Hackers Weaponize QR Codes With Malicious Links to Steal Sensitive Data
Quishing, a powerful form of phishing that uses malicious hyperlinks contained in QR codes to expose user credentials and sensitive data, has surfaced in the…
Category: GBHackers
Threat Actors Weaponize PDF Editor Trojan to Convert Devices into Proxies
Researchers have discovered a complex campaign using trojanized software that uses authentic code-signing certificates to avoid detection and turn compromised machines into unintentional residential proxies,…
AI Website Generators Repurposed by Adversaries for Malware Campaigns
Adversaries are using AI-powered website builders to expedite the development of harmful infrastructure in a quickly changing threat landscape, hence reducing the entry barriers for…
Warlock Ransomware Exploits SharePoint Flaws for Initial Access and Credential Theft
The Warlock ransomware group has intensified its operations by targeting unpatched on-premises Microsoft SharePoint servers, leveraging critical vulnerabilities to achieve remote code execution and initial…
Threat Actors Abuse Internet Archive to Host Stealthy JScript Loader
An Malicious actors are using reliable internet resources, such as the Internet Archive, more frequently to disseminate clandestine malware components in a worrying increase in…
Paper Werewolf Exploits WinRAR Zero-Day Vulnerability to Deliver Malware
Cyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate…
MuddyWater APT Targets CFOs via OpenSSH; Enables RDP and Scheduled Tasks
A sophisticated spear-phishing campaign attributed to the Iranian-linked APT group MuddyWater is actively compromising CFOs and finance executives across Europe, North America, South America, Africa,…
Kali Vagrant Rebuilt Released with Pre-Configured Command-Line VMs
Kali Linux has announced a major overhaul of its Vagrant virtual machine distribution system, transitioning from HashiCorp’s Packer to the DebOS build system for creating…
FBI Warns Russian State Hackers Targeting Critical Infrastructure Networking Devices
The Federal Bureau of Investigation (FBI) has issued a stark warning to the public, private sector, and international partners regarding persistent cyber threats from actors…
Commvault Backup Suite Flaws Allow Attackers to Breach On-Premises Systems
Security researchers have uncovered a critical series of vulnerabilities in Commvault’s backup and data management software that could enable attackers to achieve remote code execution…
New SHAMOS Malware Targets macOS Through Fake Help Sites to Steal Login Credentials
Cybersecurity researchers at CrowdStrike identified and thwarted a sophisticated malware campaign deploying SHAMOS, an advanced variant of the Atomic macOS Stealer (AMOS) malware, orchestrated by…
UNC5518 Group Hacks Legitimate Sites with Fake Captcha to Deliver Malware
The financially motivated threat group UNC5518 has been infiltrating trustworthy websites to install ClickFix lures, which are misleading phony CAPTCHA pages, as part of a…