Category: gbhackers

Hackers Exploit WordPress Arbitrary Installation Vulnerabilities in the Wild Cybersecurity firm Wordfence has uncovered a renewed wave of mass exploitation targeting critical vulnerabilities in two popular WordPress plugins, allowing unauthenticated attackers to install… Go to gbhackers.com

CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the… Cybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server… Go to gbhackers.com

Amazon Reveals Technical Fault Behind Widescale AWS Service Outage Amazon Web Services experienced a major outage that affected millions of customers and Amazon’s own operations on October 19 and 20, 2025.The company has… Go to gbhackers.com

LockBit 5.0 Targets Windows, Linux, and ESXi Systems in Ongoing Attacks After months of disruption following Operation Cronos in early 2024, the notorious LockBit ransomware group has resurfaced with renewed vigor and a formidable new… Go to gbhackers.com

Telegram Messenger Abused by Android Malware to Seize Full Device Control Security researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X that grants cybercriminals complete control over victims’ accounts and… Go to gbhackers.com

Vault Viper Exploits Online Gambling Websites Using Custom Browser to Install Malicious Program A major cybersecurity investigation has uncovered a sophisticated criminal operation called Vault Viper that exploits online gambling platforms to distribute a malicious custom browser… Go to gbhackers.com

Google Warns of Cybercriminals Using Fake Job Postings to Spread Malware and Steal Credentials Google’s Threat Intelligence Group (GTIG) has uncovered a sophisticated social engineering campaign orchestrated by financially motivated threat actors based in Vietnam.The ultimate objective… Go to gbhackers.com

North Korean Hackers Target UAV Industry to Steal Confidential Data ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology.The attacks, attributed to the… Go to gbhackers.com

Phishing Campaign Uses Unique UUIDs to Evade Secure Email Gateways A sophisticated new phishing attack discovered in early February 2025 is successfully bypassing Secure Email Gateways (SEGs) and evading perimeter defenses through an ingenious… Go to gbhackers.com

Ransomware Actors Targeting Global Public Sectors and Critical Infrastructure The public sector faces an unprecedented cybersecurity crisis as ransomware actors intensify their assault on government entities worldwide.According to Trustwave’s SpiderLabs research team,… Go to gbhackers.com

Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw Microsoft has released a critical security patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS).The flaw, tracked as… Go to gbhackers.com

Toys “R” Us Canada Data Breach Exposes Customer Personal Information Toys “R” Us Canada has alerted its customers to a significant data breach that may have compromised personal information.The company sent notification emails to… Go to gbhackers.com

Warlock Ransomware Exploits SharePoint ToolShell Zero-Day in New Attack Campaign Chinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability…. Go to gbhackers.com

New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as “Nursultan Client,” a legitimate Minecraft… Go to gbhackers.com

OpenAI Faces DHS Request to Disclose User’s ChatGPT Prompts in Investigation Over the past year, federal agents struggled to uncover who operated a notorious child exploitation site on the dark web.Their search took an unexpected… Go to gbhackers.com

SideWinder Leverages ClickOnce Installer to Deliver StealerBot Malware The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with… Go to gbhackers.com

BIND 9 Vulnerabilities Expose DNS Servers to Cache Poisoning and DoS The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally.All three vulnerabilities were publicly… Go to gbhackers.com

Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR… Go to gbhackers.com

Vidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser Credentials On October 6, 2025, the cybercriminal developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums, introducing a sophisticated information-stealing… Go to gbhackers.com

Millions of Credentials Stolen Each Day by Stealer Malware The cybercrime ecosystem surrounding stealer malware has reached unprecedented scale, with threat actors now processing millions of stolen credentials daily through sophisticated distribution networks…. Go to gbhackers.com

New Rust Malware “ChaosBot” Hides Command-and-Control Inside Discord A sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations.This isn’t your average… Go to gbhackers.com

New Salt Typhoon Attacks Leverage Zero-Days and DLL Sideloading Salt Typhoon represents one of the most persistent and sophisticated cyber threats targeting global critical infrastructure today. Believed to be linked to state-sponsored actors… Go to gbhackers.com

LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable… Go to gbhackers.com

AWS Resolves Major Outage After Nearly 24 Hours of Service Disruption Amazon Web Services experienced a significant service disruption in its US-EAST-1 region that lasted nearly 24 hours, affecting over 140 services and causing widespread… Go to gbhackers.com

Cavalry Werewolf APT Targets Multiple Sectors Using FoalShell and StallionRAT From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf—also tracked as YoroTrooper and Silent Lynx—executed a sophisticated attack campaign… Go to gbhackers.com

AdaptixC2 Emerges in npm Supply-Chain Exploit Against Developers Cybersecurity researchers at Kaspersky have uncovered a sophisticated supply chain attack targeting the npm ecosystem, where threat actors distributed the AdaptixC2 post-exploitation framework through… Go to gbhackers.com

CISA Warns of Oracle E-Business Suite SSRF Vulnerability Actively Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle E-Business Suite vulnerability to its Known Exploited Vulnerabilities catalog after detecting active… Go to gbhackers.com

Massive AWS Outage Halt The Internet – Disrupting Snapchat, Prime Video, Canva, and More A catastrophic Amazon Web Services (AWS) outage struck on October 20, 2025, bringing down major platforms like Snapchat, Amazon Prime Video, and Canva, and… Go to gbhackers.com

131 Malicious Chrome Extensions Discovered Targeting WhatsApp Users A new wave of spamware targeting WhatsApp Web users has emerged, as the Socket Threat Research Team revealed the discovery of 131 malicious Chrome… Go to gbhackers.com

PoC Released for Linux-PAM Vulnerability Enabling Local Root Privilege Escalation A new proof-of-concept (PoC) has been released for a serious vulnerability tracked as CVE-2025-8941, affecting the Pluggable Authentication Modules (PAM) used across Linux distributions…. Go to gbhackers.com

Winos 4.0 Malware Uses Weaponized PDFs Posing as Government Departments to Infect Windows Machines Security researchers are tracking a high-severity malware campaign that uses weaponized PDF files to distribute the Winos 4.0 malware.The threat actors impersonate government… Go to gbhackers.com

Windows 11 24H2/25H2 Update Breaks Mouse and Keyboard in Recovery Mode Microsoft’s latest cumulative update for Windows 11, KB5066835, is causing significant disruptions for users, most notably by rendering USB keyboards and mice useless within… Go to gbhackers.com

Authorities Shut Down Cybercrime-as-a-Service, Seize 40,000 SIM Cards Law enforcement authorities across Europe have dismantled a sophisticated cybercrime-as-a-service operation that enabled criminals to commit widespread fraud and other serious offenses across the… Go to gbhackers.com

Critical Zimbra SSRF Flaw Exposes Sensitive Data Zimbra has released an emergency security patch to address a critical Server-Side Request Forgery (SSRF) vulnerability that could allow attackers to access sensitive data… Go to gbhackers.com

Microsoft Windows 11 October Update Disrupts Localhost (127.0.0.1) Connectivity Microsoft’s October 2025 Windows 11 update has introduced an unexpected connectivity issue affecting developers and IT professionals worldwide.The security patch KB5066835, released on… Go to gbhackers.com

WatchGuard VPN Flaw Allows Remote Attackers to Execute Arbitrary Code A critical security vulnerability has been discovered in WatchGuard Firebox appliances that could allow remote attackers to execute arbitrary code without authentication.The flaw, identified… Go to gbhackers.com

Attackers Exploit Zendesk Authentication Issue to Flood Targets’ Inboxes with Corporate Notifications Cybercriminals have discovered a gap in Zendesk’s ticket submission process and are using it to bombard victims with waves of misleading support messages.When configured… Go to gbhackers.com

TikTok Videos Weaponized to Deliver Self-Compiling PowerShell Malware Attackers are exploiting TikTok’s massive reach to trick users into executing malware through seemingly innocuous videos.In one popular TikTok video (liked over 500… Go to gbhackers.com

New Tech Support Scam Exploits Microsoft Logo to Steal User Credentials Microsoft’s name and branding have long been associated with trust in computing, security, and innovation. Yet a newly uncovered campaign by the Cofense Phishing… Go to gbhackers.com

Windows GDI Vulnerability in Rust Kernel Module Enables Remote Attacks A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems.Check… Go to gbhackers.com

ConnectWise Flaws Let Attackers Deliver Malicious Software Updates ConnectWise has issued a critical security update for its Automate™ platform after uncovering vulnerabilities that could allow attackers to intercept and tamper with software… Go to gbhackers.com

Microsoft Report Warns of AI-Powered Automation in Cyberattacks and Malware Creation Cybercriminals are weaponizing artificial intelligence to accelerate malware development, discover vulnerabilities faster, and create more sophisticated phishing campaigns, according to Microsoft’s latest Digital Defense… Go to gbhackers.com

Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their… Go to gbhackers.com

Critical Samba Flaw Allows Remote Attackers to Execute Arbitrary Code A newly disclosed vulnerability in Samba’s WINS server hook script enables unauthenticated attackers to run arbitrary commands on affected domain controllers.This critical flaw, tracked… Go to gbhackers.com

Capita Fined £14 Million After Data Breach Exposes 6.6 Million Users The UK’s Information Commissioner’s Office has imposed a £14 million penalty on Capita following a major cyber attack in March 2023 that exposed the… Go to gbhackers.com

Critical Apache ActiveMQ Let Attackers Execute Arbitrary Code An important security flaw in Apache ActiveMQ’s .NET client library has put developers at risk of remote code execution.The vulnerability, tracked as CVE-2025-54539, exists… Go to gbhackers.com

Mysterious Elephant APT Breach: Hackers Infiltrate Organization to Steal Sensitive Data In a recently uncovered campaign, the Mysterious Elephant advanced persistent threat (APT) group has executed a sophisticated series of intrusions against government and foreign… Go to gbhackers.com

New Phishing Technique Targets Users via Basic Auth URLs Netcraft recently uncovered a suspicious URL targeting GMO Aozora Bank, a Japanese financial institution. The URL leveraged a legacy web technique—Basic Authentication URL formatting—to… Go to gbhackers.com

Microsoft IIS Exploit Allows Unauthenticated Attackers to Run Arbitrary Code A serious security flaw has been discovered in Microsoft’s Internet Information Services (IIS) that lets attackers run arbitrary code without logging in.The vulnerability affects… Go to gbhackers.com

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12.These flaws… Go to gbhackers.com

Chrome Use-After-Free Flaw Lets Attackers Execute Arbitrary Code Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious… Go to gbhackers.com

FortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass Authentication Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks.The vulnerability,… Go to gbhackers.com

TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency.Operating since early 2025 under multiple publisher accounts (ab-498, 498,… Go to gbhackers.com

SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP… Go to gbhackers.com

Malicious NPM Packages Used in Sophisticated Developer Cyberattack In October 2025, security researchers uncovered an unprecedented phishing campaign that weaponizes the npm ecosystem—not by infecting developers during package installation, but by abusing… Go to gbhackers.com

Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials Hackers have launched a sophisticated phishing campaign impersonating both OpenAI and the recently released Sora 2 AI service.By cloning legitimate-looking landing pages, these… Go to gbhackers.com

SimonMed Data Breach Exposes Sensitive Information of 1.2 Million Patients SimonMed Imaging has confirmed that an external hacking incident compromised the personal data of 1,275,669 patients, making it one of the largest healthcare breaches… Go to gbhackers.com

North Korean IT Workers Use VPNs and Laptop Farms to Evade Identity Verification In a sprawling network of covert remote labor, more than 10,000 North Korean IT professionals have infiltrated global technology and freelance marketplaces by exploiting… Go to gbhackers.com

North Korean Hackers Target Developers with 338 Malicious Software Packages North Korean threat actors have escalated their Contagious Interview campaign, deploying 338 malicious npm packages with over 50,000 downloads to target cryptocurrency and blockchain… Go to gbhackers.com

Microsoft Finally Resolves Persistent Windows 11 ‘Update and Shut Down’ Glitch Microsoft has successfully addressed one of Windows 11’s most frustrating issues with its latest preview builds, finally fixing the notorious “update and shut down”… Go to gbhackers.com

Happy DOM Flaw Allows Remote Code Execution Affecting 2.7 Million Users A critical security vulnerability has been discovered in Happy DOM, a popular JavaScript library used for server-side rendering and testing frameworks.The flaw, tracked as CVE-2025-61927,… Go to gbhackers.com

WhatsApp Worm Targets Users with Banking Malware, Steals Login Information Cybersecurity researchers have uncovered a sophisticated new campaign targeting WhatsApp users in Brazil with self-propagating malware designed to steal banking credentials and cryptocurrency exchange… Go to gbhackers.com

Spanish Authorities Dismantle Advanced AI Phishing Operation GoogleXcoder Spanish law enforcement recently dismantled an advanced AI-driven phishing network and arrested the mastermind developer known as “GoogleXcoder.”This operation marks a significant victory in… Go to gbhackers.com

New Stealit Malware Exploits Node.js Extensions to Target Windows Systems Security researchers have identified a new, active campaign of the Stealit malware that uses an experimental Node.js feature to infect Windows systems.According to… Go to gbhackers.com

Chaosbot Using CiscoVPN and Active Directory Passwords for Network Commands Adversaries have once again demonstrated that operational hours are irrelevant when mounting sophisticated cyberattacks.eSentire’s TRU team first observed suspicious activity within a financial… Go to gbhackers.com

SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025.Despite a patch… Go to gbhackers.com

175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads Socket’s Threat Research Team has uncovered a sprawling phishing campaign—dubbed “Beamglea”—leveraging 175 malicious npm packages that have amassed over 26,000 downloads.These packages serve… Go to gbhackers.com

LLM-Powered MalTerminal Malware Uses OpenAI GPT-4 to Create Ransomware Code LLM-enabled malware poses new challenges for detection and threat hunting as malicious logic can be generated at runtime rather than embedded in code.Our… Go to gbhackers.com

RondoDox Botnet Targets Over 50 Vulnerabilities to Compromise Routers, CCTV Systems, and Web Servers The RondoDox campaign’s “exploit shotgun” method leverages over 50 vulnerabilities across more than 30 vendors to infiltrate network devices, highlighting the urgent need for… Go to gbhackers.com

GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers.Rated CVSS 9.6, the vulnerability combined… Go to gbhackers.com

ClayRat Android Malware Masquerades as WhatsApp & Google Photos ClayRat, a rapidly evolving Android spyware campaign, has surged in activity over the past three months, with zLabs researchers observing more than 600 unique… Go to gbhackers.com

Gladinet CentreStack and Triofox 0-Day Flaw Under Active Attack Gladinet CentreStack and Triofox have come under active attack as threat actors exploit an unauthenticated local file inclusion flaw (CVE-2025-11371).The flaw lets attackers read… Go to gbhackers.com

Hackers Targeting WordPress Plugin Vulnerability to Seize Admin Access A critical authentication bypass in the Service Finder Bookings plugin has enabled unauthenticated attackers to assume administrator privileges on thousands of WordPress sites.Exploitation… Go to gbhackers.com

Hackers Enhance ClickFix Attack Using Cache Smuggling to Stealthily Download Malicious Files Cybersecurity researchers have discovered a sophisticated evolution of the ClickFix attack technique that leverages browser cache smuggling to covertly place malicious files on target… Go to gbhackers.com

PoC Released for Linux Kernel ksmbd Filesystem Vulnerability Security researcher Norbert Szetei published the final installment of his deep-dive into the ksmbd filesystem module, culminating in a working proof-of-concept exploit targeting CVE-2025-37947.Unlike… Go to gbhackers.com

GitLab Releases Security Update to Patch Multiple DoS-Enabling Vulnerabilities GitLab has issued a critical security update to address several denial-of-service (DoS) vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE).Self-managed installations should… Go to gbhackers.com

Polymorphic Python Malware That Mutates Every Time It Runs A newly spotted Python remote access trojan (RAT) on VirusTotal employs advanced polymorphic and self-modifying techniques, allowing it to alter its code signature on… Go to gbhackers.com

ASCII Smuggling Attack in Gemini Tricks AI Agents into Revealing Smuggled Data Enterprise AI assistants face a hidden menace when invisible control characters are used to smuggle malicious instructions into prompts.In September 2025, FireTail researcher Viktor Markopoulos… Go to gbhackers.com

Shuyal Stealer Malware Exploits 19 Browsers to Steal Logins Shuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware.Unlike most variants that zero in on popular platforms… Go to gbhackers.com

APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus… Go to gbhackers.com

77% of Employees Share Company Secrets on ChatGPT Compromising Enterprise Policies In an era where AI and SaaS applications underpin daily workflows, organizations face an unprecedented challenge: the invisible exfiltration of sensitive information.Traditional, file-based… Go to gbhackers.com

Hackers Exploit CSS Properties to Conceal Malicious Code in Hidden Text Salting Attacks In a sophisticated evolution of email-based attacks, adversaries have begun leveraging Cascading Style Sheets (CSS) to inject hidden “salt” — irrelevant content used to… Go to gbhackers.com

CrowdStrike Alerts on Oracle E-Business Suite 0-Day Under Mass Exploitation A novel zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited in a large-scale data exfiltration campaign, with CrowdStrike Intelligence attributing primary… Go to gbhackers.com

Hackers Exploit Legitimate Commands to Breach Databases In recent years, adversaries have abandoned traditional malware in favor of “living-off-the-land” operations against cloud and SaaS environments.Rather than deploying custom ransomware binaries,… Go to gbhackers.com

OpenSSH ProxyCommand Flaw Allows Remote Code Execution – PoC Released Security researchers have uncovered a critical flaw in OpenSSH’s ProxyCommand feature that can be leveraged to achieve remote code execution on client systems.Tracked as… Go to gbhackers.com

CISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft Windows.Known as CVE-2021-43226, this… Go to gbhackers.com

Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances The hacker collective styling itself “Scattered Lapsus$ Hunters”—an alliance echoing elements of ShinyHunters, Scattered Spider, and Lapsus$—has launched an extortionware portal to pressure victims… Go to gbhackers.com

Technical Details and Exploit Released for Chrome Remote Code Execution Flaw A remote code execution vulnerability affecting Google Chrome’s WebAssembly engine has been publicly disclosed, along with a fully functional exploit. The flaw, discovered and reported… Go to gbhackers.com

Yurei Ransomware leverages SMB shares and removable drives to Encrypt Files Targeting Windows systems, Yurei employs advanced file encryption and stealth techniques to maximize impact and minimize detection. Encrypted files are appended with the extension… Go to gbhackers.com

Hackers Exploit WordPress Sites by Silently Injecting Malicious PHP Code Cybercriminals have ramped up attacks on WordPress websites by stealthily modifying theme files to serve unauthorized third-party scripts. This campaign leverages subtle PHP injections… Go to gbhackers.com

Ransomware Gangs Exploit Remote Access Tools to Stay Hidden and Maintain Control Modern ransomware operations have evolved far beyond simple opportunistic attacks into sophisticated, multi-stage campaigns that exploit legitimate Remote Access Tools (RATs) to maintain stealth… Go to gbhackers.com

Redis Server Use-After-Free Vulnerability Allows Remote Code Execution A critical security vulnerability has been discovered in Redis Server that could allow authenticated attackers to achieve remote code execution through a use-after-free flaw… Go to gbhackers.com

New Android Spyware Targeting Users by Imitating Signal and ToTok Apps ESET researchers have uncovered two sophisticated Android spyware campaigns that target users seeking secure communication platforms by impersonating popular messaging apps Signal and ToTok…. Go to gbhackers.com

Threat Actors Pose as Government Officials to Attack Organizations with StallionRAT In a recent wave of targeted phishing campaigns, the Cavalry Werewolf cluster has escalated its operations by impersonating government officials and deploying both FoalShell… Go to gbhackers.com

DrayOS Router Flaw Allows Remote Code Execution by Attackers A critical vulnerability affecting DrayOS routers could let unauthenticated attackers execute code remotely. Discovered on July 22 by Pierre-Yves Maes of ChapsVision, the flaw stems… Go to gbhackers.com

New XWorm V6 Variant Embeds Malicious Code into Trusted Windows Applications In the constantly evolving world of cyber threats, staying informed is not just an advantage; it’s a necessity. First observed in 2022, XWorm quickly… Go to gbhackers.com

GhostSocks Malware-as-a-Service Turns Compromised Devices into Proxies for Threat Actors On October 15, 2023, a threat actor using the handle GhostSocks published a sales post on the Russian cybercrime forum xssis advertising a novel… Go to gbhackers.com

SideWinder Hacker Group Targets Users with Fake Outlook/Zimbra Portals to Steal Login Credentials The notorious SideWinder APT group has intensified its credential harvesting operations across South Asia, deploying sophisticated phishing campaigns that target government, defense, and critical… Go to gbhackers.com

Hackers Exploit Grafana Vulnerability Allowing Arbitrary File Reads Researchers at GreyNoise observed a sudden spike in attempts to exploit a well-known Grafana flaw. This vulnerability, tracked as CVE-2021-43798, allows attackers to traverse… Go to gbhackers.com

WhatsApp Exploited to Spread SORVEPOTEL Malware on Windows Systems An aggressive malware campaign dubbed SORVEPOTEL is exploiting WhatsApp messages to infiltrate Windows systems, with its epicenter in Brazil. Rather than pursuing data theft… Go to gbhackers.com