A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals and enterprises. Developed in C# using the .NET framework, this 32-bit GUI-based Windows executable targets sensitive user data with a focused and efficient approach. First observed…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
VMware Tools Vulnerability Allows Attackers to Modify Files and Launch Malicious Operations
Broadcom-owned VMware has released security patches addressing a moderate severity insecure file handling vulnerability in VMware Tools, tracked as CVE-2025-22247 with a CVSS base score of 6.1. The vulnerability allows non-administrative users to manipulate files within guest virtual machines to…
Metasploit Update Adds Erlang/OTP SSH Exploit and OPNSense Scanner
The open-source penetration testing toolkit Metasploit has unveiled a major update, introducing four new modules, including a highly anticipated exploit targeting Erlang/OTP SSH servers and a scanner for OPNSense firewalls. The release also enhances diagnostic tools and addresses critical bugs,…
Google Researchers Use Mach IPC to Uncover Sandbox Escape Vulnerabilities
Google Project Zero researchers have uncovered new sandbox escape vulnerabilities in macOS using an innovative approach that leverages Mach Interprocess Communication (IPC) mechanisms-core components of Apple’s operating system. Their public research details how low-level message passing between privileged and sandboxed…
Hackers Exploit Legacy Protocols in Microsoft Entra ID to Bypass MFA and Conditional Access
A sophisticated and highly coordinated cyberattack campaign came to light, as tracked by Guardz Research. This operation zeroed in on legacy authentication protocols within Microsoft Entra ID, exploiting outdated methods to sidestep modern security measures like Multi-Factor Authentication (MFA) and…
Cybercriminals Hide Undetectable Ransomware Inside JPG Images
A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image files to deliver fully undetectable (FUD) ransomware, according to a recent disclosure by cybersecurity researchers. This technique, which bypasses traditional antivirus systems, highlights an alarming evolution in…
Mitel SIP Phone Flaws Allow Attackers to Inject Malicious Commands
A pair of vulnerabilities in Mitel’s 6800 Series, 6900 Series, and 6900w Series SIP Phones-including the 6970 Conference Unit-could enable attackers to execute arbitrary commands or upload malicious files to compromised devices, posing significant risks to enterprise communication systems. The…
Defendnot: A Tool That Disables Windows Defender by Registering as Antivirus
Cybersecurity developers have released a new tool called “defendnot,” a successor to the previously DMCA-takedown-affected “no-defender” project. This innovative utility leverages undocumented Windows Security Center APIs to disable Windows Defender by registering itself as a third-party antivirus solution. The developer…
Hackers Abuse Copilot AI in SharePoint to Steal Passwords and Sensitive Data
Microsoft’s Copilot for SharePoint, designed to streamline enterprise collaboration through generative AI, has become an unexpected weapon for cybercriminals targeting organizational secrets. Recent findings from cybersecurity researchers reveal that attackers are exploiting AI agents embedded in SharePoint sites to bypass…
Microsoft Teams to Safeguard Meetings by Blocking Screen Snaps
Microsoft has announced the upcoming release of a groundbreaking “Prevent Screen Capture” feature for Teams, designed to block unauthorized screenshots and recordings during virtual meetings. The new capability, slated for worldwide deployment in July 2025, underscores Microsoft’s increasing commitment to…