Threat actors have been observed exploiting file upload vulnerabilities to deploy web shells and advanced malware on both Windows and Linux systems. The campaign, which showcases a blend of publicly available tools and custom malicious payloads, indicates a highly coordinated…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Beware of Trending TikTok Videos Promoting Pirated Apps That Deliver Stealer Malware
A sophisticated social engineering campaign has surfaced on TikTok, leveraging the platform’s massive user base and algorithmic reach to distribute information-stealing malware, specifically Vidar and StealC. Identified by Trend Research, this attack uses potentially AI-generated videos to deceive users into…
Weaponized DeepSeek Installers Deploy Sainbox RAT and Hidden Rootkit
Netskope Threat Labs has uncovered a malicious campaign exploiting fake software installers, including those mimicking popular tools like DeepSeek, Sogou, and WPS Office, to deliver dangerous malware payloads such as the Sainbox RAT (a variant of Gh0stRAT) and the Hidden…
Cybercriminals Exploit CapCut Popularity to Steal Apple ID Credentials and Credit Card Data
Threat actors have capitalized on the immense popularity of CapCut, the leading short-form video editing app, to orchestrate a highly deceptive phishing campaign. According to the Cofense Phishing Defense Center (PDC), attackers are deploying meticulously crafted fake invoices that impersonate…
Malicious Passlib Python Package Triggers Windows Shutdowns with Invalid Inputs
A deceptive and destructive Python package named psslib, uncovered by Socket’s Threat Research Team, poses a severe risk to developers by masquerading as a legitimate password security solution. Published by the threat actor identified as umaraq, this malicious package typosquats…
Threat Actors Use Clickfix Tactics to Deploy Malicious AppleScripts for Stealing Login Credentials
In a recent discovery by the CYFIRMA research team, a sophisticated malware campaign dubbed Odyssey Stealer has been uncovered, targeting macOS users through a deceptive method known as Clickfix tactics. This campaign leverages typosquatted domains malicious websites mimicking legitimate ones…
Exploitation of Microsoft 365 Direct Send to Deliver Phishing Emails as Internal Users
A sophisticated phishing campaign targeting over 70 organizations, predominantly in the US, has been uncovered by Varonis’ Managed Data Detection and Response (MDDR) Forensics team. This campaign, active since May 2025, exploits a lesser-known feature of Microsoft 365 called Direct…
Threat Actors Leverage Windows Task Scheduler to Embed Malware and Maintain Persistence
A comprehensive follow-up analysis to the FortiGuard Incident Response Team’s (FGIR) investigation titled “Intrusion into Middle East Critical National Infrastructure” has revealed a protracted cyberattack that targeted critical national infrastructure (CNI) in the Middle East. This is a startling revelation.…
Leeds United And Reflectiz Partner To Share Insights On Proactive Web Security After Cyber Attack
Leeds, UK, June 27th, 2025, CyberNewsWire – Leeds United FC, a globally recognized football club, and Reflectiz, a leading provider ofproactive web security, today announced an upcoming webinar titled “Beyond the Breach:How Leeds United Achieved Proactive Web Security After a…
Microsoft Teams to Auto-Detect Work Location Using Company Wi-Fi
Microsoft Teams is set to introduce a new feature that will automatically detect and set users’ work locations when they connect to their organization’s Wi-Fi network, marking a significant step forward in streamlining the hybrid workplace experience. The feature, scheduled…