Cybersecurity researchers have uncovered a novel phishing campaign distributing the notorious Tycoon 2FA phishing kit through fraudulent timesheet notification emails, marking a concerning evolution in multi-layered credential theft operations. The operation utilizes Pinterest’s visual bookmarking service as an intermediary redirector,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Juniper Issues Warning About Critical Authentication Bypass Vulnerability
Juniper Networks has issued an urgent security bulletin for its Session Smart Router, Session Smart Conductor, and WAN Assurance Router product lines, revealing a critical API authentication bypass vulnerability (CVE-2025-21589) that enables unauthenticated attackers to gain full administrative control over…
ChatGPT Operator Prompt Injection Exploit Leaks Private Data
According to recent findings by cybersecurity researcher Johann Rehberger, OpenAI’s ChatGPT Operator, an experimental agent designed to automate web-based tasks, faces critical security risks from prompt injection attacks that could expose users’ private data. In a demonstration shared exclusively with…
Earth Preta APT Exploit Microsoft Utility Tool & Bypass AV Detection to Control Windows
Researchers from Trend Micro’s Threat Hunting team have uncovered a sophisticated cyberattack campaign by the advanced persistent threat (APT) group Earth Preta, also known as Mustang Panda. The group has been leveraging new techniques to infiltrate systems and evade detection,…
LibreOffice Vulnerabilities Allow Attackers to Write to Files and Extract Data
Two critical vulnerabilities in LibreOffice (CVE-2024-12425 and CVE-2024-12426) expose millions of users to file system manipulation and sensitive data extraction attacks. These flaws affect both desktop users opening malicious documents and server-side systems using LibreOffice for headless document processing. CVE-2024-12425:…
Ransomware Gangs Encrypt Systems 17 Hours After Initial Infection
Ransomware gangs are accelerating their operations, with the average time-to-ransom (TTR), the period between initial system compromise and the deployment of encryption, now standing at just 17 hours, according to recent cybersecurity analyses. This marks a significant shift from earlier…
Beware! Fake Outlook Support Calls Leading to Ransomware Attacks
Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and organizations across Germany. This operation appears to be linked to a ransomware group employing sophisticated social engineering tactics. The attackers impersonate Microsoft Outlook support personnel, aiming…
New XCSSET Malware Targets macOS Users Through Infected Xcode Projects
Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking its first update since 2022. This sophisticated malware continues to target macOS users by infecting Xcode projects, a critical tool for Apple developers. The latest variant…
Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB
A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered, exposing enterprise networks to credential theft and lateral attacks. The flaw, discovered by Rapid7 Principal IoT Researcher Deral Heiland, enables malicious actors to intercept Lightweight Directory…
Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers
Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable remote code execution (RCE). These attacks exploit vulnerabilities in WordPress core features and plugins, allowing hackers to gain unauthorized access, execute arbitrary code, and maintain control…