EDR Process Sideloading to Conceal Malicious Activity
Initial access broker Storm-0249 has evolved from a mass phishing operation into a sophisticated threat actor weaponizing legitimate Endpoint Detection and Response (EDR) processes through…
Category: GBHackers
Hackers Launch Rust-Based Luca Stealer Targeting Linux and Windows
Cybercriminals are increasingly abandoning traditional programming languages like C and C++ in favor of modern alternatives such as Rust, Golang, and Nim. This strategic shift…
Kali Linux 2025.4 Released Featuring 3 New Hacking Tools and Wifipumpkin3
The release of Kali Linux 2025.4 marks a significant milestone for the ethical hacking distribution, bringing major architectural changes and a suite of fresh tools. This update…
Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users
Apple has issued critical security patches addressing two actively exploited zero-day vulnerabilities affecting iPhone and iPad devices. The tech giant confirmed that both flaws were…
Empire 6.3.0 Released as Updated Post-Exploitation Framework for Red Teams
Researcher has officially released Empire 6.3.0, a significant update to the widely used post-exploitation and adversary emulation framework designed for Red Teams and Penetration Testers. This latest…
Researchers and Developers Targeted in AI-Driven GitHub Supply Chain Attack
A sophisticated AI-generated supply chain attack is targeting researchers, developers, and security professionals through compromised GitHub repositories, according to findings from Morphisec Threat Labs. The…
Hackers Target Windows Systems Using Phantom Stealer Hidden in ISO Files
Seqrite Labs has uncovered an active Russian phishing campaign that delivers Phantom information-stealing malware through malicious ISO files embedded in fake payment confirmation emails. The…
ConsentFix Attack Lets Hackers Hijack Microsoft Accounts via Azure CLI Abuse
Security researchers at Push have identified a sophisticated new phishing attack termed “ConsentFix,” which combines OAuth consent manipulation with ClickFix-style social engineering to compromise Microsoft…
New AiTM Attack Campaign Bypasses MFA to Target Microsoft 365 and Okta Users
Cybersecurity researchers at Datadog have uncovered a sophisticated adversary-in-the-middle phishing campaign targeting organizations that use Microsoft 365 and Okta for single sign-on authentication. The campaign…
10,000+ Docker Hub Images Exposed with Live Production Credentials from 100+ Firms
A comprehensive security analysis has uncovered a critical vulnerability in container image distribution: more than 10,000 Docker Hub images containing leaked production credentials from over…
CISA Alerts on Active Exploitation of Windows Cloud Files Mini Filter 0-Day
A critical privilege escalation vulnerability in Microsoft Windows Cloud Files Mini Filter Driver is now under active exploitation, according to a new Cybersecurity and Infrastructure…
Researchers Revive 2000s ‘Blinkenlights’ to Extract Smartwatch Firmware via Screen Pixels
Security researchers have successfully extracted firmware from a cheap JieLi-based smartwatch by reviving an obscure 2000s attack technique that transmits sensitive data through display pixels.…