Sophisticated DevilsTongue Spyware Tracks Windows Users Worldwide
Insikt Group has uncovered new infrastructure tied to the Israeli spyware vendor Candiru, now operating under Saito Tech Ltd., highlighting the persistent deployment of its…
Category: GBHackers
Fake CAPTCHA Used in New ClickFix Attack to Deploy Malware Payload
ClickFix, which began as a red-team simulation tool in September 2024, has quickly developed into a widespread malware delivery system that outcompetes its predecessors, such…
WhatsApp Adds Security Feature to Help Users Spot and Avoid Malicious Messages
WhatsApp is rolling out enhanced security measures to combat the surge in scam messages targeting users worldwide, as criminal organizations increasingly exploit messaging platforms to…
Pandora Jewellery Hit by Cyberattack, Customer Data Compromised
Pandora, the world-renowned Danish jewelry retailer, recently suffered a major cybersecurity incident involving unauthorized access to customer information through a third-party vendor platform. The company…
Rockwell Arena Simulation Flaws Allow Remote Execution of Malicious Code
Rockwell Automation has disclosed three critical memory corruption vulnerabilities in its Arena Simulation software that could allow attackers to execute malicious code remotely. The vulnerabilities,…
Adobe AEM Forms 0-Day Vulnerability Allows Attackers to Run Arbitrary Code
Adobe has released critical security updates for Adobe Experience Manager (AEM) Forms on Java Enterprise Edition following the discovery of two severe vulnerabilities that could…
Threat Actors Poison Bing Search Results to Distribute Bumblebee Malware via ‘ManageEngine OpManager’ Queries
Threat actors leveraged SEO poisoning techniques to manipulate Bing search results, directing users querying for “ManageEngine OpManager” to a malicious domain, opmanager[.]pro. This site distributed…
Chinese Hackers Exploit SharePoint Flaws to Deploy Backdoors, Ransomware, and Loaders
Unit 42 researchers have identified significant overlaps between Microsoft’s reported ToolShell exploit chain targeting SharePoint vulnerabilities and a tracked activity cluster dubbed CL-CRI-1040. This cluster,…
Chinese Hackers Breach Exposes 115 Million U.S. Payment Cards
Security researchers have uncovered a highly advanced network of Chinese-speaking cybercriminal syndicates orchestrating smishing attacks that exploit digital wallet tokenization, potentially compromising up to 115…
Trend Micro Apex One Hit by Actively Exploited RCE Vulnerability
Trend Micro has issued an urgent security bulletin warning customers of critical remote code execution vulnerabilities in its Apex One on-premise management console that are…
CISA Alerts on Ongoing Exploits Targeting D-Link Device Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its campaign to protect U.S. networks by adding three newly exploited D-Link device vulnerabilities to its…
Threat Actors Weaponizing RMM Tools to Gain System Control and Exfiltrate Data
Adversaries are using Remote Monitoring and Management (RMM) tools more frequently as dual-purpose weapons for initial access and persistence in the constantly changing world of…