The SafePay ransomware organization has quickly become a powerful operator since its initial detection in September 2024, marking a startling increase in the cyber threat scenario. Unlike predominant ransomware-as-a-service (RaaS) models that rely on affiliates for dissemination and profit-sharing, SafePay…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Qilin Ransomware Sees Surge After Collapse of Dominant RansomHub RaaS
The ransomware landscape underwent significant disruption, marked by the abrupt cessation of operations from several prominent Ransomware-as-a-Service (RaaS) groups, including RansomHub, Babuk-Bjorka, FunkSec, BianLian, 8Base, Cactus, Hunters International, and LockBit. This wave of disappearances has fragmented the ecosystem, diminishing the…
LockBit Operators Use Stealthy DLL Sideloading to Mask Malicious App as Legitimate One
Operators of LockBit ransomware have improved their tactics, methods, and procedures (TTPs) to avoid detection and increase damage in the always changing world of cyberthreats. By exploiting DLL sideloading and masquerading, these attackers disguise malicious activities within legitimate system processes,…
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers
Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sonatype…
Storm-2603 Deploys Custom Malware Using BYOVD to Bypass Endpoint Protections
Check Point Research (CPR) has delved into the operations of Storm-2603, a recently identified threat actor linked to Chinese advanced persistent threat (APT) groups, amid widespread exploitation of Microsoft SharePoint Server vulnerabilities known as “ToolShell.” This campaign exploits four critical…
Chinese Threat Actors Hack 11,000 Android Devices to Deploy PlayPraetor Malware
Chinese-speaking threat actors have used the PlayPraetor Remote Access Trojan (RAT) to infiltrate more than 11,000 Android devices globally in a sophisticated Malware-as-a-Service (MaaS) operation. This allows for on-device fraud (ODF) by controlling the device in real time. First investigated…
Hackers Exploit Microsoft 365’s Direct Send Feature for Internal Phishing Attacks
Threat actors are leveraging Microsoft 365’s Direct Send feature to launch sophisticated phishing campaigns that mimic internal organizational emails, eroding trust and heightening the success rate of social engineering exploits. This feature, designed for unauthenticated relaying of messages from devices…
Blizzard Group’s ApolloShadow Malware Installs Root Certificates to Trust Malicious Sites
Microsoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-the-middle (AiTM) technique to deploy the custom ApolloShadow malware. This…
Illumina Fined $9.8M for Cybersecurity Flaws in Genomic Tools Sold to U.S. Agencies
Illumina Inc., a leading genomic sequencing company, has agreed to pay $9.8 million to settle federal allegations that it knowingly sold cybersecurity-vulnerable genomic sequencing systems to government agencies while misrepresenting their security standards. The settlement resolves claims spanning over seven…
Microsoft Teams Adds Silent 60-Second Test Call Feature for IT Admins
Microsoft has announced a significant new feature for IT administrators that will enhance network monitoring capabilities within Microsoft Teams. Starting September 2025, administrators will gain access to silent, 60-second test call functionality designed to proactively monitor network performance and identify…