Aggregator

The Contagious Interview campaign conducted by the Lazarus Group continues to expand its capabilities. We have observed an exponential evolution in the delivery mechanisms for the campaign’s main payloads: BeaverTail, InvisibleFerret, and OtterCookie. In this article, we will discuss the innovations related to the delivery techniques used by the group and demonstrate the preservation of […]

The post Lazarus Group Enhances Malware with New OtterCookie Payload Delivery Technique appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Dropbox has announced the discontinuation of its Passwords service, giving users until October 28, 2025, to export their stored credentials before the feature is permanently shut down. The cloud storage company is phasing out the password management tool as part of its strategic focus on enhancing core product features, recommending users migrate to alternative password […]

The post Dropbox Passwords Service Ending: Export Your Vault Before Oct 28, 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

Today, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and assistance during the containment and eviction phases of incident response. This tool includes:

• Cyber Eviction Strategies Playbook Next Generation (Playbook-NG): A web-based application for next-generation operations.
• COUN7ER: A database of atomic post-compromise countermeasures users can execute based on adversary tactics, techniques, and procedures.

Together, Playbook-NG and COUN7ER create a systematic, tailored eviction plan that leverages distinct countermeasures to effectively contain and evict adversarial intrusions.

The Eviction Strategies Tool directly addresses a critical gap: the need for a clear understanding of the necessary actions to properly contain and evict adversaries from networks and devices.

CISA encourages cyber defenders to use the Eviction Strategies Tool available on the CISA Eviction Strategies Tool webpage or download it directly from GitHub at https://github.com/cisagov/playbook-ng. Check out our fact sheet for more information: Eviction Strategies Tool | CISA.

Please share your thoughts through our anonymous survey. We appreciate your feedback.

A critical security vulnerability has been discovered in the popular “Alone” WordPress theme that allows unauthenticated attackers to execute arbitrary code remotely and potentially take complete control of affected websites. The vulnerability, tracked as CVE-2025-5394, affects the charity and non-profit theme which has been sold over 9,000 times on ThemeForest. Vulnerability Details and Timeline The […]

The post WordPress Theme Security Vulnerability Enables to Execute Arbitrary Code Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity landscape has witnessed a significant surge in information-stealing malware, with Lumma emerging as one of the most prevalent and sophisticated threats targeting Windows systems globally. This C++-based information stealer has rapidly gained traction in underground markets, establishing itself as a formidable malware-as-a-service (MaaS) operation that has infected hundreds of thousands of computers worldwide. […]

The post Lumma Password Stealer Attack Infection Chain and Its Escalation Tactics Uncovered appeared first on Cyber Security News.

A significant security vulnerability has been discovered in BeyondTrust’s Privilege Management for Windows solution, allowing local authenticated attackers to escalate their privileges to the administrator level.  The flaw, designated as CVE-2025-2297 with a CVSSv4 score of 7.2, affects all versions before 25.4.270.0 and has been classified as high severity.  The vulnerability stems from improper handling […]

The post BeyondTrust Privilege Management for Windows Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

BeyondTrust has disclosed a critical privilege escalation vulnerability in its Privilege Management for Windows solution that could allow local authenticated attackers to gain administrator-level access to compromised systems. The security flaw, tracked as CVE-2025-2297, affects versions before 25.4.270.0 and carries a CVSSv4 score of 7.2, classified as high severity. Vulnerability Details and Impact The vulnerability stems […]

The post BeyondTrust Privilege Management Flaw Lets Hackers Escalate System Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.