Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Mallox Ransomware Vulnerability Lets Victims Decrypt Files
Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware, a particularly active variant between 2023 and early 2024. This flaw allows victims of this specific Mallox variant to decrypt their files without paying a…
Red Hat NetworkManager Flaw Allows Hackers to Gain Root Access
A recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could allow unauthorized users to gain root access. This security flaw, publicly disclosed on August 30, 2024, and last modified on September…
Tor Browser 14.0 Released With New Android Circuit Options
Tor Browser 14.0 has been officially launched. It brings significant updates and new features to enhance user privacy and browsing experience. This release is built on Firefox ESR 128, integrating a year’s worth of updates and improvements from Firefox while…
Beware Of Callback Phishing Attacks Google Groups That Steal Login Details
Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where attackers impersonate legitimate entities and trick victims into divulging sensitive information or downloading malware. The BazarCall…
New AI Tool To Discover 0-Days At Large Scale With A Click Of A Button
Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over 10,000 stars) within hours. These vulnerabilities include Local File Inclusion (LFI), Cross-Site Scripting (XSS), Server-Side Request…
GHOSTPULSE Hides Within PNG File Pixel Structure To Evade Detections
Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script. The…
Critical Chrome Vulnerabilities Let Malicious Apps Run Shell Command on Your PC
Researchers discovered vulnerabilities in the Chromium web browser that allowed malicious extensions to escape the sandbox and execute arbitrary code on the user’s system. These vulnerabilities exploited the privileged nature of WebUI pages, which provide the user interface for Chromium’s…
IcePeony Hackers Exploiting Public Web Servers To Inject Webshells
IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally exposed a server…
Russia-Linked Hackers Attacking Governmental And Political Organizations
Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations on October 14, 2024. The campaign targeted logistics, manufacturing, government, and political entities. An attack leveraged various non-spoofed direct-path DDoS attack vectors, including well-known nuisance networks,…