Category: GBHackers

TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
23
Oct
2025

TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE

The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used…

BIND 9 Vulnerabilities Expose DNS Servers to Cache Poisoning and DoS
23
Oct
2025

BIND 9 Vulnerabilities Expose DNS Servers to Cache Poisoning and DoS

The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally….

PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware
23
Oct
2025

PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware

A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare…

Critical MCP Server Flaw Exposes Over 3,000 Servers and Thousands of API Keys
23
Oct
2025

Critical MCP Server Flaw Exposes Over 3,000 Servers and Thousands of API Keys

A critical vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service, exposed over 3,000 AI servers and…

Hackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious Extensions
22
Oct
2025

Hackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious Extensions

In September 2025, Texas A&M University System (TAMUS) Cybersecurity, a managed detection and response provider, in collaboration with Elastic Security…

Threat Actors Exploiting Azure Blob Storage to Breach Organizational Repositories
22
Oct
2025

Threat Actors Exploiting Azure Blob Storage to Breach Organizational Repositories

Threat actors are increasingly targeting Azure Blob Storage, Microsoft’s flagship object storage solution, to infiltrate organizational repositories and disrupt critical…

Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters
22
Oct
2025

Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters

Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated…

Injecting Malicious Code into RMClient to Evade EDR
22
Oct
2025

Injecting Malicious Code into RMClient to Evade EDR

CyberProof researchers detected a significant surge in Remcos (Remote Control & Surveillance Software) campaigns throughout September and October 2025, exploiting…

SharkStealer Adopts EtherHiding Technique for C2 Communication Evasion
22
Oct
2025

SharkStealer Adopts EtherHiding Technique for C2 Communication Evasion

SharkStealer, a Golang-based information stealer, has been observed leveraging the Binance Smart Chain (BSC) Testnet as a covert dead-drop mechanism…

Hackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal Data
22
Oct
2025

Hackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal Data

Cybercriminals are increasingly exploiting a legitimate Microsoft 365 feature designed for enterprise convenience, turning Exchange Online’s Direct Send into a…

Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data
22
Oct
2025

Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data

In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and…

Direct Memory Attacks Used to Capture Browser Credentials
22
Oct
2025

Direct Memory Attacks Used to Capture Browser Credentials

On October 6, 2025, the cybercriminal developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums,…