Security researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users: a phishing-as-a-service toolkit dubbed “SessionShark O365 2FA/MFA.” Promoted through cybercriminal marketplaces, SessionShark is designed to bypass Microsoft’s multi-factor authentication (MFA) protections—an alarming escalation in the ongoing…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
159 CVEs Exploited in the Wild in Q1 2025, 8.3% Targeted Within 1-Day Vulnerabilities Exploited
VulnCheck’s latest report for Q1 2025 has identified 159 Common Vulnerabilities and Exposures (CVEs) publicly disclosed as exploited in the wild for the first time. Alarmingly, 28.3% of these Known Exploited Vulnerabilities (KEVs) saw evidence of exploitation within just one…
New Report Reveals How AI is Rapidly Enhancing Phishing Attack Precision
The Zscaler ThreatLabz 2025 Phishing Report unveils the alarming sophistication of modern phishing attacks, driven by generative AI (GenAI). By examining over 2 billion blocked phishing transactions on the Zscaler Zero Trust Exchange™ cloud security platform from January to December…
FBI Offers $10 Million Reward for information on Salt Typhoon Hackers
The Federal Bureau of Investigation (FBI), in partnership with the U.S. Department of State, has announced a reward of up to $10 million for information leading to the identification or location of individuals connected to the recent “Salt Typhoon” cyberattacks.…
Hackers Claim TikTok Breach, Leak Over 900,000 Usernames and Passwords
A hacker collective known as R00TK1T claims to have breached TikTok’s user database, allegedly leaking login information for over 900,000 users. The group, which has previously made waves in the hacking community with bold claims—often with little substantiated evidence—has taken…
Spring Security Vulnerability Exposes Valid Usernames to Attackers
A newly identified security vulnerability, CVE-2025-22234, has exposed a critical weakness in the widely-used Spring Security framework. According to the HeroDevs report, affecting several versions of the spring-security-crypto package, this flaw makes it possible for attackers to discern valid usernames…
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations
Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal…
Microsoft’s Patch for Symlink Vulnerability Introduces New Windows Denial-of-Service Flaw
Microsoft’s recent attempt to resolve a critical privilege escalation vulnerability has inadvertently introduced a new denial-of-service (DoS) flaw in Windows systems, leaving organizations vulnerable to update failures and potential security risks. In early April 2025, Microsoft addressed CVE-2025-21204, a security flaw…
SAP NetWeaver 0-Day Vulnerability Enables Webshell Deployment
Cybersecurity analysts have issued a high-priority warning after several incidents revealed active exploitation of SAP NetWeaver, the widely deployed enterprise integration platform. Attackers have leveraged an unreported 0-day vulnerability to deploy web shells, which give them remote command execution capabilities…
U.S. Secret Service Reveals Ways to Identify Credit Card Skimmers
With credit card skimming crimes escalating nationwide, the U.S. Secret Service’s Washington Field Office is sharing essential tips for the public to protect themselves from this growing threat, shared by Officials in LinkedIn post. According to the agency, credit card…