A critical security vulnerability in the Samsung MagicINFO 9 Server has come under active exploit, security researchers from Arctic Wolf have warned. The flaw, tracked as CVE-2024-7399, allows unauthenticated attackers to remotely execute code and compromise digital signage infrastructure in organizations…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Threat Actor Evades SentinelOne EDR to Deploy Babuk Ransomware
Aon’s Stroz Friedberg Incident Response Services has uncovered a method used by a threat actor to bypass SentinelOne Endpoint Detection and Response (EDR) protections, ultimately deploying a variant of the notorious Babuk ransomware. SentinelOne EDR, a widely-used endpoint protection solution,…
New ClickFix Attack Imitates Ministry of Defence Website to Target Windows & Linux Systems
A newly identified cyberattack campaign has surfaced, leveraging the recognizable branding of India’s Ministry of Defence to distribute cross-platform malware targeting both Windows and Linux systems. Uncovered by threat intelligence researchers at Hunt.io, this operation employs a ClickFix-style infection chain,…
Firefox’s Future Uncertain Without Google Search Deal, Insider Warns
Mozilla’s Chief Financial Officer testified that Firefox could face extinction if Justice Department proposals targeting Google’s search dominance are fully implemented, revealing the browser’s precarious financial position amid ongoing antitrust proceedings. Mozilla Corporation CFO Eric Muhlheim delivered stark testimony Friday,…
xAI API Key Leak Exposes Proprietary Language Models on GitHub
Employee at Elon Musk’s artificial intelligence firm xAI inadvertently exposed a private API key on GitHub for over two months, granting unauthorized access to proprietary large language models (LLMs) fine-tuned on internal data from SpaceX, Tesla, and Twitter/X. Security researchers…
TikTok Hit with €530 Million Fine Over Data Transfers to China
Irish Data Protection Commission (DPC) has imposed a landmark €530 million fine on TikTok Technology Limited for illegally transferring European Economic Area (EEA) user data to China and failing to meet transparency obligations under the General Data Protection Regulation (GDPR).…
Researcher Exploits Regex Filter Flaw to Gain Remote Code Execution
Target application included a username field restricted by a frontend regex filter (/^[a-zA-Z0-9]{1,20}$/), designed to accept only alphanumeric characters. While this initially appeared robust, the researcher discovered that the backend failed to revalidate inputs after the regex check. This oversight…
Google Gemini Introduces Built-In Image Editing in App
Google has integrated advanced AI-powered image editing tools directly into its Gemini app, enabling users to manipulate both AI-generated and uploaded images through text prompts. The update, which began rolling out globally on May 5, 2025, introduces multi-step editing workflows,…
New GPOHound Tool Analyzes Active Directory GPOs for Escalation Risks
Security researchers have released GPOHound, a powerful open-source tool designed to analyze Group Policy Objects (GPOs) in Active Directory environments for misconfigurations and privilege escalation risks. Developed by cybersecurity firm Cogiceo, the tool automates the detection of insecure settings like exposed…
Signal App Used by Trump Associate Targeted in Security Breach
A major security scare has erupted in Washington after reports emerged that a Trump associate was using an unofficial version of the secure messaging platform Signal-an application that was subsequently targeted in a data breach, according to a Sunday report…