A critical zero-day vulnerability in Cisco Catalyst SD-WAN infrastructure, tracked as CVE-2026-20127, is currently under active exploitation by highly sophisticated threat actors. The situation has grown considerably more severe following the public release of a working Proof-of-Concept (PoC) exploit, which…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Threat Actors Exploit Fake Claude Code Downloads to Deploy Infostealer Malware
Threat actors are abusing interest in Anthropic’s Claude Code tools by setting up fake download pages that ultimately drop a lightweight infostealer via mshta.exe. The campaign shows how a single living‑off‑the‑land binary (LOLBIN) can power an effective data‑theft chain without any…
RingH23 Threat Actors Target MacCMS and CDN Infrastructure with New Arsenal
Threat actors are abusing a new Linux-based toolkit dubbed RingH23 to silently compromise MacCMS-based video sites and hijack CDN infrastructure at scale, redirecting millions of users to gambling, pornography, and fraud platforms. Evidence shows Funnull has re-emerged with a fully…
DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks
Suspected DPRK-linked threat actors have been observed compromising cryptocurrency firms through a coordinated campaign that blends web-app exploitation, cloud abuse, and secrets theft to position for large‑scale digital asset theft. The intrusions show a full kill chain from initial access…
Critical pac4j-jwt Authentication Bypass Vulnerability Allows Attackers to Impersonate Any User
A critical security flaw in the popular Java authentication library pac4j-jwt allows attackers to completely bypass authentication and impersonate any user, including administrators. Tracked as CVE-2026-29000, this vulnerability carries a maximum CVSS score of 10.0 and requires nothing more than…
Top 10 Best Cybersecurity Marketing Agencies to Watch in 2026
As the digital threat landscape continues to evolve rapidly, the marketplace for security solutions has become fiercely congested. For B2B vendors, whether you are selling enterprise Zero Trust architecture, dark web monitoring tools, or consumer-grade privacy software, standing out requires…
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts
A highly coordinated malware campaign that targets cryptocurrency and Web3 professionals through fake venture capital (VC) identities on LinkedIn. The operation combines advanced social engineering with cross-platform payloads and a ClickFix-style fake CAPTCHA flow that tricks users into running malicious…
Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities
Google released an urgent security update for its Chrome browser to address 10 vulnerabilities. Deployed on March 3, 2026, this stable channel update fixes three critical flaws and seven high-severity issues. The emergency patch protects users from potential exploits that…
Cisco Secure Firewall Management Flaw Allows Remote Code Execution
Cisco recently disclosed a critical security vulnerability affecting its Secure Firewall Management Centre (FMC) software. This severe flaw carries a maximum severity score of 10.0 and allows unauthenticated, remote attackers to execute arbitrary code with root privileges. CVE ID CVSS…
RedAlert Mobile Espionage Campaign Exploits Trojanized Rocket Alert App to Spy on Civilians
A newly discovered mobile espionage operation dubbed “RedAlert” has surfaced amid the ongoing Israel–Iran conflict, exploiting wartime fear and dependency on early-warning systems. The campaign targets civilians by distributing a trojanized version of the Israeli Home Front Command’s official Rocket Alert application, aiming…
Threat Actors Intensify Targeting of IP Cameras Across the Middle East Amid Ongoing Conflict
Cyber operations have once again become an integral component of the ongoing conflict across the Middle East, with researchers identifying a wave of attacks against Internet-connected IP cameras beginning on February 28, 2026. According to CPR, the observed campaigns appear to…
Cisco Secure Firewall Vulnerability Exposes Networks to Authentication Bypass Attacks
Cisco recently disclosed a critical vulnerability in its Secure Firewall Management Centre (FMC) Software that allows unauthenticated remote attackers to gain complete root access to affected devices. Holding a maximum severity CVSS score of 10.0, this flaw demands immediate attention…
Cisco Catalyst SD-WAN Flaws Expose Devices to Root Access, Threatening Network Security
Cisco has issued critical software updates to address multiple vulnerabilities in the Catalyst SD-WAN Manager (formerly SD-WAN vManage) that could allow attackers to bypass authentication, elevate privileges to root, and execute arbitrary commands. The advisory (cisco-sa-sdwan-authbp-qwCX8D4v), originally published on February…
Operation Leak: Authorities Dismantle LeakBase Forum, Secure User Data and IP Logs
The FBI, working alongside international law enforcement agencies, has successfully dismantled the notorious cybercriminal forum LeakBase. Dubbed “Operation Leak,” this coordinated global effort resulted in the seizure of the platform’s domains and its underlying infrastructure. LeakBase was a prominent online…
Tycoon 2FA Phishing Operation Dismantled in Joint Raid by Microsoft and Europol
Microsoft, Europol, and industry partners have successfully dismantled the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform. Operating since August 2023, this immense adversary-in-the-middle (AiTM) operation allowed cybercriminals to bypass multi-factor authentication (MFA) and infiltrate over 96,000 distinct victims globally. This coordinated disruption…
Cyberattack Alert: Hackers Impersonate LastPass Support to Steal Vault Passwords
A new phishing campaign impersonating LastPass support emails is targeting users to steal their vault passwords and account credentials. The phishing campaign uses fake email chains that appear to be forwarded internal messages about suspicious account activity. Attackers craft messages to make it appear that…
Honeywell Controllers Widely Exposed Without Authentication
Security researchers at Zero Science Lab have disclosed a critical vulnerability in Honeywell’s Trend IQ4xx series of Building Management System (BMS) controllers, revealing that the devices expose their full web-based Human-Machine Interface (HMI) without any authentication in their factory-default configuration.…
Iran‑Linked “Dust Specter” APT Deploys AI‑Aided Malware Against Iraqi Officials
Iran‑nexus APT group “Dust Specter” is targeting Iraqi government officials with AI‑assisted custom .NET malware, using dual attack chains that blend DLL sideloading, in‑memory PowerShell, and ClickFix‑style lures. In January 2026, Zscaler ThreatLabz tracked a new campaign against Iraqi officials…
CISA Warns Qualcomm Chipsets Memory Corruption Vulnerability Is Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Qualcomm chipset vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on March 3, 2026, confirming active exploitation in the wild. The flaw, tracked as CVE-2026-21385, affects multiple Qualcomm chipsets and…
New Threat Report: AI Accelerates High-Velocity Cyber Attacks
Cyberattacks are shifting from “breaking in” to simply “logging in,” with AI now automating high-speed operations that overwhelm human defenders. Cloudforce One describes MOE as a cold ratio of effort to operational outcome, and modern threat actors are optimizing every…