Supervisory Control and Data Acquisition (SCADA) systems play a pivotal role in managing critical infrastructure across sectors like energy, manufacturing, and more. However, this digital transformation also brings with it a heightened vulnerability to cyber threats. Recent research by our…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Attackers Hide Malicious Word Files Inside PDFs to Evade Detection
A newly identified cybersecurity threat involves attackers embedding malicious Word files within PDFs to deceive detection systems. This technique, confirmed by JPCERT/CC, exploits the fact that files created using MalDoc in PDF can be opened in Microsoft Word, even though…
Sante PACS Server Flaws Allow Remote Attackers to Download Arbitrary Files
Recently, several critical vulnerabilities were discovered in Sante PACS Server version 4.1.0, leaving it susceptible to severe security breaches. These vulnerabilities, identified by CVE-2025-2263, CVE-2025-2264, CVE-2025-2265, and CVE-2025-2284, expose the server to potential attacks that can lead to unauthorized access, data breaches, and denial-of-service…
Cloudflare Introduces Cloudforce One to Detect and Analyze IoCs, IPs, and Domains
Cloudflare, a leading web infrastructure and security company, has launched the Cloudforce One threat events platform, designed to revolutionize how security professionals detect and analyze indicators of compromise (IOCs), including IP addresses, domains, and other critical metadata. The proliferation of…
US Sperm Donor Giant California Cryobank Hit by Data Breach
California Cryobank, a leading sperm donation facility based in Los Angeles, has been impacted by a significant data breach, potentially affecting both its clients and donors. The breach was reported, involving personal identifiers which could include names in combination with…
Hackers Exploit Azure App Proxy Pre-Authentication to Access Private Networks
Hackers are exploiting a vulnerability in Microsoft’s Azure App Proxy by manipulating the pre-authentication settings to gain unauthorized access to private networks. The Azure App Proxy is designed to securely publish on-premises applications to the public internet without requiring firewall…
New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware
A threat intelligence researcher from Cato CTRL, part of Cato Networks, has successfully exploited a vulnerability in three leading generative AI (GenAI) models: OpenAI’s ChatGPT, Microsoft’s Copilot, and DeepSeek. The researcher developed a novel Large Language Model (LLM) jailbreak technique,…
Hackers Exploit Cobalt Strike, SQLMap, and Other Tools to Target Web Applications
A recent cybersecurity incident has highlighted the sophisticated methods used by hackers to target web applications, particularly in South Korea. The attackers leveraged a combination of tools, including Cobalt Strike, SQLMap, dirsearch, and Web-SurvivalScan, to exploit vulnerabilities and gain unauthorized…
Severe AMI BMC Vulnerability Enables Remote Authentication Bypass by Attackers
A critical vulnerability has been discovered in AMI’s MegaRAC software, which is used in Baseboard Management Controllers (BMCs) across various server hardware. This vulnerability, identified as CVE-2024-54085, allows attackers to bypass authentication remotely, posing a significant risk to cloud infrastructure…
11 State-Sponsored Threat Actors Exploit 8-Year-Old Windows Shortcut Flaw
Cybersecurity researchers have discovered that multiple state-sponsored threat actors have been exploiting an eight-year-old vulnerability in Windows shortcut files. This security flaw, identified as ZDI-CAN-25373, allows malicious actors to embed hidden commands within .lnk files, which can execute when opened,…