ZynorRAT Exploits Windows and Linux Systems to Gain Remote Access
During a recent threat hunting exercise, the Sysdig Threat Research Team (TRT) identified a new sample dubbed ZynorRAT. This Go-based Remote Access Trojan (RAT) delivers…
Category: GBHackers
PoisonSeed Threat Actor Strengthens Credential Theft Operations with New Domains
Spoof the email delivery platform SendGrid and employ fake Cloudflare CAPTCHA interstitials to lend legitimacy before redirecting unsuspecting users to credential harvesting pages. Since June…
NVIDIA NVDebug Tool Vulnerability Lets Attackers Gain Elevated System Access
A critical vulnerability in NVIDIA’s NVDebug tool could allow attackers to gain elevated system access, execute code, or tamper with data. NVIDIA released a security…
DDoS Mitigation Provider Hit by Massive 1.5 Billion Packets Per Second Attack
FastNetMon today announced it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack…
Three Methods of Compromise and Persistence
A new wave of macOS-targeted malware has emerged under the radar—despite employing advanced process reconnaissance and maintaining successful notarization status for years. Jamf Threat Labs…
ACSC Warns of Actively Exploited SonicWall Access Control Vulnerability
The Australian Cyber Security Centre (ACSC) has issued an urgent warning about a critical vulnerability in SonicWall firewall devices that is being actively exploited by…
Hackers Reap Minimal Gains from Massive npm Supply Chain Breach
On September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to…
HackerOne Data Breach, Hackers Illegally Access Salesforce Environment
HackerOne, a leading vulnerability coordination platform, has confirmed that its Salesforce environment was compromised in a recent third-party data breach. The incident stemmed from an…
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed…
Google Drive Desktop for Windows Flaw Lets Users Gain Full Access to Others’ Drives
Millions of people and businesses trust Google Drive every day to store important files like contracts, reports, photos, and research papers. The desktop app for…
Amp’ed RF BT-AP 111 Bluetooth Access Point Vulnerability Enables Admin Takeover
The Amp’ed RF BT-AP 111 Bluetooth Access Point has been discovered to expose its HTTP-based administrative interface entirely without authentication controls, enabling unauthenticated attackers with…
Meta Verified Scam Ads on Facebook Steal User Account Details
Content creators and small businesses are facing a sophisticated new threat targeting their Facebook accounts through deceptive advertisements promising free Meta verification badges. A new…