Chollima APT Group Targets Job Seekers and Organizations with JavaScript-Based Malware

Threat Score:
56
GB Hackers
4 days ago

Overview

Chollima APT Group Targets Job Seekers and Organizations with JavaScript-Based Malware The North Korean-linked Chollima advanced persistent threat (APT) group, also known as Famous Chollima, has been orchestrating a persistent cyber espionage campaign since at least December 2022, primarily targeting job seekers in the software development and IT sectors to infiltrate a wide array of United States-based organizations. This operation leverages intricate social engineering techniques, where attack...

Related Articles

5 articles
2
Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data

Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data

GB Hackers 3 hours ago

Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data Microsoft security researchers have uncovered four critical vulnerabilities inWindows BitLockerthat could allow attackers with physical access to bypass the encryption system and extract sensitive data. The findings, revealed in research dubbed “BitUnlocker,” demonstrate sophisticated attack methods targeting the Windows Recovery Environment (WinRE) to circumvent Microsoft’s flagship data protection technology

Score
82
Read more
3

CastleBot MaaS Released Diverse Payloads in Coordinated Mass Ransomware Attacks

GB Hackers 7 hours ago

CastleBot MaaS Released Diverse Payloads in Coordinated Mass Ransomware Attacks IBM X-Force has uncovered CastleBot, a nascent malware framework operating as a Malware-as-a-Service (MaaS) platform, enabling cybercriminals to deploy a spectrum of payloads ranging from infostealers to sophisticated backdoors implicated in ransomware operations. First detected in early 2025 with heightened activity since May, CastleBot facilitates the delivery of threats likeNetSupportand WarmCookie, which have his

Score
79
Read more
4

Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability

GB Hackers 4 hours ago

Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability The cybersecurity community faces a significant threat as scanning data reveals over 28,000 unpatched Microsoft Exchange servers remain exposed on the public internet, vulnerable to a critical security flaw designatedCVE-2025-53786. This high-severity vulnerability, which carries a CVSS score of 8.0 out of 10, enables attackers with administrative access to on-premises Exchange servers to escalate privileges wi

Score
78
Read more
5

Critical Linux Kernel Vulnerability Allows Attackers Gain Full Kernel-Level Control From Chrome Sandbox

GB Hackers 4 hours ago

Critical Linux Kernel Vulnerability Allows Attackers Gain Full Kernel-Level Control From Chrome Sandbox August 9, 2025: A severe security vulnerability in the Linux kernel, dubbed CVE-2025-38236, has been uncovered by Google Project Zero researcher Jann Horn, exposing a pathway for attackers ranging from native code execution within the Chrome renderer sandbox to full kernel-level control on Linux systems. The flaw, tied to the obscure MSG_OOB feature in UNIX domain sockets, affects Linux kernel

Score
78
Read more