In an age where digital footprints can be traced with just a few clicks, surveillance technology has become a double-edged sword. While it can enhance security and improve services, it also poses significant privacy concerns. One of the most formidable…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Critical BIOS/UEFI Vulnerabilities Allow Attackers To Overwrite System Firmware
Researchers discovered critical BIOS/UEFI vulnerabilities in the Illumina iSeq 100 DNA sequencer, where the device utilizes an outdated firmware implementation with CSM mode lacking essential security features like Secure Boot and firmware write protections. The vulnerability window allows attackers to…
PHP Servers Vulnerability Exploited To Inject PacketCrypt Cryptocurrency Miner
Researchers observed a URL attempts to exploit a server-side vulnerability by executing multiple commands through PHP’s system() function. It downloads a malicious executable from a remote server, executes it locally, and attempts to download the same executable using wget while…
Oracle WebLogic Vulneraiblity Actively Exploited in Cyber Attacks – CISA
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of critical vulnerabilities in various software, particularly spotlighting an unspecified vulnerability in Oracle WebLogic Server. This announcement comes as part of CISA’s efforts to enhance…
Casio Hacked – Servers Compromised by a Ransomware Attack
Casio Computer Co., Ltd. has confirmed a significant cybersecurity breach after its servers were targeted in a sophisticated ransomware attack. The incident, which occurred on October 5, prompted an immediate forensic investigation involving external security specialists. Casio deeply regrets any…
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data
Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways, such as Stripe, on compromised or fraudulent WordPress websites. By seamlessly integrating with Telegram, PhishWP facilitates…
Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages
Over the past year, malicious actors have been abusing OAST services for data exfiltration, C2 channel establishment, and multi-stage attacks by leveraging compromised JavaScript, Python, and Ruby packages. OAST tools, initially designed for ethical researchers to perform network interactions, can…
New FireScam Android Malware Abusing Firebase Services To Evade Detection
FireScam is multi-stage malware disguised as a fake “Telegram Premium” app that steals data and maintains persistence on compromised devices and leverages phishing websites to distribute its payload and infiltrate Android devices. It is Android malware disguised as a fake…
EAGERBEE Malware Updated It’s Arsenal With Payloads & Command Shells
The Kaspersky researchers investigation into the EAGERBEE backdoor revealed its deployment within Middle Eastern ISPs and government entities of novel components, including a service injector that injects the backdoor into running services. Post-installation, EAGERBEE deploys plugins with diverse functionalities as…
Hackers Mimic Social Security Administration To Deliver ConnectWise RAT
A phishing campaign spoofing the United States Social Security Administration emerged in September 2024, delivering emails with embedded links to a ConnectWise Remote Access Trojan (RAT) installer. These emails, disguised as updated benefits statements, employed various techniques, including mismatched links…