Cybercriminals continue to exploit USB drives as infection vectors, with recent campaigns delivering sophisticated CoinMiner malware that establishes persistent cryptocurrency-mining operations on compromised workstations. Security researchers have documented an evolving threat that leverages social engineering and evasion techniques to avoid detection while mining Monero cryptocurrency on infected systems. In February 2025, AhnLab Security Intelligence Center […]

The post Threat Actors Distribute CoinMiner Malware through USB Drives to Infect Workstations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The MuddyWater threat group has escalated its cyber espionage operations by deploying UDPGangster, a sophisticated UDP-based backdoor designed to infiltrate Windows systems while systematically evading traditional network defenses. Recent intelligence gathered by FortiGuard Labs reveals coordinated campaigns targeting high-value victims across Turkey, Israel, and Azerbaijan, employing social engineering tactics paired with advanced anti-analysis techniques that […]

The post MuddyWater Hackers Use UDPGangster Backdoor to Bypass Network Defenses on Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend with. This newly discovered threat demonstrates the convergence of multiple attack techniques, enabling attackers to […]

The post Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Russian state-linked hackers are impersonating high-profile European security conferences to compromise cloud email and collaboration accounts at governments, think tanks, and policy organizations, according to new research from cybersecurity firm Volexity. The campaigns, active through late 2025, abuse legitimate Microsoft and Google authentication workflows and rely on painstaking social engineering to trick victims into effectively […]

The post Russian Hackers Imitate European Events in Coordinated Phishing Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Russian intelligence-linked cyber threat actors have intensified their operations against NATO research organizations, Western defense contractors, and NGOs supporting Ukraine, employing sophisticated phishing and credential harvesting techniques. The Calisto intrusion set, attributed to Russia’s FSB intelligence service, has escalated its spear-phishing campaigns throughout 2025, leveraging the ClickFix malicious code technique to target high-value entities across […]

The post Russian Calisto Hackers Target NATO Research with ClickFix Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical command injection vulnerability in Array Networks’ ArrayOS AG systems has become the focus of active exploitation campaigns, with Japanese organizations experiencing confirmed attacks since August 2025. According to alerts from JPCERT/CC, threat actors are leveraged the vulnerability to install webshells and establish persistent network access, marking a significant escalation in targeting enterprise VPN infrastructure. The […]

The post Hackers Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits sophisticated technical capabilities, advanced operations security skills, and extensive knowledge of cloud and virtual machine environments. In addition to BRICKSTORM, WARP PANDA has deployed JSP web shells […]

The post China-Nexus Hackers Target VMware vCenter Systems to Deploy Web Shells and Malware Implants appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Within hours of the public disclosure of CVE-2025-55182 on December 3, 2025, Amazon threat intelligence teams detected active exploitation attempts from multiple China-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Components carries a maximum CVSS score of 10.0 and poses an immediate threat to organizations running vulnerable versions […]

The post China-Nexus Hackers Exploiting React2Shell Vulnerability in Active Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers uncover a sophisticated Linux campaign that blends legacy botnet capabilities with modern evasion techniques. A newly discovered Linux malware campaign is demonstrating the evolving sophistication of threat actors by combining Mirai-derived distributed denial-of-service (DDoS) functionality with a stealthy, fileless cryptocurrency mining operation. According to research from Cyble Research & Intelligence Labs (CRIL), the […]

The post New Stealthy Linux Malware Merges Mirai-based DDoS Botnet with Fileless Cryptominer appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated malware campaign is leveraging a weaponized Foxit PDF Reader to target job seekers through email-based attacks, deploying ValleyRAT. This remote access trojan grants threat actors complete system control and data exfiltration capabilities. Security researchers have identified a significant uptick in this campaign, which combines social engineering, obfuscation techniques, and dynamic-link library (DLL) sideloading […]

The post Threat Actors Exploit Foxit PDF Reader to Seize System Access and Steal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In November 2025, security researchers at Raven AI identified a sophisticated zero-day phishing campaign impersonating the Income Tax Department of India, targeting enterprises across the country with a multi-stage malware chain. The attack combined authentic-looking government communications with advanced evasion techniques, delivering both a shellcode-based RAT loader and a malicious executable disguised as a GoTo […]

The post New Phishing Campaign Impersonates India’s Income Tax Department to Distribute AsyncRAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

While preparing for Pwn2Own Ireland 2025, a security researcher revisiting N-day bugs in Synology NAS has demonstrated a powerful new twist on an existing Synology BeeStation (BST150-4T) exploit chain, achieving unauthenticated root Remote Code Execution (RCE) by abusing the system task scheduler instead of more traditional PHP-based payloads. The work builds on a BeeStation chain […]

The post Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its “Predator” surveillance tool, has adapted to evade international sanctions and restrictions, establishing itself as one of the most prolific exploiters of zero-day vulnerabilities targeting mobile devices. Recent analysis from Google’s Threat […]

The post New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers are issuing urgent warnings about a rising wave of cyberattacks leveraging Evilginx, an attacker-in-the-middle phishing toolkit that intercepts login flows to steal session cookies and circumvent multi-factor authentication (MFA) protections. The threat is particularly acute within educational institutions, where attackers are demonstrating alarming success rates. Evilginx operates with surgical precision by positioning itself […]

The post Evilginx Attack Campaigns: Session Cookie Theft and MFA Bypass Tactics appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These vulnerabilities would enable attackers to completely bypass PickleScan’s malware detection mechanisms, potentially facilitating large-scale supply chain attacks by distributing malicious ML models containing undetectable code. The discoveries underscore a fundamental […]

The post PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive anti-analysis protections. Sold as malware-as-a-service (MaaS) and written in C++ for 64-bit Windows, Sryxen targets browser secrets, Discord tokens, VPNs, social accounts, and crypto wallets, then exfiltrates everything to its […]

The post Sryxen Malware Uses Headless Browser Trick to Bypass Chrome Protections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents spanning September through November 2025 where attackers exploited critical vulnerabilities to gain initial access before deploying Velociraptor for persistent remote access and lateral movement. […]

The post Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A severe remote code execution vulnerability in the Sneeit Framework WordPress plugin is under active exploitation, with attackers launching thousands of attacks within hours of public disclosure. WordPress site administrators must immediately update to version 8.4 or later to prevent complete site compromise. On June 10th, 2025, a remote code execution vulnerability was discovered in […]

The post WordPress Plugin Vulnerability Under Active Attack, Allowing Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories on December 2, 2025, addressing high-severity vulnerabilities affecting industrial control systems across multiple vendors. The advisories span video surveillance platforms, intelligent metering gateways, medical imaging software, and manufacturing control systems, collectively impacting critical infrastructure sectors worldwide, including energy, healthcare, and water systems. The most […]

The post CISA Issues Five New ICS Advisories on Emerging Vulnerabilities and Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In late November 2025, a sophisticated supply-chain attack leveraging the Visual Studio Code extension ecosystem came to light, demonstrating how threat actors are increasingly targeting developer tools to gain persistent access to high-value systems. On November 21, a malicious extension masquerading as the popular Prettier code formatter appeared briefly on the official VSCode Marketplace before […]

The post Malicious VSCode Extension Deploys Anivia Loader and OctoRAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.