A sophisticated Browser-in-the-Browser (BitB) campaign that combines UI spoofing, concealed iframes and multiple anti-analysis checks to coerce victims into manually installing malware. The operation uses highly convincing fake browser windows layered over legitimate pages to simulate stalled document loads and…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID…
Samsung KNOX Kernel Flaw Exposes Galaxy Devices to Memory Corruption Attacks
Samsung has addressed a critical kernel vulnerability in its KNOX security framework that puts millions of Galaxy devices at risk of memory-corruption attacks, potentially allowing full device compromise. This issue, tracked as CVE-2026-20971, was discovered by LucidBit Labs and affects…
GTA 6 Early Access Scam Uses Fake VIP Pages to Steal Cryptocurrency Payments
A fresh wave of scam websites is exploiting the fevered anticipation for Grand Theft Auto VI, offering “VIP early access” in exchange for cryptocurrency payments and delivering nothing in return. These pages are carefully designed to look legitimate neon Vice…
Bajaj Auto Discloses Ransomware Cyberattack Impacting Company and Technology Unit
Bajaj Auto has reported a ransomware attack that affected its internal systems and those of its wholly owned subsidiary, Bajaj Auto Technology Ltd (BATL). This incident highlights the growing threat of cyberattacks targeting major manufacturing and automotive organizations. The attack…
CISA Adds Ubiquiti UniFi OS Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities affecting Ubiquiti UniFi OS to its Known Exploited Vulnerabilities (KEV) catalog. This highlights the increasing risk to both enterprise and small-office network environments that rely on this…
Anthropic Launches Claude Tag AI Agent for Slack to Automate Enterprise Team Workflows
Anthropic has launched “Claude Tag,” a new AI agent capability designed to integrate seamlessly into Slack and automate workflows for enterprise teams. This announcement, made on June 23, 2026, signifies a growing synergy between collaborative platforms and autonomous AI systems.…
Dropping Elephant Hackers Use China-Themed Loader Chain to Deploy In-Memory RAT
A sophisticated campaign by the actor tracked as “Dropping Elephant” that uses a China-themed decoy document and a heavily reworked, in-memory remote access trojan (RAT). The intrusion chain combines classic living-off-the-land techniques with modern in-memory execution: an LNK shortcut spawns…
Five Eyes Agencies Warn AI Is Accelerating Cyber Threats and Zero-Day Exploitation
The Five Eyes cyber security agencies have issued a joint warning that artificial intelligence is rapidly accelerating cyber threats, including the exploitation of zero day vulnerabilities, and urged organizations to act immediately. In a statement released on June 22, 2026,…
LastPass Customer Data Exposed in Klue Supply Chain Attack Using Stolen OAuth Tokens
A security incident involving the third-party platform Klue has resulted in unauthorized access to limited customer data in LastPass. The breach occurred after attackers compromised OAuth tokens associated with enterprise integrations. This incident, disclosed by LastPass, underscores the ongoing risks…
Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations
A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-based workflows and, by extension, the software artifacts they produce. The issue is not a single bug in GitHub or any…
DifyTap Flaws Expose AI Data Across Tenants on Platform Powering 1M+ Apps
A series of critical vulnerabilities in the widely used open-source LLMOps platform Dify, which powers over one million AI applications. These vulnerabilities, collectively referred to as “DifyTap,” include four flaws, two rated as critical and two that require no authentication.…
AWS Urges Organizations to Turn Outbound Blind Spots Into Monitored Checkpoints
When securing an Amazon Web Services (AWS) estate, teams naturally concentrate on inbound protections firewalls, WAFs, and IAM policies because those defenses stop the most visible attacks. Yet outbound traffic often remains under-monitored, left permissive to avoid breaking dependencies or…
Tata Electronics Data Breach Exposes 200,000+ Files Linked to Apple and Tesla, Hackers Claim
Tata Electronics has reported a cybersecurity incident following claims from a ransomware-linked threat group that it has exfiltrated and published over 200,000 files related to Apple and Tesla’s manufacturing operations. The leaked data, which is said to amount to more…
Microsoft Uncovers Parallel Threat Activity From Two Cyberattackers in Single Intrusion
Microsoft’s latest incident write-up shows that a single intrusion can mask two parallel threat activity streams, one tied to Storm-2603 and another to an unknown actor, making the attack far more complex than a conventional ransomware case. The incident began…
Critical libssh2 Vulnerability Lets Remote Attackers Execute Code via Crafted SSH Packets
A critical security vulnerability has been identified in libssh2, a widely used client-side SSH library. This flaw allows remote attackers to execute code by sending specially crafted SSH packets. The vulnerability, tracked as CVE-2026-55200, has a CVSS score of 9.2…
Critical FFmpeg Vulnerability Lets Hackers Execute Remote Code via Malicious Media Files
A critical memory corruption vulnerability in FFmpeg has been disclosed, allowing for remote code execution through specially crafted media files. This flaw, tracked as CVE-2026-8461 and named “PixelSmash,” affects the MagicYUV decoder within FFmpeg’s libavcodec library and has a CVSS…
Cybercriminals Abuse TDS Infrastructure to Bypass Firewalls and Hide Malicious Destinations
Cybercriminals are increasingly abusing traffic distribution systems (TDSs) to evade defenses, conceal malicious destinations, and funnel victims into phishing, fraud, and malware campaigns. Once considered a legitimate marketing tool to route visitors to different content or offers, TDS infrastructure is…
FlutterShell Malware Uses C2-Delivered JavaScript Payloads to Evade Sandbox Detection
Targeted macOS endpoint monitoring, the CL-CRI-1089 cluster tied to Operation FlutterBridge repurposes the Flutter framework to deliver a novel macOS malware family dubbed FlutterShell. Rather than rehashing prior campaign reporting, this piece treats recovered artifacts as a technical detection case…
CodeStorm Phishing Campaign Targets M365 Tenants With Token Reuse and Replay Attacks
A multi-organization phishing campaign attributed to the CodeStorm family is actively targeting Microsoft 365 tenants with a tenant-aware AiTM (adversary-in-the-middle) phishing kit that combines rotating frontends and backend replay behavior under a stable controller path, /google.php. The human recipient rarely…