In a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a Managed Service Provider (MSP) by mimicking the login page of ScreenConnect, a popular Remote Monitoring and Management (RMM) tool. The attack, which occurred in January…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems
Hunters International, a ransomware group suspected to be a rebrand of the infamous Hive ransomware, has been linked to widespread attacks targeting Windows, Linux, FreeBSD, SunOS, and ESXi systems. Emerging in October 2023, the group has gained notoriety for its…
UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers
In a concerning development, CERT-UA, Ukraine’s Computer Emergency Response Team, has reported a series of cyberattacks attributed to the hacker group identified as UAC-0219. These attacks, which have been ongoing since the fall of 2024, utilize an advanced PowerShell-based malware…
New Phishing Campaign Targets Investors to Steal Login Credentials
Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券), a prominent online securities company in Japan formed through the merger of Monex, Inc. and Nikko Beans, Inc. The company provides individual investors with a range…
SonicWall Firewall Vulnerability Enables Unauthorized Access
Researchers from Bishop Fox have successfully exploited CVE-2024-53704, an authentication bypass vulnerability that affects SonicWall firewalls. This critical flaw allows remote attackers to hijack active SSL VPN sessions, enabling unauthorized network access without requiring user credentials. If left unpatched, the vulnerability…
DarkCloud Stealer Uses Weaponized .TAR Archives to Target Organizations and Steal Passwords
A recent cyberattack campaign leveraging the DarkCloud stealer has been identified, targeting Spanish companies and local offices of international organizations across various industries. The attackers are spoofing a legitimate Spanish company specializing in mountain and skiing equipment to deliver malicious…
New Trinda Malware Targets Android Devices by Replacing Phone Numbers During Calls
Kaspersky Lab has uncovered a new version of the Triada Trojan, a sophisticated malware targeting Android devices. This variant has been found pre-installed in the firmware of counterfeit smartphones mimicking popular models, often sold at discounted prices through unauthorized online…
Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS
Cisco has disclosed a significant vulnerability in its AnyConnect VPN Server for Meraki MX and Z Series devices, allowing authenticated attackers to trigger denial-of-service (DoS) conditions. The flaw (CVE-2025-20212) stems from an uninitialized variable during SSL VPN session establishment and affects over 20 hardware…
Hackers Exploit Apache Tomcat Flaw to Hijack Servers and Steal SSH Credentials
A newly discovered attack campaign has exposed vulnerabilities in Apache Tomcat servers, allowing hackers to hijack resources and steal SSH credentials. Researchers from Aqua Nautilus revealed that these attacks, which weaponized botnets within 30 hours of discovery, employ encrypted payloads…
New Web Skimming Attack Exploits Legacy Stripe API to Validate Stolen Card Data
A sophisticated web-skimming campaign has been discovered, leveraging a deprecated Stripe API to validate stolen credit card data before exfiltration. This novel strategy ensures that only valid and usable card details are exfiltrated, making the operation highly efficient and harder…