Wednesday, May 14, 2025
Follow us On Linkedin

Cyber Security News

PyPI Package

Weaponized PyPI Package Targets Developers to Steal Source Code

Aman Mishra - 0
Security researchers at RL have discovered a malicious Python package called "solana-token" on PyPI that is intended to prey on developers working with the...
Microsoft Alerts on AD CS Flaw

Microsoft Alerts on AD CS Flaw Enabling Remote Denial-of-Service Attacks

Mayura Kathir - 0
Microsoft has issued a security advisory for a newly identified vulnerability in Active Directory Certificate Services (AD CS), tracked as CVE-2025-29968, which could allow...
Zero-Day Vulnerability

Chinese Hackers Exploit SAP NetWeaver Zero-Day Vulnerability to Target Critical Infrastructure

Aman Mishra - 0
EclecticIQ analysts have uncovered a sophisticated cyber-espionage campaign orchestrated by China-nexus nation-state Advanced Persistent Threats (APTs) targeting critical infrastructure worldwide. In April 2025, these threat...
Azure Managed Identity

Researchers Unveil New Threat-Hunting Techniques to Detect Azure Managed Identity Abuse

Aman Mishra - 0
A group of cybersecurity specialists from Hunters, working under the prestigious Team Axon, have presented sophisticated threat-hunting techniques in a ground-breaking research paper titled...
Zero-Day Vulnerability in Windows CLFS

Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild

Mayura Kathir - 0
Microsoft has disclosed two critical security vulnerabilities in the Windows Common Log File System (CLFS) Driver that are currently being exploited in the wild....
Samsung MagicINFO 9

Critical Samsung MagicINFO 9 Server Flaw Allows Arbitrary File Writes

Mayura Kathir - 0
Samsung’s SmartTV and digital signage ecosystem faces renewed cybersecurity scrutiny following the disclosure of a critical path traversal vulnerability (CVE-2025-4632) in its MagicINFO 9...
WinSock 0-Day Vulnerability

Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access

Mayura Kathir - 0
Microsoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock, tracked as CVE-2025-32709. This use-after-free...
Load more

Supply Chain Attack Prevention

SIEM as a Service

Recent News

Metasploit Update Adds Erlang/OTP SSH Exploit and OPNSense Scanner

Divya - 0
The open-source penetration testing toolkit Metasploit has unveiled a major update, introducing four new modules, including a highly anticipated exploit targeting Erlang/OTP SSH servers...
PDF Invoices

Hackers Exploit PDF Invoices to Target Windows, Linux, and macOS Systems

Aman Mishra - 0
A recent discovery by the FortiMail Incident Response team has revealed a highly sophisticated email campaign targeting organizations in Spain, Italy, and Portugal. This...
Microsoft Entra ID

Hackers Exploit Legacy Protocols in Microsoft Entra ID to Bypass MFA and Conditional Access

Aman Mishra - 0
A sophisticated and highly coordinated cyberattack campaign came to light, as tracked by Guardz Research. This operation zeroed in on legacy authentication protocols within...
Firmware Key-Management

Repeated Firmware Key-Management Failures Undermine Intel Boot Guard and UEFI Secure Boot

Aman Mishra - 0
The security of fundamental technologies like Intel Boot Guard and UEFI Secure Boot has been seriously questioned due to persistent cryptographic key management issues...
Ransomware Attacks

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

Aman Mishra - 0
The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in ransomware attacks during 2024, driven largely by sophisticated exploitation of...
npm Package

New Supply Chain Attack Compromises Popular npm Package with 45,000 Weekly Downloads

Aman Mishra - 0
An advanced supply chain attack has targeted the well-known npm package rand-user-agent, which receives about 45,000 downloads every week, in a worrying development for...
DOGE Employee Credentials

DOGE Employee Computer Infected with Malware and Leaked Data Found Info-Stealer Logs

Mayura Kathir - 0
Kyle Schutt, a 37-year-old DOGE employee identified in federal payroll records, has had his personal email address and associated passwords exposed in at least...
Remote Monitoring Tools

New Spam Campaign Leverages Remote Monitoring Tools to Exploit Organizations

Aman Mishra - 0
A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco Talos, active since at least January 2025. This campaign exploits...
Noodlophile Malware

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Aman Mishra - 0
Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as a lure. Dubbed Noodlophile Stealer, this previously undocumented infostealer targets unsuspecting...
Load more

Most Popular

Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense – INE Security

0
INE Security, a global leader in hands-on cybersecurity training and certifications, today highlighted how ongoing real-world practice with the latest CVEs (Common Vulnerabilities and Exposures)...

Weaponized PyPI Package Targets Developers to Steal Source Code

0
Security researchers at RL have discovered a malicious Python package called "solana-token" on PyPI that is intended to prey on developers working with the...

Microsoft Alerts on AD CS Flaw Enabling Remote Denial-of-Service Attacks

0
Microsoft has issued a security advisory for a newly identified vulnerability in Active Directory Certificate Services (AD CS), tracked as CVE-2025-29968, which could allow...

Chinese Hackers Exploit SAP NetWeaver Zero-Day Vulnerability to Target Critical Infrastructure

0
EclecticIQ analysts have uncovered a sophisticated cyber-espionage campaign orchestrated by China-nexus nation-state Advanced Persistent Threats (APTs) targeting critical infrastructure worldwide. In April 2025, these threat...

Researchers Unveil New Threat-Hunting Techniques to Detect Azure Managed Identity Abuse

0
A group of cybersecurity specialists from Hunters, working under the prestigious Team Axon, have presented sophisticated threat-hunting techniques in a ground-breaking research paper titled...

Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild

0
Microsoft has disclosed two critical security vulnerabilities in the Windows Common Log File System (CLFS) Driver that are currently being exploited in the wild....

Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access

0
Microsoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock, tracked as CVE-2025-32709. This use-after-free...

Critical Samsung MagicINFO 9 Server Flaw Allows Arbitrary File Writes

0
Samsung’s SmartTV and digital signage ecosystem faces renewed cybersecurity scrutiny following the disclosure of a critical path traversal vulnerability (CVE-2025-4632) in its MagicINFO 9...

Earth Ammit Hackers Deploy New Tools to Target Military Drones

0
The threat actor group known as Earth Ammit, believed to be associated with Chinese-speaking APTs, has emerged as a significant concern for military and...
Load more

Glossary

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved