The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding severe vulnerabilities in Cisco’s Identity Services Engine (ISE) that are being actively exploited by threat actors. The agency added two critical injection vulnerabilities to its Known…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw
Security researchers have published a detailed proof-of-concept exploit for a critical vulnerability in Cisco Identity Services Engine (ISE) that allows attackers to achieve remote code execution without authentication. The flaw, tracked as CVE-2025-20281, affects the widely-deployed network access control platform…
UNC3886 Exploits Multiple 0-Day Bugs in VMware vCenter, ESXi, and Fortinet FortiOS
The advanced persistent threat group UNC3886 has escalated its sophisticated cyber espionage campaign by exploiting multiple zero-day vulnerabilities across critical infrastructure platforms, including VMware vCenter, ESXi hypervisors, and Fortinet FortiOS systems. This revelation comes as Singapore’s Coordinating Minister for National…
Aeroflot Hit by Year‑Long Cyber Operation That Allegedly Wiped 7,000 Servers
Russia’s flagship carrier Aeroflot is reeling from a devastating cyberattack that pro-Ukraine hacking groups claim wiped approximately 7,000 servers and stole over 20 terabytes of sensitive data during a year-long clandestine operation. The airline was forced to cancel dozens of…
ArmouryLoader Bypasses Security Protections to Inject Malicious Code
ArmouryLoader and other malicious code loaders have become essential tools for introducing Trojan-type payloads into hacked systems in the ever-changing world of cyberattacks. First identified in 2024, ArmouryLoader exploits the ASUS Armoury Crate software by hijacking its export functions, such…
ToolShell: Uncovering Five Critical Vulnerabilities in Microsoft SharePoint
Security researchers from Kaspersky have detailed a sophisticated exploit chain dubbed “ToolShell,” actively targeting on-premise Microsoft SharePoint servers worldwide. The campaign, which began widespread exploitation leverages an unauthenticated remote code execution (RCE) chain involving CVE-2025-49704 and CVE-2025-49706, enabling attackers to…
Oyster Backdoor Disguised as PuTTY and KeyPass Targets IT Admins via SEO Poisoning
Threat actors have been using trojanized versions of well-known IT tools like PuTTY and WinSCP to spread the Oyster backdoor, also known as Broomstick or CleanupLoader, in a sophisticated malvertising and SEO poisoning campaign that Arctic Wolf researchers first noticed…
Chinese Hackers Exploit Software Vulnerabilities to Breach Targeted Systems
China’s Cyberspace Administration, Ministry of Public Security, and Ministry of Industry and Information Technology introduced the Regulations on the Management of Network Product Security Vulnerabilities (RMSV) in July 2021, mandating that software vulnerabilities exploitable flaws in code be reported to…
UNC3886 Hackers Target Singapore’s Critical Infrastructure by Exploiting 0-Day Vulnerabilities
Singapore’s critical infrastructure sectors, including energy, water, telecommunications, finance, and government services, are facing an active cyberattack from UNC3886, a sophisticated China-linked advanced persistent threat (APT) group renowned for leveraging zero-day exploits and custom malware. First identified by Mandiant in…
Raven Stealer Malware Exploits Telegram to Steal Logins, Payment Data, and Autofill Info
Raven Stealer has emerged as sophisticated, lightweight information-stealing malware crafted in Delphi and C++, targeting Windows systems with a focus on extracting sensitive data like logins, payment details, and autofill information from Chromium-based browsers such as Chrome and Edge. First…