Cybersecurity researchers at Northeastern University and Dartmouth College have unveiled a groundbreaking attack technique that exploits fundamental parsing discrepancies in Web Application Firewalls (WAFs), potentially compromising the security of millions of websites worldwide. The research, dubbed “WAFFLED” (Web Application Firewall…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Microsoft Uncovers Scattered Spider Tactics, Techniques, and Procedures in Recent Attacks
Microsoft has shed light on the sophisticated operations of Octo Tempest, a financially motivated cybercriminal group alternatively known as Scattered Spider, Muddled Libra, UNC3944, or 0ktapus. This threat actor has demonstrated a versatile arsenal of tactics, techniques, and procedures (TTPs)…
Lenovo Protection Driver Flaw Enables Privilege Escalation and Code Execution
A critical security vulnerability has been discovered in Lenovo’s protection driver software, affecting millions of users across desktop and laptop systems. The flaw, identified as CVE-2025-4657, allows local attackers with elevated privileges to execute arbitrary code through a buffer overflow…
Hackers Exploit ClickFix Tactics to Spread NetSupport RAT, Latrodectus, and Lumma Stealer
Attackers are increasingly leveraging the ClickFix social engineering technique to distribute potent malware families, including NetSupport RAT, Latrodectus, and Lumma Stealer. This method, which emerged prominently in recent months, tricks users into executing malicious commands under the guise of resolving…
Threat Actors Exploit Ivanti Connect Secure Flaws to Deploy Cobalt Strike Beacon
Threat actors have been actively exploiting vulnerabilities in Ivanti Connect Secure, specifically CVE-2025-0282 and CVE-2025-22457, to deploy advanced malware, including MDifyLoader and Cobalt Strike Beacon. These attacks, observed from December 2024 through July 2025, build on prior incidents involving SPAWNCHIMERA…
Russian Vodka Maker Beluga Struck by Ransomware Attack
Novabev Group, the parent company of premium vodka brand Beluga, has confirmed it was hit by a sophisticated ransomware attack on July 14, 2025, temporarily disrupting operations and affecting IT infrastructure across the company and its WineLab subsidiary. The Russian…
10 Best XDR (Extended Detection & Response) Solutions 2025
In 2025, the cybersecurity landscape is more fragmented and perilous than ever before. Organizations face an explosion of data sources, an increasing attack surface spanning endpoints, networks, cloud environments, and identities, and a relentless onslaught of sophisticated, multi-stage attacks. Traditional…
CISA Publishes 13 ICS Security Advisories on Critical Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) released thirteen Industrial Control Systems (ICS) security advisories on July 17, 2025, highlighting critical vulnerabilities that could compromise essential infrastructure operations. This coordinated disclosure represents one of the most significant advisory releases of…
‘Daemon Ex Plist’ Vulnerability Grants Root Access on macOS
A newly disclosed vulnerability dubbed “Daemon Ex Plist” allows attackers to escalate privileges from standard user to root access on macOS systems, exploiting a timing flaw in how the operating system handles daemon configuration files. Security researcher Egor Filatov published details of…
Signal App Clone Vulnerability Actively Exploited for Password Theft
A critical vulnerability in TeleMessageTM SGNL, an enterprise messaging platform modeled after Signal, is being actively exploited by threat actors to steal passwords and sensitive data from government agencies and enterprises. The flaw, tracked as CVE-2025-48927, was added to CISA’s…