A sophisticated Brazilian banking trojan named TCLBANKER, deployed through a trojanized Logitech installer and capable of hijacking victims’ WhatsApp and Outlook accounts to spread itself to new targets. The campaign, tracked as REF3076, delivers TCLBANKER through a malicious MSI installer bundled inside…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Vidar Infostealer Campaign Steals Passwords, Cookies, Crypto Wallets, and Device Data
A highly evasive multi-stage malware campaign deploying the Vidar Infostealer. First discovered in late 2018 and built on the Arkei stealer source code, Vidar is notorious for aggressively harvesting user credentials, browser session cookies, cryptocurrency wallets, and detailed system data.…
NVIDIA Confirms GeForce Data Breach Exposed Users’ Personal Data
GFN Cloud Internet Services, operating as the regional NVIDIA GeForce NOW cloud gaming partner, GFN.AM has officially confirmed a significant data breach. The security incident exposed personal information of users registered on their streaming platform. While the company has now…
Pam Backdoor Targets Linux Systems to Steal SSH Credentials
A newly observed Linux backdoor technique, dubbed Pam, is exploiting the flexibility of Pluggable Authentication Modules (PAM) to capture SSH credentials and maintain persistence on compromised systems stealthily. Since its introduction in 1991 by Linus Torvalds, Linux has been designed for…
Modular RAT Campaign Steals Credentials and Captures Screenshots
A sophisticated spear-phishing campaign, dubbed Operation GriefLure, targeting senior executives in Vietnam and the Philippines with a stealthy modular remote access trojan (RAT). The campaign focuses on high-value organizations, including Viettel Group Vietnam’s largest military-backed telecom provider and St. Luke’s Medical…
Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents
Cline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep access to source code, cloud credentials, and terminals, Cline automates complex coding tasks. However, researchers from…
Fake OpenClaw Installer Targets Crypto Wallets and Password Managers
Hackers are abusing a fake OpenClaw installer to deploy a modular Rust-based infostealer framework dubbed Hologram, aimed at harvesting credentials from more than 250 crypto wallet and password manager browser extensions while hiding behind trusted cloud and messaging services. The site…
ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations
A new cross‑platform malware family, dubbed ZiChatBot, that abuses the trusted Python Package Index (PyPI) ecosystem and the Zulip team chat platform to run a stealthy command‑and‑control (C2) channel. During routine threat hunting, analysts observed a series of malicious wheel packages…
Fake Moustache Fools Age Checks, Sparks Online Safety Act Fears
A critical gaps in age verification systems introduced under the Online Safety Act, with children easily bypassing safeguards using simple tricks including drawing fake facial hair to appear older on camera. The Online Safety Act, which came into force in…
Hackers Use Morse Code to Trick Grok and Bankrbot, Steal $200K in Crypto Tokens
Threat actors have successfully executed a novel prompt injection attack against artificial intelligence agents, draining approximately $200,000 in cryptocurrency. By using Morse code to bypass standard AI safety filters, an attacker tricked the Grok AI model and an autonomous wallet…
Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges
The SUSE Rancher Security team disclosed a critical vulnerability tracked as CVE-2026-41050. This severe flaw affects Rancher Fleet, a popular GitOps tool for managing Kubernetes clusters at scale. The vulnerability completely breaks the platform’s core multi-tenant isolation mechanism, allowing malicious…
Trellix Investigates RansomHouse Breach Claims Involving Source Code Repository
Leading cybersecurity firm Trellix is actively investigating a potential security incident following claims made by the RansomHouse extortion group. The threat actors recently listed Trellix on their dark web leak site, alleging a successful cyberattack against the prominent security vendor.…
Signed Logitech Installer Abused to Drop TCLBANKER Banking Trojan
Hackers are abusing a signed Logitech installer to stealthily deploy a new Brazilian banking trojan known as TCLBANKER, giving threat actors a powerful tool to steal financial data and self‑propagate through popular communication platforms. The malware specifically targets Brazilian users…
423 Firefox Flaws Fixed as Browser Gains Support for Claude, Mythos, and More
Mozilla has successfully identified and patched 423 latent security vulnerabilities in Firefox using advanced artificial intelligence models, notably Claude Mythos Preview. Two weeks after initially announcing their AI-assisted security initiative, Firefox developers have shared a behind-the-scenes look at how they…
New Infostealer Campaign Abuses GitHub Releases to Hide Malware Payloads
A new cyberespionage campaign that abuses GitHub Releases and a PE-less Python implant to steal data from targeted Windows systems quietly. The operation combines social engineering, trusted cloud infrastructure, and multi-stage obfuscation to maintain long-term, covert access to victim machines.…
PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB Credentials
A newly identified malware framework dubbed PCPJack is targeting exposed cloud and container infrastructure to steal credentials at scale while actively removing artifacts linked to the TeamPCP threat actor. Unlike typical cloud-focused campaigns, PCPJack skips cryptomining entirely and instead appears optimized for…
PoC Exploit Released for Dirty Frag Linux Kernel Vulnerability
A proof-of-concept exploit for a new Linux kernel vulnerability class dubbed “Dirty Frag”. This universal local privilege escalation vulnerability allows attackers to obtain root access across most major Linux distributions reliably. Because a third party unexpectedly broke the responsible disclosure…
Multiple Critical Flaws Fixed in Next.js and React Server Components
Vercel has rolled out vital security updates for Next.js to address a wave of high-severity vulnerabilities affecting versions across the 13.x to 16.x branches. Published via GitHub advisories by Tim Neutkens, these flaws expose web applications to severe risks, including…
NWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2
A new distribution method for the NWHStealer infostealer that leverages the Bun JavaScript runtime, marking a significant evolution in the malware’s delivery infrastructure. The threat actors behind this Rust-based stealer are exploiting Bun’s relative newness and high-performance capabilities to package…
Fake Call History Apps on Google Play Steal Payments, Hit 7.3M+ Downloads
28 fake “call history” utilities on Google Play, collectively installed more than 7.3 million times, have been exposed as subscription scams that generate fabricated logs instead of real phone records, with several also bypassing Google’s official billing system to make…