The Federal Bureau of Investigation (FBI) issued a critical alert through its Internet Crime Complaint Center (IC3) warning of a novel cyber extortion campaign targeting corporate executives. Criminal actors impersonating the notorious BianLian ransomware group are leveraging physical mail to…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Apache Pinot Vulnerability Allows Remote Attackers to Bypass Authentication
A critical security flaw (CVE-2024-56325) in Apache Pinot, a real-time distributed OLAP datastore, has been disclosed, allowing unauthenticated attackers to bypass authentication controls and gain unauthorized access to sensitive systems. Rated 9.8 on the CVSS scale, this vulnerability exposes organizations…
Implementing Identity First Security for Zero Trust Architectures
Zero Trust is a security framework that operates under the assumption that no implicit trust exists within a network. Every request for access must be verified, regardless of whether it comes from within or outside the organization. Identity First Security…
Identifying Cyber Attack Patterns Through Threat Actor Infrastructure Analysis
Kudelski Security Research recently published an article detailing advanced methods for tracking and analyzing threat actor infrastructure, providing valuable insights into cyber attack patterns and attribution techniques. Decoding Threat Actor Infrastructure: A Case Study The research team demonstrated their approach…
Cybercriminals Exploit Compromised Email Servers for Fraudulent Campaigns
Trend Micro’s Managed XDR team has recently investigated a sophisticated Business Email Compromise (BEC) attack that targeted multiple business partners. The incident, which occurred over several days, involved the exploitation of a compromised email server to orchestrate a complex fraud…
Hackers Deploy Advanced Social Engineering Tactics in Phishing Attacks
Cybercriminals are evolving their phishing methods, employing more sophisticated social engineering tactics to deceive their targets. Recent findings from ESET’s APT Activity Report highlight a concerning trend where threat actors are establishing relationships with potential victims before deploying malicious content.…
Detecting Malicious Activities With Traffic Distribution Systems
Traffic Distribution Systems (TDS) have emerged as critical tools for both legitimate and malicious purposes, serving as sophisticated redirection networks that manage traffic flow across multiple endpoints. While businesses use TDS to optimize marketing campaigns and improve service reliability, cybercriminals…
InvokeADCheck – New Powershell Module for Active Directory Assessment
Orange Cyberdefense has announced the development of InvokeADCheck, a new PowerShell module designed to streamline Active Directory (AD) assessments. Created by Niels Hofland and colleague Justin, this tool aims to address the challenges faced by IT administrators and security professionals…
Sitecore Zero-Day Flaw Allows Remote Code Execution
A critical zero-day vulnerability in Sitecore’s enterprise content management system (CMS) has been uncovered, enabling unauthenticated attackers to execute arbitrary code on affected servers. Designated CVE-2025-27218, this pre-authentication remote code execution (RCE) flaw resides in Sitecore versions up to 10.4 and…
Apache Airflow Misconfigurations Leak Login Credentials to Hackers
A recent investigation into misconfigured Apache Airflow instances has uncovered critical vulnerabilities exposing login credentials, API keys, and cloud service access tokens to potential attackers. These workflow platform misconfigurations—primarily caused by insecure coding practices and outdated deployments—have compromised data security…