Security researchers have confirmed that the sophisticated iOS exploit chain known as DarkSword is now accessible outside of its original threat actor groups. Recently, security researcher @matteyeux successfully achieved kernel read/write access on an iPad mini 6th generation running iOS…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Tycoon2FA Operators Resume Cloud Account Phishing Following Infrastructure
Tycoon2FA operators have resumed large-scale cloud account phishing just days after law enforcement and industry partners disrupted the platform’s core infrastructure, underscoring the resilience of phishing-as-a-service (PhaaS) ecosystems and the limits of infrastructure-only takedowns. Authorities in Latvia, Lithuania, Portugal, Poland,…
Dell Wyse Management Flaws Could Lead to Full System Compromise
Security researcher Aleksandr Zhurnakov from PT Security has discovered a critical exploit chain in Dell Wyse Management Suite. By combining seemingly minor logic flaws, an attacker can achieve unauthenticated remote code execution. This attack targets the On-Premises version of the…
TeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes Wiper
CanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it lands on systems configured for Iran. The campaign reuses the same Internet Computer Protocol (ICP) canister C2 and backdoor infrastructure…
Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution
TP-Link recently published a critical security advisory addressing four high-severity vulnerabilities in its Archer series routers. The flaws impact the Archer NX200, NX210, NX500, and NX600 models. If successfully exploited, these vulnerabilities enable threat actors to bypass authentication, execute unauthorised…
Threat Actors Target MS-SQL Servers to Deploy ICE Cloud Scanner Malware
Threat actors are continuing to aggressively target Microsoft SQL (MS-SQL) servers in 2026, with new evidence showing the deployment of a scanner malware known as ICE Cloud Client. Larva-26002 has maintained a consistent focus on poorly secured MS-SQL servers exposed…
Founder of CoinDCX Arrested Amid Serious Fraud and Cheating Charges
The Indian cryptocurrency sector is currently facing a significant legal and cybersecurity controversy following the recent arrest of prominent CoinDCX executives. Local law enforcement from Mumbra police in Thane apprehended co-founders Sumit Gupta and Neeraj Khandelwal in Bengaluru. Both executives…
Google Forms Job Scam Spreads PureHVNC Malware
A newly observed malware campaign is leveraging trusted platforms like Google Forms to distribute the PureHVNC Remote Access Trojan (RAT), marking a shift in how attackers initiate infections. Rather than relying on traditional phishing emails or malicious websites, threat actors…
Russian Access Broker Jailed for Facilitating Ransomware Attacks Targeting U.S. Companies
A United States federal court has sentenced Aleksei Volkov, a 26-year-old Russian national, to 81 months in prison for operating as an initial access broker. Volkov played a critical part in enabling major cybercrime syndicates, including the Yanluowang ransomware group,…
Microsoft Unveils New GenAI Security Protections in Azure AI Foundry
Microsoft has outlined a new set of security safeguards designed to protect generative AI models hosted on Azure AI Foundry, as organizations increasingly adopt advanced AI systems into critical workflows. The move comes amid rapid growth in generative AI capabilities,…
New Leak Site Tied to Active Initial Access Broker Emerges on Underground Forums
A new Tor-based leak site dubbed ALP-001 has quietly moved from selling network footholds to publicly naming victims, signaling an evolution from pure initial access brokerage to full-scale cyber extortion. The ALP-001 site, reachable only over Tor, advertises itself as…
NIST Releases Quick-Start Guide Linking Cybersecurity, Enterprise Risk, and Workforce Management
The National Institute of Standards and Technology (NIST) has officially released Special Publication 1308, a new quick-start guide designed to align cybersecurity, enterprise risk, and workforce management. Published in March 2026, this documentation addresses the growing need for organizations to…
SilentConnect Uses Fake Invites to Deploy ScreenConnect RAT
SILENTCONNECT is a new multi-stage Windows loader that abuses fake online invitations and trusted cloud services to silently deploy the ConnectWise ScreenConnect remote access tool on victim systems. The campaign blends social engineering, living-off-the-land binaries, and low-level evasion techniques to…
Roundcube Releases Urgent Security Update to Fix Critical Bugs
Roundcube Webmail, a widely deployed open-source webmail interface, has released an urgent security update to address multiple critical vulnerabilities. The new stable release, version 1.6.14, patches eight distinct security flaws reported by independent security researchers. Because webmail servers process highly…
Fake ChatGPT Invites Target Android Users With Malware
Threat actors are now abusing Google’s Firebase App Distribution service to push fake Android ChatGPT and Meta advertising apps that steal Facebook credentials and enable account takeover. The operation closely mirrors a recent iOS phishing campaign that used bogus ChatGPT…
Critical NetScaler ADC and Gateway Flaws Expose Systems to Remote Attacks
Cloud Software Group has published a critical security bulletin addressing two significant vulnerabilities in customer-managed NetScaler ADC and NetScaler Gateway deployments. These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow attackers to extract sensitive data from memory or to gain…
Chrome Security Update Fixes 8 Vulnerabilities That Could Enable Remote Code Execution
Google has released a crucial security update for its Chrome browser, addressing eight high-severity vulnerabilities. Users are strongly advised to update their browsers immediately to protect their systems from potential remote code execution attacks. The stable channel update rolls out…
Tax Scam Google Ads Push BYOVD EDR Killer, Huntress Finds
Tax-themed Google Ads are being weaponized to deliver a BYOVD-based EDR killer, with Huntress linking a large-scale malvertising campaign to rogue ScreenConnect deployments and a vulnerable Huawei audio driver used to blind endpoint defenses before hands-on-keyboard activity. Sponsored Google Ads…
SEO Poisoning Campaign Uses Fake Popular Apps to Deliver AsyncRAT
SEO Poisoning Campaign Impersonates 25+ Popular Apps to Deliver AsyncRAT Since October 2025.An ongoing SEO poisoning campaign abuses search results to trick users into downloading trojanized installers for more than 25 popular applications, ultimately deploying the AsyncRAT remote access trojan.…
Libyan Refinery Targeted in Prolonged Spy Campaign With AsyncRAT
A targeted cyber espionage campaign against Libyan organizations has compromised an oil refinery, a telecommunications provider, and a state institution between November 2025 and February 2026. The campaign stands out due to its focus on critical infrastructure, particularly Libya’s oil…