Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Hackers are increasingly abusing search engine optimization (SEO) techniques to distribute malware by impersonating popular AI developer tools, including Gemini CLI and Claude Code. The activity, first observed in early March 2026, shows attackers creating malicious domains that rank above…

Read more →

Apache CXF users are facing a significant security risk following the disclosure of a new vulnerability that exposes systems to LDAP injection attacks, potentially allowing unauthorized access to sensitive certificate data. The issue, tracked as CVE-2026-44930, has been classified as…

Read more →

PuTTY 0.84 has been released with three minor security fixes that address issues that could allow remote attackers to crash the client or trick users during insecure sessions. Although the vulnerabilities are classified as low severity, they affect core components…

Read more →

Phishing campaigns are entering a new phase as attackers abandon traditional SMS delivery and static credential theft in favor of encrypted messaging channels and real-time account takeover techniques. Unlike conventional SMS phishing, RCS and iMessage operate over data networks with…

Read more →

Multiple memory safety bugs in 7‑Zip 26.00 allow remote attackers to leak sensitive data and, in at least one case, execute arbitrary code when a victim opens a crafted archive file. GitHub Security Lab has disclosed a critical heap buffer…

Read more →

A newly uncovered cyber campaign dubbed “Operation Dragon Whistle” is targeting China’s education sector with highly tailored spear-phishing attacks that deploy Cobalt Strike beacons via deceptive PDF/LNK files. The attackers crafted emails that impersonate official university communications, urging students and…

Read more →

Jailbroken Gemini AI has been weaponised in a long-running campaign that combined political influence, credential theft, and a cryptocurrency wallet heist, all operated by a single threat actor using a fake “patriot” persona. Trend Micro researchers recently documented how a…

Read more →

Anthropic is preparing to expand access to its most advanced AI model, Claude Mythos, signaling a shift from tightly controlled deployment to a staged commercial rollout under a new version labeled Mythos 1. The move suggests the company is transitioning…

Read more →

Payload ransomware is a new Windows ransomware family that combines ChaCha20 stream encryption with per-file Curve25519 ECDH key exchange, making victim data effectively unrecoverable without the attackers’ private key. It also implements strong anti-forensics, including ETW patching, VSS deletion, event…

Read more →

Hackers are actively exploiting a critical vulnerability in the KnowledgeDeliver Learning Management System (LMS) to deploy the BLUEBEAM web shell, according to findings from Mandiant’s Google Threat Intelligence Group. The flaw, tracked as CVE-2026-5426, enables unauthenticated remote code execution through…

Read more →

A North Korea-linked threat group, Void Dokkaebi, also known as Famous Chollima, has significantly upgraded its malware delivery techniques by converting its Python-based InvisibleFerret malware into compiled binary modules. InvisibleFerret was previously deployed as readable Python scripts, making it easier…

Read more →

A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies the Windows termsrv.dll library to enable multiple Remote Desktop Protocol (RDP) sessions on compromised systems. Observed throughout 2025…

Read more →

Italian law enforcement agencies have dismantled a sophisticated piracy operation centered around the CINEMAGOAL application, which enabled unauthorized access to premium streaming platforms including Netflix, Sky, DAZN, Disney+, and Spotify. The operation, codenamed “All Clear,” was led by the Financial…

Read more →

Cybercriminal groups are increasingly using Telegram channels and encrypted platforms to sell verified bank and fintech mule accounts, signaling a major shift in how illicit funds are laundered at scale. According to recent threat intelligence findings, money mule operations have…

Read more →

Security researchers have raised concerns over how WhatsApp stores user chat data on macOS and iOS, revealing that message databases may be stored in unencrypted form within app group containers accessible by other applications from the same developer ecosystem. According…

Read more →

A sharp surge in internet scanning activity targeting SonicWall firewall management interfaces has raised concerns among cybersecurity researchers, with GreyNoise reporting nearly 597,000 sessions in a single day. The spike, observed on May 12, 2026, marks the highest volume recorded…

Read more →

Hackers are increasingly exploiting cloud identity and access management systems, and a methodical, sophisticated, and multi-layered attack, where a threat actor we track as Storm-2949 launched a relentless campaign with a singular focus: to exfiltrate as much sensitive data from…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, which is now being actively exploited in the wild. The flaw has been added to CISA’s…

Read more →

Hackers are increasingly abusing shared Content Delivery Network (CDN) infrastructure to bypass domain-reputation-based security controls using a newly identified technique called “Underminr.” Underminr is not a conventional software flaw but an inherent weakness in how modern CDNs handle multi-tenant traffic.…

Read more →

Hackers have been observed disguising a malicious Linux payload under an SSH-like filename during software installation, as part of a coordinated supply chain attack targeting developer ecosystems. The attack hinges on a hidden post-install script embedded inside package.json, rather than the expected composer.json used in…

Read more →