In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a colleague unearthed a major security vulnerability in Subaru’s STARLINK connected vehicle service. The flaw allowed unauthorized, unrestricted access to vehicles and customer accounts across the United…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights
A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a grave vulnerability, potentially allowing attackers to control air conditioning, lighting, and other room functions remotely. The investigation, highlighted by security researchers at LAC Co., Ltd., reveals…
Android Kisok Tablets Vulnerability Let Attackers Control AC & Lights
A startling security flaw found in Android-based kiosk tablets at luxury hotels has exposed a grave vulnerability, potentially allowing attackers to control air conditioning, lighting, and other room functions remotely. The investigation, highlighted by security researchers at LAC Co., Ltd.,…
CISA Releases Six ICS Advisories Details Security Issues
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS) advisories addressing vulnerabilities in a range of critical systems. These advisories aim to inform organizations about risks that could lead to unauthorized access, system compromise, or…
PayPal Fined $2 Million Fine For Violating Cybersecurity Regulations
The New York State Department of Financial Services (NYDFS) has imposed a $2 million penalty on PayPal, Inc. for breaches of the state’s stringent cybersecurity regulations. The fine marks a significant move in ensuring accountability for financial institutions handling sensitive…
KEYPLUG Infrastructure Exposed: Server Configurations and TLS Certificates Revealed
In a recent technical investigation, researchers uncovered critical insights into the infrastructure linked to a suspected Chinese state-backed cyber actor referred to as “RedGolf.” The group, also known as APT41, BARIUM, or Earth Baku, gained attention following a report by…
Beware of Fake Captcha Verifications Spreading Lumma Malware
In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA pages to deliver the Lumma Stealer malware. Lumma, a malware-as-a-service (MaaS) tool that has been active since at least 2022, is designed to steal sensitive information…
Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor
A sophisticated cyber campaign dubbed “J-magic” has been discovered targeting enterprise-grade Juniper routers with a backdoor attack that leverages a passive monitoring agent. The operation, first detected in September 2023, employs a variant of the cd00r backdoor that continuously scans…
Salt Typhoon Hacked Nine U.S. Telecoms, Tactics and Techniques Revealed
Salt Typhoon, a state-sponsored Advanced Persistent Threat (APT) group linked to the People’s Republic of China (PRC), has executed one of the most sophisticated cyber-espionage campaigns in recent history. The group targeted at least nine U.S.-based telecommunications companies throughout 2024,…
HellCat and Morpheus Ransomware Share Identical Payloads for Attacks
The cybersecurity landscape witnessed a surge in ransomware activity during the latter half of 2024 and into early 2025, with the emergence of operations like HellCat and Morpheus. Alongside their rise, notable groups such as FunkSec, Nitrogen, and Termite gained…