Hexagon ETQ’s Java-based quality management system, ETQ Reliance, has several serious flaws, according to a new security research revelation by Assetnote. The software, which facilitates document and form management with integrations like Microsoft Word macros and Jython scripting, has been…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Threat Actors Target Linux SSH Servers to Deploy SVF Botnet
AhnLab Security Intelligence Center (ASEC) has been actively tracking cyber threats exploiting vulnerable Linux servers through strategically deployed honeypots, with SSH services using weak credentials emerging as a prime target for distributed denial-of-service (DDoS) and cryptocurrency mining actors. In a…
ClickFake Interview Attack Leverages ClickFix Technique to Deploy GolangGhost Malware
Cybersecurity researchers have provided insight into a persistent threat cluster linked to the well-known North Korean state-sponsored hacker outfit Lazarus, according to a comprehensive analysis published in March by Sekoia’s Threat Detection and Response (TDR) team. Dubbed “ClickFake Interview,” this…
New Web3 Phishing Scam Uses Fake AI Platforms to Steal Credentials
The threat actor group LARVA-208, notorious for phishing attacks and social engineering against English-speaking IT staff, has pivoted to targeting Web3 developers. Employing spearphishing links (T1566.002), the group lures victims with fabricated job offers or portfolio review requests, directing them…
UK Bans Public Sector from Paying Ransomware Gangs
The UK government has announced a comprehensive ban preventing public sector organizations from paying ransom demands to cybercriminals, marking a significant escalation in the fight against ransomware attacks that cost the British economy millions of pounds annually. The new measures…
Cisco Alerts on ISE RCE Vulnerability Actively Exploited
Cisco has issued an urgent security advisory warning that a set of critical remote code execution (RCE) vulnerabilities affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) products are being actively exploited in the wild. The flaws, tracked…
New Scanner Launched to Detect CVE-2025-53770 in SharePoint Servers
A cybersecurity researcher has released a new open-source scanner designed to detect a critical vulnerability affecting Microsoft SharePoint servers, providing organizations with a crucial tool to assess their security posture against the recently disclosed CVE-2025-53770 flaw. Rapid Response to Critical…
New DCHSpy Android Malware Targets WhatsApp, Call Logs, Audio, and Photos
Security researchers at Lookout have identified four novel samples of DCHSpy, an advanced Android surveillanceware attributed to the Iranian threat actor group MuddyWater, believed to be affiliated with Iran’s Ministry of Intelligence and Security (MOIS). These samples emerged approximately one…
Apache Jena Vulnerability Allows Arbitrary File Access
Critical security vulnerabilities in Apache Jena have been disclosed that enable administrators to access and create files outside designated server directories, potentially compromising system security. Two distinct CVEs were published on July 21, 2025, affecting all versions of Apache Jena…
Hackers Selling macOS 0-Day LPE Exploit on Dark Forums
A threat actor claiming to possess a zero-day Local Privilege Escalation (LPE) exploit targeting Apple’s macOS operating system has emerged on underground cybercriminal forums, offering the vulnerability for sale at a substantial price point. The alleged exploit, if genuine, represents…