Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA challenges to trick users into executing malicious PowerShell commands, leading to malware infections. This tactic, highlighted in the HP Wolf Security Threat Insights Report for March…
Threat Actors Leverage Reddit to Spread AMOS and Lumma Stealers
In a recent surge of cyber threats, threat actors have been exploiting Reddit to distribute two potent malware variants: AMOS (Atomic Stealer) and Lumma Stealer. These malware types are specifically designed to target cryptocurrency traders by offering cracked versions of…
Albabat Ransomware Targets Windows, Linux, and macOS via GitHub Abuse
Recent research by Trend Micro has uncovered a significant evolution in the Albabat ransomware, which now targets not only Windows but also Linux and macOS systems. This expansion highlights the increasing sophistication of ransomware groups in exploiting multiple operating systems…
Over 150 US Government Database Servers Vulnerable to Internet Exposure
A recent open-source investigation has uncovered one of the largest exposures of US government data to cyber threats. More than 150 government database servers are currently exposed to the internet, leaving sensitive personal and national security information at an unprecedented…
UAT-5918 Hackers Exploit N-Day Vulnerabilities in Exposed Web and Application Servers
A recent cybersecurity threat, identified as UAT-5918, has been actively targeting entities in Taiwan, particularly those in critical infrastructure sectors such as telecommunications, healthcare, and information technology. This advanced persistent threat (APT) group is believed to be motivated by establishing…
Hackers Actively Exploit Apache Tomcat Servers via CVE-2025-24813 – Patch Now
A concerning development has emerged with the active exploitation of Apache Tomcat servers through the recently disclosed vulnerability, CVE-2025-24813. This vulnerability allows attackers to potentially execute remote code (RCE) if successfully exploited. The cybersecurity firm GreyNoise has identified multiple IPs…
Veeam RCE Vulnerability Allows Domain Users to Hack Backup Servers
Researchers uncovered critical Remote Code Execution (RCE) vulnerabilities in the Veeam Backup & Replication solution. These vulnerabilities, which include CVE-2025-23120, exploit weaknesses in deserialization mechanisms, potentially allowing any domain user to gain SYSTEM access to Veeam backup servers. This is…
MEDUSA Ransomware Deploys Malicious ABYSSWORKER Driver to Disable EDR
In a recent analysis by Elastic Security Labs, a malicious driver known as ABYSSWORKER has been identified as a key component in the MEDUSA ransomware attack chain. This driver is specifically designed to disable endpoint detection and response (EDR) systems,…
I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
In a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to…