A newly identified information-stealing malware dubbed PupkinStealer has emerged as a significant threat to Windows users, with its first sightings reported in April 2025. Written in C# using the .NET framework, this malicious software is engineered to pilfer sensitive data,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Repeated Firmware Key-Management Failures Undermine Intel Boot Guard and UEFI Secure Boot
The security of fundamental technologies like Intel Boot Guard and UEFI Secure Boot has been seriously questioned due to persistent cryptographic key management issues within the UEFI firmware ecosystem, which have been exposed in a number of concerning exposes. These…
Asus One-Click Flaw Exposes Users to Remote Code Execution Attacks
Critical security vulnerability in ASUS DriverHub software has been discovered that allowed attackers to execute arbitrary code with administrator privileges through a simple web visit. Security researcher identified and reported the vulnerability in April 2025, which has since been patched…
CISA Flags Hidden Functionality Flaw in TeleMessage TM SGNL on KEV List
Cybersecurity and Infrastructure Security Agency (CISA) has escalated its advisory for TeleMessage TM SGNL, adding a critical hidden functionality vulnerability (CVE-2025-47729) to its Known Exploited Vulnerabilities (KEV) catalog. This flaw exposes cleartext copies of user messages within the platform’s archiving…
Cobalt Strike 4.11.1 Released With SSL Checkbox Fix
Cobalt Strike has announced the release of version 4.11.1, an out-of-band update addressing several critical issues discovered in the previous 4.11 release. The update primarily fixes a module stomping issue that could cause system crashes in specific circumstances, resolves problems…
Attackers Leverage Unpatched Output Messenger 0‑Day to Deliver Malicious Payloads
A Türkiye-affiliated espionage threat actor, tracked by Microsoft Threat Intelligence as Marbled Dust (also known as Sea Turtle and UNC1326), has been exploiting a zero-day vulnerability in Output Messenger, a popular multiplatform chat software. Identified as CVE-2025-27920, this directory traversal…
Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals
The United States indicted fourteen North Korean nationals for orchestrating a sophisticated scheme to secure remote IT jobs at American companies and nonprofits using stolen identities. This operation, which has funneled at least $88 million USD to the North Korean…
Apple Releases Security Patches to Fix Critical Data Exposure Flaws
Apple released critical security updates for macOS Sequoia 15.5 on May 12, 2025, addressing over 40 vulnerabilities across system components ranging from kernel-level memory corruption risks to app sandbox escapes. The patches target flaws that could allow attackers to access…
New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms
Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as a lure. Dubbed Noodlophile Stealer, this previously undocumented infostealer targets unsuspecting users by exploiting their enthusiasm for AI-powered content creation tools. Disguised as legitimate services promising…
Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques
Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has evolved with sophisticated PowerShell tools and advanced evasion tactics, leveraging fake CAPTCHA sites to deceive users. Active since mid-2022 and offered as Malware-as-a-Service (MaaS) by…