Researchers from Duke University and Carnegie Mellon University have demonstrated successful jailbreaks of OpenAI’s o1/o3, DeepSeek-R1, and Google’s Gemini 2.0 Flash models through a novel attack method called Hijacking Chain-of-Thought (H-CoT). The research reveals how advanced safety mechanisms designed to…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
200 Malicious GitHub Repositories Distributing Malware to Developers
A sophisticated malware campaign dubbed GitVenom has infected over 200 GitHub repositories, targeting developers with fake projects masquerading as legitimate tools. The repositories, active for nearly two years, deploy stealers, remote access Trojans (RATs), and clippers to compromise systems and steal sensitive…
Silent Killers Exploit Windows Policy Loophole to Evade Detections and Deploy Malware
In a significant cybersecurity revelation, researchers have uncovered a large-scale campaign exploiting a Windows policy loophole to deploy malware while evading detection. The attack hinges on the abuse of a legacy driver, Truesight.sys (version 2.0.2), which contains vulnerabilities that allow…
Poseidon Stealer Targets Mac Users via Fake DeepSeek Website
Cybersecurity researchers uncovered a sophisticated malware campaign targeting macOS users through a fraudulent DeepSeek.ai interface. Dubbed “Poseidon Stealer,” this information-stealing malware employs advanced anti-analysis techniques and novel infection vectors to bypass Apple’s latest security protocols, marking a significant escalation in…
Beware of Fake Job Interview Challenges Targeting Developers to Deliver Malware
A new wave of cyberattacks, dubbed “DeceptiveDevelopment,” has been targeting freelance developers through fake job interview challenges, according to ESET researchers. These attacks, linked to North Korea-aligned threat actors, involve malicious software disguised as coding tasks or projects. The primary…
New Phishing Attack Targets Amazon Prime Users to Steal Login Credentials
A new phishing campaign targeting Amazon Prime users has been identified, aiming to steal login credentials and other sensitive information, including payment details and personal verification data. The attack, analyzed by the Cofense Phishing Defense Center (PDC), uses a carefully…
LightSpy Malware Expands With 100+ Commands to Target Users Across All Major OS Platforms
The LightSpy surveillance framework has significantly evolved its operational capabilities, now supporting over 100 commands to infiltrate Android, iOS, Windows, macOS, and Linux systems, and routers, according to new infrastructure analysis. First documented in 2020, this modular malware has shifted…
Critical RCE Vulnerability in MITRE Caldera – Proof of Concept Released
A critical remote code execution (RCE) vulnerability has been uncovered in MITRE Caldera, a widely used adversarial emulation framework. The flaw (CVE-2025-27364) affects all versions prior to commit 35bc06e, potentially exposing systems running Caldera servers to unauthenticated attacks. Attackers can exploit…
CISA Alerts: Oracle Agile Vulnerability Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a severe deserialization vulnerability (CVE-2024-20953) in Oracle Agile Product Lifecycle Management (PLM) software. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February…
KernelSnitch: Uncovering a New Side-Channel Attack on Data Structures
Researchers at Graz University of Technology have uncovered a groundbreaking software-based side-channel attack, KernelSnitch, which exploits timing variances in Linux kernel data structures. Unlike hardware-dependent attacks, KernelSnitch targets hash tables, radix trees, and red-black trees, enabling unprivileged attackers to leak sensitive…