The Russian ransomware group Key Group, active since early 2023, is targeting organizations globally, as their modus operandi involves encrypting files and stealing data before demanding ransom via Telegram. The group utilizes the .NET-based Chaos ransomware builder to create their…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Chinese Hackers Charged for Multi-Year Spear-Phishing Attacks
Song Wu, a Chinese national, has been indicted on charges of wire fraud and aggravated identity theft. The charges stem from his alleged involvement in a sophisticated spear-phishing campaign targeting sensitive U.S. research and technology. This case highlights ongoing concerns…
Critical Vulnerabilities Impact Million of D-Link Routers, Patch Now!
Millions of D-Link routers are at risk due to several critical vulnerabilities. Security researcher Raymond identified these vulnerabilities, which have been assigned multiple CVE IDs and pose severe threats to users worldwide. D-Link has issued urgent firmware updates to mitigate…
Windows MSHTML Zero-Day Vulnerability Exploited In The Wild
Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products, as ColdFusion received a critical patch to mitigate a code execution flaw rated at CVSS 9.8. Other critical vulnerabilities were found in Photoshop, Illustrator, Premier Pro,…
Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Ransomware Attacks
Medusa, a relatively new ransomware group, has gained notoriety for its dual-pronged online presence. Unlike its peers, Medusa maintains a visible profile on the surface web alongside its traditional dark web operations. This unusual strategy has amplified its impact, with…
Azure API Management Vulnerability Let Attackers Escalate Privileges
A vulnerability in Azure API Management (APIM) has been identified. It allows attackers to escalate privileges and access sensitive information. This issue arises from a flaw in the Azure Resource Manager (ARM) API, which permits unauthorized access to critical resources.…
Spring Framework Vulnerability Let Attackers obtain Any Files from the System
A newly discovered vulnerability in the Spring Framework has been identified, potentially allowing attackers to access any file on the system. This vulnerability tracked as CVE-2024-38816, affects applications using the functional web frameworks WebMvc.fn or WebFlux.fn. It is classified as…
CISA Urges Agencies to Upgrade or Remove End-of-Life Ivanti Appliance
The Cybersecurity and Infrastructure Security Agency (CISA) has called upon federal agencies and organizations to take immediate action concerning a critical vulnerability affecting Ivanti Cloud Services Appliance (CSA) 4.6. The vulnerability, CVE-2024-8190, poses a significant threat as it allows cyber…
Crimson Palace Returns With New Hacking Tolls And Tactics
Cluster Bravo, despite its brief initial activity, subsequently targeted 11 organizations in the same region, as researchers found that these attackers used compromised environments within the same vertical for malware staging. Cluster Charlie, after being disrupted, returned with new techniques,…
Kali Linux 2024.3 Released With New Hacking Tools
Kali Linux 2024.3, the most recent iteration of Offensive Security’s highly regarded Debian-based distribution designed for ethical hacking and penetration testing, has been released. This new release is a major update that includes 11 new hacking tools and focuses on…