A significant security breach within the Qilin ransomware operation has provided unprecedented insight into the group’s affiliate network structure and operational methods. On July 31, 2025, internal conflicts between the ransomware group and one of its affiliates led to the…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
New Undetectable Plague Malware Targeting Linux Servers for Persistent SSH Access
Security researchers have discovered a sophisticated Linux backdoor dubbed “Plague” that has remained undetected by all major antivirus engines despite multiple samples being uploaded to VirusTotal over the past year. The malicious software operates as a Pluggable Authentication Module (PAM),…
Akira Ransomware Exploits 0-Day Vulnerability in SonicWall Firewall Devices
Cybersecurity firm Arctic Wolf has identified a significant increase in ransomware attacks targeting SonicWall firewall devices in late July 2025, with evidence pointing to the exploitation of a previously unknown zero-day vulnerability. The company’s investigation revealed multiple coordinated attacks using…
SafePay Ransomware Strikes 260+ Victims Across Multiple Countries
The SafePay ransomware organization has quickly become a powerful operator since its initial detection in September 2024, marking a startling increase in the cyber threat scenario. Unlike predominant ransomware-as-a-service (RaaS) models that rely on affiliates for dissemination and profit-sharing, SafePay…
Qilin Ransomware Sees Surge After Collapse of Dominant RansomHub RaaS
The ransomware landscape underwent significant disruption, marked by the abrupt cessation of operations from several prominent Ransomware-as-a-Service (RaaS) groups, including RansomHub, Babuk-Bjorka, FunkSec, BianLian, 8Base, Cactus, Hunters International, and LockBit. This wave of disappearances has fragmented the ecosystem, diminishing the…
LockBit Operators Use Stealthy DLL Sideloading to Mask Malicious App as Legitimate One
Operators of LockBit ransomware have improved their tactics, methods, and procedures (TTPs) to avoid detection and increase damage in the always changing world of cyberthreats. By exploiting DLL sideloading and masquerading, these attackers disguise malicious activities within legitimate system processes,…
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers
Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sonatype…
Storm-2603 Deploys Custom Malware Using BYOVD to Bypass Endpoint Protections
Check Point Research (CPR) has delved into the operations of Storm-2603, a recently identified threat actor linked to Chinese advanced persistent threat (APT) groups, amid widespread exploitation of Microsoft SharePoint Server vulnerabilities known as “ToolShell.” This campaign exploits four critical…
Chinese Threat Actors Hack 11,000 Android Devices to Deploy PlayPraetor Malware
Chinese-speaking threat actors have used the PlayPraetor Remote Access Trojan (RAT) to infiltrate more than 11,000 Android devices globally in a sophisticated Malware-as-a-Service (MaaS) operation. This allows for on-device fraud (ODF) by controlling the device in real time. First investigated…
Hackers Exploit Microsoft 365’s Direct Send Feature for Internal Phishing Attacks
Threat actors are leveraging Microsoft 365’s Direct Send feature to launch sophisticated phishing campaigns that mimic internal organizational emails, eroding trust and heightening the success rate of social engineering exploits. This feature, designed for unauthenticated relaying of messages from devices…