GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store. On December 25th, 2024, a malicious version of Cyberhaven’s browser extension was published on the Chrome Store that […]

The post SquareX Researchers Uncover OAuth Vulnerability in Chrome Extensions Days Before Major Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an NSA employee. The disclosure, made on X (formerly Twitter), reveals a severe security flaw that could have far-reaching implications for both individual users and organizations globally. GBHackers recently reported a severe security vulnerability […]

The post New 7-Zip 0-Day Exploit Allegedly Leaked Online Via ‘X’ appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have warned that a Proof-of-Concept (PoC) exploit has been publicly released for a critical vulnerability affecting Oracle WebLogic Server. The flaw tracked as CVE-2024-21182, poses a significant risk to organizations using the server, as it allows an unauthenticated attacker with network access to compromise the targeted system. The vulnerability impacts Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, […]

The post PoC Exploited Released for Oracle Weblogic Server Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has issued a warning about a significant issue impacting devices running Windows 11, version 24H2, that could block essential Windows Security updates. The problem arises when users install this version of the operating system using media—such as CDs or USB drives—containing either the October 2024 or November 2024 security updates. If affected, devices may […]

The post Microsoft Warns of Windows 11 24H2 Issue that Blocks Windows Security Updates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A significant post-authentication vulnerability affecting Four-Faith industrial routers has been actively exploited in the wild. Assigned as CVE-2024-12856, this flaw allows attackers to execute unauthenticated remote command injections by leveraging the routers’ default credentials. Details of the Exploitation The vulnerability impacts at least two Four-Faith router models—F3x24 and F3x36. It involves leveraging the /apply.cgi endpoint over HTTP by […]

The post Four-Faith Industrial Routers Vulnerability Exploited in the Wild to Gain Remote Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised EXE installer, as analysis revealed a parent-child relationship between these samples, all of which communicated with the same C2 server. The Lumma Stealer Trojan, observed in the provided sample, employs advanced techniques to exfiltrate sensitive data from popular browsers and […]

The post Lumma Stealer Attacking Users To Steal Login Credentials From Browsers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack targeting various organizations, unlike typical nation-sponsored attacks.  While primarily associated with BeaverTail and InvisibleFerret malware, SOCs have recently observed OtterCookie deployed within this campaign.  OtterCookie exhibits distinct behavior from its predecessors, demonstrating the campaign’s evolution and expanding threat landscape, which […]

The post New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in the cybersecurity community. This notorious Remote Access Trojan (RAT), also known as Bladabindi, has long been a tool of choice for cybercriminals due to its extensive capabilities and ease of use. The availability of its latest version on an open-source […]

The post NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto Networks’ PAN-OS software. This flaw allows unauthenticated attackers to exploit firewalls through specially crafted packets, causing denial-of-service (DoS) conditions. The issue has been actively exploited, prompting urgent mitigation measures. Details of the Vulnerability The vulnerability stems from improper handling of […]

The post Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat Analysts have reported alarming findings about the “Araneida Scanner,” a malicious tool allegedly based on a cracked version of Acunetix, a renowned web application vulnerability scanner. The tool has been linked to illegal activities, including offensive reconnaissance, scraping user data, and identifying vulnerabilities for exploitation. The “Araneida Scanner” is being sold on platforms like […]

The post Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves the systematic collection and exploitation of genuine identity documents and images.  Attackers utilize these resources to develop and sell techniques for bypassing identity verification systems, presenting a significant database and evolving threats to businesses and individuals alike.  Researchers have identified […]

The post A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Adobe has issued a critical security update for ColdFusion versions 2023 and 2021 to address a major vulnerability that could lead to an arbitrary file system read. The identified vulnerability, CVE-2024-53961, has a known proof-of-concept exploit, making the updates crucial for users. This release underscores Adobe’s commitment to ensuring the security and integrity of its […]

The post Adobe Warns of ColdFusion Vulnerability Allows Attackers Read arbitrary files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, were recently detected by Fortinet’s AI-driven OSS malware detection system. These packages, spotted on November 16 and November 24, 2024, respectively, represent significant threats to users by leveraging advanced malware techniques. These findings underscore the critical importance of robust cybersecurity measures to protect against such sophisticated threats. Malicious […]

The post Beware of New Malicious PyPI packages That Steals Login Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A Brazilian man, Junior Barros De Oliveira, has been charged with multiple counts of cybercrime and extortion for hacking into the computer systems of a Brazilian subsidiary of a New Jersey-based company and attempting to extort millions in Bitcoin. The indictment, unsealed in Newark federal court on December 23, 2024, accuses De Oliveira of accessing […]

The post Brazilian Hacker Arrested Hacking Computers & Selling Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

McDonald’s India (West & South) / Hardcastle Restaurants Pvt. Ltd. operates a custom McDelivery web app for ordering McDonald’s food for delivery, dine-in, and takeout.  The app is popular, with over 10 million downloads on Google Play and #16 in Food & Drink on the Apple App Store and offers various options to choose from […]

The post McDonald’s Delivery App Bug Let Customers Orders For Just $0.01 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cryptocurrency hacking incidents in 2024 surged 21.07% YoY to $2.2 billion, with 303 breaches reported, which marks the fifth year exceeding $1 billion in stolen funds, demonstrating a concerning correlation between crypto market growth and the scale of cyberattacks.  Crypto hacking activity experienced a significant surge in the first half of 2024, reaching $1.58 billion […]

The post North Korean Hackers Stolen $2.2 Billion From Crypto Platforms In 2024 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian government’s Regional Financial Management Information System (Sistem Informasi Pengelolaan Keuangan Daerah, or SIPKD). This system is operated by the Badan Pendapatan, Pengelolaan Keuangan, dan Aset Daerah (BPPKAD), which translates to the Regional Revenue, Finance, and Asset Management Agency of Blora […]

The post Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system that could potentially lead to denial-of-service (DoS) attacks. The affected kernel extensions—perfstat and TCP/IPmpresent risks to systems running on AIX 7.2, AIX 7.3, VIOS 3.1, and VIOS 4.1. The vulnerabilities are tracked under CVE-2024-47102 and CVE-2024-52906, each with a Common […]

The post IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache HugeGraph-Server. The flaw, identified as CVE-2024-43441, could potentially allow authentication bypass due to an issue with assumed-immutable data in JWT tokens. The vulnerability impacts versions 1.0 to 1.3 of Apache HugeGraph-Server, prior to the release of version 1.5.0. Users running […]

The post Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage targeting Chinese technology companies and research institutions. These attacks, suspected to be orchestrated by U.S. intelligence agencies, aimed to steal sensitive commercial secrets and intellectual property, raising alarm over the growing sophistication of cyber threats. Targeting Advanced Material Design Companies […]

The post USA Launched Cyber Attack on Chinese Technology Firms appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.