Dell Technologies has acknowledged a significant security incident involving its Customer Solution Centers platform, with the World Leaks extortion group successfully infiltrating the isolated demonstration environment used for showcasing products to commercial clients. The breach, which occurred earlier this month,…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
ExpressVPN Windows Client Flaw Could Expose User Information
ExpressVPN disclosed a vulnerability in its Windows desktop client that, under specific circumstances, could have permitted the leakage of user connection details. The flaw was discovered by security researcher Adam-X through ExpressVPN’s bug bounty program and pertains to Remote Desktop…
UNG0002 Deploys Weaponized LNK Files with Cobalt Strike and Metasploit to Target Organizations
Seqrite Labs APT-Team has uncovered a persistent threat entity, UNG0002 (Unknown Group 0002), orchestrating espionage-driven operations across Asian jurisdictions, including China, Hong Kong, and Pakistan. Active since at least May 2024, this South-East Asia-based cluster has demonstrated a high degree…
DeerStealer Malware Spread Through Weaponized .LNK and LOLBin Tools
A new wave of cyber-attacks has emerged, exploiting Windows shortcut files (.LNK) combined with legitimate system utilities collectively known as Living-off-the-Land Binaries and Scripts (LOLBin/S) to deliver the DeerStealer infostealer through highly obfuscated multi-stage chains. Recent campaigns begin with phishing…
Beware of npm Phishing Emails Targeting Developer Credentials
An developer recently came across a highly advanced phishing email that spoofs the support@npmjs.org address in order to impersonate npm, the Node.js package registry. The email directed recipients to a malicious link on npnjs.com, a domain cleverly typosquatted to mimic…
Threat Actors Compromise Popular npm Packages to Steal Maintainers’ Tokens
Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used JavaScript tooling libraries. The campaign, first reported on July 18, 2025, utilizes a typosquatted domain, npnjs.com, to mimic legitimate npm communications and…
APT41 Hackers Exploiting Atexec and WmiExec Windows Modules for Malware Deployment
Kaspersky MDR analysts recently uncovered a sophisticated targeted attack by the Chinese-speaking cyberespionage group APT41 against government IT services in the African region, marking a notable escalation in the group’s activity on the continent, which had previously seen minimal incidents…
Cybercriminals Use Zoho WorkDrive Folders to Spread Obfuscated PureRAT Malware
A targeted attack against a U.S.-based certified public accounting firm was discovered in May 2025 by cybersecurity experts, according to a recent study described in eSentire’s Threat Response Unit (TRU) Positives report. The campaign leveraged a novel crypter named “Ghost…
Attackers Can Exploit Lighthouse Studio RCE Bug to Gain Server Access
Researchers at Assetnote have uncovered a critical remote code execution (RCE) vulnerability in Lighthouse Studio, a widely used survey software developed by Sawtooth Software. This flaw, affecting the Perl CGI scripts that power the web-based survey component, enables unauthenticated attackers…
KAWA4096 Ransomware Employs WMI Techniques to Delete Backup Snapshots
Trustwave SpiderLabs has played a crucial role in monitoring new ransomware variants in the incredibly unstable ransomware threat landscape of 2025, where dozens of new groups have emerged and caused extensive disruptions across multiple sectors. Among these, the KAWA4096 ransomware…