Cybersecurity News
-
New GitHub Scam Uses Fake “Mods” and “Cracks” to Steal User Data
A sophisticated malware campaign leveraging GitHub repositories disguised as game modifications and cracked software has been uncovered, exposing a dangerous convergence of social engineering tactics and automated credential harvesting. Security…
Read More » -
Hackers can Crack Into Car Cameras Within Minutes Exploiting Vulnerabilities – GBHackers Security
At the upcoming Black Hat Asia 2025 conference, cybersecurity experts will unveil a groundbreaking vulnerability in modern dashcam technology, exposing how hackers can exploit these devices to breach privacy and…
Read More » -
Network Penetration Testing Checklist – 2025
Network penetration testing is a cybersecurity practice that simulates cyberattacks on an organization’s network to identify vulnerabilities and improve security defenses. Ethical hackers, or penetration testers, use tools and techniques…
Read More » -
PingAM Java Agent Vulnerability Allows Attackers to Bypass Security
A critical security flaw (CVE-2025-20059) has been identified in supported versions of Ping Identity’s PingAM Java Agent, potentially enabling attackers to bypass policy enforcement and access protected resources. The vulnerability—classified…
Read More » -
Chinese Hackers Exploit Check Point VPN Zero-Day to Target Organizations Globally
A sophisticated cyberespionage campaign linked to Chinese state-sponsored actors has exploited a previously patched Check Point VPN vulnerability (CVE-2024-24919) to infiltrate organizations across Europe, Africa, and the Americas, according to…
Read More » -
Hacktivist Groups Emerge With Powerful Tools for Large-Scale Cyber Operations
Hacktivism, once synonymous with symbolic website defacements and distributed denial-of-service (DDoS) attacks, has evolved into a sophisticated tool for cyber warfare and influence operations. Recent research highlights how state-sponsored actors…
Read More » -
Chinese Hackers Breach Belgium State Security Service as Investigation Continues
Belgium’s State Security Service (VSSE) has suffered what is being described as its most severe security breach to date. For nearly two years, a group of Chinese hackers exploited a…
Read More » -
New Pass-the-Cookie Attacks Bypass MFA, Giving Hackers Full Account Access
Multi-factor authentication (MFA), long considered a cornerstone of cybersecurity defense, is facing a formidable new threat: “Pass-the-Cookie” attacks. Recent findings reveal from Long Wall shows that threat actors exploit browser session…
Read More » -
Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications
The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has been identified leveraging legitimate cloud services like Dropbox, Twitter, and Zimbra for command-and-control (C2) communications in…
Read More » -
Google’s SafetyCore App Secretly Scans All Photos on Android Devices
Recent revelations about Google’s SafetyCore app have ignited a firestorm of privacy debates, echoing Apple’s recent controversy over photo scanning. The app, silently installed on Android devices via system updates,…
Read More » -
GitLab Vulnerabilities Allow Attackers to Bypass Security and Run Arbitrary Scripts
GitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that could allow attackers to bypass security mechanisms, execute malicious scripts, and access sensitive data. The…
Read More » -
Silver Fox APT Hackers Target Healthcare Services to Steal Sensitive Data
A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver Fox, has been uncovered, targeting healthcare services in North America. The attackers exploited Philips DICOM Viewer…
Read More » -
MITRE Releases OCCULT Framework to Address AI Security Challenges
MITRE has unveiled the Offensive Cyber Capability Unified LLM Testing (OCCULT) framework, a groundbreaking methodology designed to evaluate risks posed by large language models (LLMs) in autonomous cyberattacks. Announced on…
Read More » -
Hackers Evade Outlook Spam Filters to Deliver Malicious ISO Files
A newly discovered technique allows threat actors to circumvent Microsoft Outlook’s spam filters to deliver malicious ISO files, exposing organizations to sophisticated phishing campaigns. The bypass leverages hyperlink obfuscation to…
Read More » -
Google Introduces Quantum-Safe Digital Signatures in Cloud KMS
Google Cloud has unveiled a critical cybersecurity upgrade: quantum-safe digital signatures via its Key Management Service (Cloud KMS), now available in preview. This move aligns with the National Institute of Standards and…
Read More » -
Critical UniFi Protect Camera Vulnerability Enables Remote Code Execution Attacks
Ubiquiti Networks has issued an urgent security advisory (Bulletin 046) warning of multiple critical vulnerabilities in its UniFi Protect camera ecosystem, including a high-severity remote code execution (RCE) flaw that…
Read More » -
New Zhong Stealer Malware Exploit Zendesk to Attack Fintech and Cryptocurrency
A newly identified malware, dubbed Zhong Stealer, has emerged as a significant threat to the fintech and cryptocurrency sectors. Any.run researchers discovered zhong malware during a phishing campaign between December…
Read More »