate seamless agent-to-agent communication, task management, and collaboration. A2A is designed to overcome […]

The post Google Introduces A2A Protocol, Empowering AI Agents to Team Up and Automate Workflows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing what they believe is the official app. Infection Vector and Deceptive Tactics The malware spreads […]

The post Malicious ‘mParivahan’ App Circulates on WhatsApp, Skimming Sensitive Mobile Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Southeast Asian Advanced Persistent Threat (APT) group OceanLotus, also known as APT32, has been identified as employing GitHub to conduct a sophisticated poison attack against Chinese cybersecurity professionals. The ThreatBook Research and Response Team has meticulously analyzed this incident, which began its nefarious spread in mid-September 2024, resulting in a targeted assault on various Chinese […]

The post APT32 Turns GitHub into a Weapon Against Security Teams and Enterprise Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AkiraBot, identified by SentinelLABS, represents a sophisticated spam bot framework that targets website chats and contact forms to promote low-quality SEO services. Since its inception in September 2024, AkiraBot has impacted over 420,000 unique domains, successfully spamming at least 80,000 websites. It leverages both CAPTCHA evasion techniques and network detection evasion to elude website security […]

The post AkiraBot Floods 80,000 Sites After Outsmarting CAPTCHAs and Slipping Past Network Defenses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new vulnerability has been discovered in the Microsoft.Identity.Web NuGet package under specific conditions, potentially exposing sensitive information such as client secrets and certificate details in service logs. The flaw, identified as CVE-2025-32016, has been rated as moderate, prompting developers to urgently address the issue to prevent unintended data exposure. Overview of the Vulnerability: The vulnerability […]

The post Microsoft Identity Web Flaw Exposes Sensitive Client Secrets and Certificates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity realm has encountered a formidable adversary with the emergence of CatB ransomware, also known as CatB99 or Baxtoy. First identified in late 2022, this strain has caught the eye of security analysts due to its sophisticated evasion techniques and its potential connection to established ransomware families. There’s speculation within the security community that […]

The post CatB Ransomware Abuses Microsoft Distributed Transaction Coordinator for Stealthy Payload Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a major victory against cybercrime, law enforcement agencies across North America and Europe have dismantled the infrastructure behind the Smokeloader malware, a notorious pay-per-install (PPI) botnet service. This decisive action, a continuation of the groundbreaking Operation Endgame from May 2024, marks yet another blow to the global malware ecosystem. The Smokeloader botnet, operated by […]

The post Smokeloader Malware Operators Busted, Servers Seized by Authorities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts regarding two actively exploited vulnerabilities in the Linux Kernel. The flaws, tagged as CVE-2024-53197 and CVE-2024-53150, both reside in the USB-audio driver. These vulnerabilities could potentially allow attackers to manipulate system memory, escalate privileges, or access sensitive information. CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability The […]

The post CISA Alerts on Actively Exploited Linux Kernel Out-of-Bounds & Read Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed denial-of-service (DoS) vulnerability in Palo Alto Networks’ PAN-OS software enables attackers to force firewalls into repeated reboots using maliciously crafted packets. Tracked as CVE-2025-0128, the flaw impacts SCEP (Simple Certificate Enrollment Protocol) authentication and poses significant risks to unpatched systems. The vulnerability, CVE-2025-0128, enables unauthenticated attackers to disrupt network operations by sending a single […]

The post PAN-OS DoS Vulnerability Allows Attackers to Force Repeated Firewall Reboots appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The open-source Linux firewall solution, IPFire, has officially released its latest version, IPFire 2.29 – Core Update 193. This landmark update introduces cutting-edge post-quantum encryption capabilities for IPsec tunnels, along with extensive system upgrades to bolster security, performance, and hardware optimization for the long term. Post-Quantum Cryptography for a More Secure Future In a major step forward […]

The post Linux Firewall IPFire 2.29 Launches with Post-Quantum Encryption and System Enhancements appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated new red team technique dubbed “RemoteMonologue” has emerged, enabling attackers to remotely harvest NTLM credentials without deploying malicious payloads or accessing the Local Security Authority Subsystem Service (LSASS). As traditional methods of credential theft face increasing scrutiny from advanced security measures and Endpoint Detection and Response (EDR) solutions, this technique represents a significant […]

The post ‘RemoteMonologue’ New Red Team Technique Exploits DCOM To Steal NTLM Credentials Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The OpenSSH team has announced the release of OpenSSH 10.0 on April 9, marking an important milestone for one of the most widely-used open-source tools in secure communications. With significant protocol changes, security advancements, and new features, this version aims to provide enhanced protection and functionality for users worldwide. Key Security Improvements The OpenSSH 10.0 release introduces […]

The post OpenSSH 10.0 Released: New Protocol Changes and Key Security Improvements appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal underground, revealing the intricate web of tools, techniques, and cultural elements defining this notorious cybercrime ecosystem. The report highlights the sophistication and resilience of this community, which has been a pioneer in cybercriminal innovation. Sophisticated Tools and Techniques The Russian-speaking […]

The post Researchers Uncover Hacking Tools and Techniques Shared on Russian-Speaking Cybercrime Forums appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting scope since late December 2024. Initially, the group focused on infiltrating India’s government, defense, maritime sectors, and university students. Recent developments indicate an inclusion of crucial sectors like railways, oil & gas, and external affairs ministries into their cyber activities. […]

The post SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow—a legitimate authentication mechanism—to hijack user sessions and exfiltrate sensitive data. Microsoft Threat Intelligence researchers, alongside […]

The post Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic, costing businesses millions. This type of fraud involves artificially triggering SMS verification requests by creating numerous synthetic identities or using automated bots, thereby inflating the SMS traffic to exploit billing systems. Mechanics of SMS Pumping Fraudsters initiate this scam by […]

The post Threat Actors Exploit Messaging Services as Lucrative Cybercrime Platforms appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.