A sophisticated phishing campaign has been uncovered by Fortinet’s FortiGuard Labs, targeting Windows users with malicious Word documents designed to steal sensitive data. Disguised as legitimate sales orders, these emails trick recipients into opening attachments that exploit a known vulnerability,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Cookie-Bite Attack Enables MFA Bypass and Persistent Cloud Server Access
Researchers have exposed a sophisticated cyberattack technique dubbed the “Cookie-Bite Attack,” which allows adversaries to bypass Multi-Factor Authentication (MFA) and maintain persistent access to cloud servers such as Microsoft 365, Azure Portal, and Teams. This method leverages stolen browser cookies,…
Synology Network File System Vulnerability Allows Unauthorized File Access
A critical security vulnerability in Synology’s Network File System (NFS) service, tracked as CVE-2025-1021, has been resolved after allowing unauthorized remote attackers to access sensitive files on vulnerable DiskStation Manager (DSM) devices. The flaw, marked as “Important” in severity by…
Hackers Deploy New Malware Disguised as Networking Software Updates
A sophisticated backdoor has been uncovered targeting major organizations across Russia, including government bodies, financial institutions, and industrial sectors. This malware, distributed under the guise of legitimate updates for ViPNet a widely used software suite for creating secure networks poses…
Super-Smart AI Could Launch Attacks Sooner Than We Think
In a development for cybersecurity, large language models (LLMs) are being weaponized by malicious actors to orchestrate sophisticated attacks at an unprecedented pace. Despite built-in safeguards akin to a digital Hippocratic Oath that prevent these models from directly aiding harmful…
Zyxel Releases Patches for Privilege Management Vulnerabilities in Firewalls
Zyxel, a leading provider of secure networking solutions, has released critical security patches to address two privilege management vulnerabilities in the USG FLEX H series firewalls. The flaws, tracked as CVE-2025-1731 and CVE-2025-1732, could allow authenticated local attackers to escalate…
CrowdStrike Launches Falcon® Privileged Access with Advanced Identity Protection
CrowdStrike today announced the general availability of Falcon® Privileged Access, a breakthrough module in its Falcon® Identity Protection suite, aimed at redefining identity security for modern organizations. This launch positions CrowdStrike’s AI-native Falcon platform as the only solution capable of…
CISA Issues Five ICS Advisories Highlighting Critical Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released five urgent advisories on April 22, 2025, targeting critical vulnerabilities in widely-used Industrial Control Systems (ICS) from Siemens, ABB, and Schneider Electric. With the increasing frequency and severity of cyberattacks…
Marks & Spencer Confirms Cyberattack Disrupting Payments and Online Orders
Leading British retailer Marks & Spencer Group plc (M&S) has confirmed it has been grappling with a cyberattack over the past several days, causing temporary disruptions to payment processing and online orders. According to an official company statement, the incident…
Google Cloud Composer Flaw Allows Attackers to Gain Elevated Privileges
Research disclosed a now-patched high-severity vulnerability in Google Cloud Platform’s (GCP) Cloud Composer service, dubbed ConfusedComposer. It could have allowed attackers to hijack cloud workflows and gain control over critical resources. The flaw highlights risks in automated cloud service orchestration. What…