-
1 month ago | 
gbhackers.com | Aman Mishra
In recent years, phishing has remained the most prevalent form of cyberattack, with approximately 1.2% of global email traffic.
-
1 month ago | 
gbhackers.com | Aman Mishra
SIM swapping fraud continues to pose a significant threat to individuals and financial institutions, despite ongoing efforts.
-
Jan 17, 2025 | 
gbhackers.com | Aman Mishra
Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing campaigns are delivered via Telegram and use unique URLs to route users to credential-capturing counterfeit login pages. These pages masquerade as popular services and steal login credentials along with multifactor authentication tokens via HTTP POST requests to adversary-controlled backend servers.
-
Jan 16, 2025 | 
gbhackers.com | Aman Mishra
An attacker exploited a vulnerability in the batchupload.aspx and email_settings.aspx pages on the target server that allowed them to upload a malicious web shell to the IIS worker process (w3wp.exe). They initially attempted to upload a web shell to another location but failed to interact with it. Network traffic analysis revealed the source of the attack originated from IP address 86.48.10[.]109 using a forged user-agent string to mimic a legitimate Chrome browser.
-
Jan 16, 2025 | 
gbhackers.com | Aman Mishra
AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024 that leveraged a 0DAY vulnerability on cnPilot routers and used RC4 encryption for sample strings. After a brief pause in September, the botnet reappeared in October with the name kitty and was updated again in November as AIRASHI.
-
Jan 16, 2025 | 
gbhackers.com | Aman Mishra
Botnets are the networks of compromised devices that have evolved significantly since the internet’s inception. Threat actors exploit vulnerabilities to control these devices remotely by leveraging them for malicious activities.
-
Jan 13, 2025 | 
gbhackers.com | Aman Mishra
Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers used scheduled tasks to execute pcalua.exe to run malicious binaries and Python scripts, including the RPivot client.py script to connect to a remote server. Evidence suggests data exfiltration to cloud storage as this APT group targets various industries and aims for long-term persistence for data collection.
-
Jan 13, 2025 | 
gbhackers.com | Aman Mishra
Cybercriminals are executing sophisticated phishing attacks targeting Microsoft 365 users by employing deceptive URLs that closely resemble legitimate O365 domains, creating a high degree of trust with unsuspecting victims. The attackers leverage social engineering tactics, often claiming imminent password expiration, to induce panic and pressure users into clicking malicious links.
-
Jan 13, 2025 | 
gbhackers.com | Aman Mishra
Malware actors leverage popular platforms like YouTube and social media to distribute fake installers. Reputable file hosting services are abused to host malware and make detection challenging. Password protection and encoding techniques further complicate analysis and evade early sandbox detection. Once a system is compromised, malware can steal sensitive data from web browsers by exploiting credential storage mechanisms.
-
Jan 10, 2025 | 
gbhackers.com | Aman Mishra
Cybercriminals are exploiting the recent critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept exploits for CVE-2024-49113 (dubbed “LDAPNightmare”). These malicious PoCs, often disguised as tools to demonstrate the vulnerability’s impact, are designed to trick security researchers and system administrators into downloading and executing them.
