YubiKey Manager GUI on Windows before version 1.2.6 has a vulnerability that could allow an attacker to escalate privileges. Due to a limitation in Windows, it requires administrator privileges to interact with FIDO authenticators. An attacker can exploit this by…
Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Oxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi Passwords
Cybersecurity experts have identified a new threat lurking in the shadows of the dark web, a Remote Access Trojan (RAT) known as Oxycorat. This malicious software is specifically designed to infiltrate Android devices. Cybercriminals looking for a comprehensive toolkit to…
Hackers Hijack Facebook Pages to Mimic AI Brands & Inject Malware
Hackers have been found hijacking Facebook pages to impersonate popular AI brands, thereby injecting malware into the devices of unsuspecting users. This revelation comes from a detailed investigation by Bitdefender Labs, which has been closely monitoring these malicious campaigns since…
Critical Progress Flowmon Vulnerability Let Attackers Inject Malicious Code
A new critical vulnerability has been discovered in Progress Flowmon, assigned with CVE-2024-2389. Progress Flowmon is a Cloud Application Performance monitoring solution that can help analyze network and application traffic. Moreover, it can also be used for several purposes, such…
Multiple Ivanti Connect Secure Flaw Let Attackers Execute Remote Code
Four new vulnerabilities have been discovered in the Ivanti Connect Secure and Policy Secure Gateways. These vulnerabilities were associated with Heap overflow, null pointer dereference, and XML entity Expansion. These vulnerabilities have been assigned with CVEs CVE-2024-21894, CVE-2024-22052, CVE-2024-22053, and…
Winnti Hackers’ New UNAPIMON Tool Hijacks DLL And Unhook API Calls
Hackers commonly employ dynamic-link library (DLL) hijacking and unhooking of APIs to damage security measures and authorize harmful activities on breached systems. In this regard, DLL hijacking permits them to load malicious code by utilizing flaws in the way applications…
Bing Ads Exploited by Hackers to Spread SecTopRAT Through NordVPN Mimic
Hackers have been exploiting Microsoft Bing’s advertising platform to launch a malvertising campaign that impersonates the reputable VPN service NordVPN. This sophisticated scheme aims to trick users into downloading a Remote Access Trojan (RAT) known as SecTopRAT, which poses security…
AI Package Hallucination – Hackers Abusing ChatGPT, Gemini to Spread Malware
The research investigates the persistence and scale of AI package hallucination, a technique where LLMs recommend non-existent malicious packages. The Langchain framework has allowed for the expansion of previous findings by testing a more comprehensive range of questions, programming languages…
Feds Patching Years-Old SS7 Vulnerability in Phone Networks
The FCC’s Public Safety and Homeland Security Bureau is seeking input on how communication service providers are securing SS7 and Diameter protocols to prevent location-tracking vulnerabilities. The protocols are crucial for call routing, network interconnection, and data exchange in mobile…
AT&T To Face Lawsuit Following Breach Impacting 73 Million Customers
AT&T, a leading American telecommunications company, is facing a wave of lawsuits following a data breach that exposed the sensitive information of 73 million customers. The breach, confirmed by AT&T on March 30, 2024, included full name, email address, mailing…