Microsoft’s latest incident write-up shows that a single intrusion can mask two parallel threat activity streams, one tied to Storm-2603 and another to an unknown actor, making the attack far more complex than a conventional ransomware case. The incident began…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Critical libssh2 Vulnerability Lets Remote Attackers Execute Code via Crafted SSH Packets
A critical security vulnerability has been identified in libssh2, a widely used client-side SSH library. This flaw allows remote attackers to execute code by sending specially crafted SSH packets. The vulnerability, tracked as CVE-2026-55200, has a CVSS score of 9.2…
Critical FFmpeg Vulnerability Lets Hackers Execute Remote Code via Malicious Media Files
A critical memory corruption vulnerability in FFmpeg has been disclosed, allowing for remote code execution through specially crafted media files. This flaw, tracked as CVE-2026-8461 and named “PixelSmash,” affects the MagicYUV decoder within FFmpeg’s libavcodec library and has a CVSS…
Cybercriminals Abuse TDS Infrastructure to Bypass Firewalls and Hide Malicious Destinations
Cybercriminals are increasingly abusing traffic distribution systems (TDSs) to evade defenses, conceal malicious destinations, and funnel victims into phishing, fraud, and malware campaigns. Once considered a legitimate marketing tool to route visitors to different content or offers, TDS infrastructure is…
FlutterShell Malware Uses C2-Delivered JavaScript Payloads to Evade Sandbox Detection
Targeted macOS endpoint monitoring, the CL-CRI-1089 cluster tied to Operation FlutterBridge repurposes the Flutter framework to deliver a novel macOS malware family dubbed FlutterShell. Rather than rehashing prior campaign reporting, this piece treats recovered artifacts as a technical detection case…
CodeStorm Phishing Campaign Targets M365 Tenants With Token Reuse and Replay Attacks
A multi-organization phishing campaign attributed to the CodeStorm family is actively targeting Microsoft 365 tenants with a tenant-aware AiTM (adversary-in-the-middle) phishing kit that combines rotating frontends and backend replay behavior under a stable controller path, /google.php. The human recipient rarely…
FortiBleed Campaign Uses FortigateSniffer to Harvest 110 Million Credentials From Fortinet Firewalls
A large-scale credential harvesting campaign called “FortiBleed” has been uncovered, revealing how threat actors are exploiting Fortinet FortiGate firewalls to capture authentication data on an unprecedented scale. Research from the SOCRadar Threat Research Unit (STRU) indicates that this operation has…
Two Scattered Spider Hackers Convicted Over Transport for London Cyber Attack
Two alleged members of the notorious Scattered Spider cybercrime collective have pleaded guilty to orchestrating a disruptive cyber attack against Transport for London (TfL). This marks a significant law enforcement victory against a group known for targeting large enterprises and…
CalPhishing Campaigns Use Outlook Calendar Invites to Deliver Persistent Phishing Lures
A growing trend in which attackers weaponize Microsoft 365 collaboration features to deliver persistent phishing lures via Outlook calendar invites. By abusing Microsoft 365 Groups and Outlook calendar functionality, threat actors move malicious intent out of a single suspicious message…
OpenAI Launches Daybreak to Automate Vulnerability Patching With GPT-5.5-Cyber
OpenAI has announced Daybreak, a new cybersecurity initiative aimed at automating vulnerability patching on a large scale using its latest GPT-5.5-Cyber model. This marks a shift from merely discovering vulnerabilities to focusing on end-to-end remediation. The initiative addresses a growing…
29-Year-Old Squid Proxy Vulnerability Exposes Authorization Headers and API Keys
A recently disclosed vulnerability in Squid Proxy, tracked as CVE-2026-47729 and referred to as “Squidbleed,” is exposing sensitive user data, including HTTP authorization headers and API keys. This issue arises from a decades-old memory-handling flaw in Squid’s codebase, dating back…
ClawHub Scope Squatting Lets Plugins Masquerade as Official OpenClaw Integrations
A supply-chain weakness in ClawHub’s plugin registry that allowed third-party packages to squat under organizational scopes and inherit first‑party credibility. In a catalog review Manifold found 23 code‑executing plugins published under the @openclaw/ and @clawhub/ scopes by accounts that have…
QNAP Fixes 14 Vulnerabilities in QTS, QuTS Hero, QuTS Cloud, and QVP
QNAP has issued security advisory QSA-26-10, which addresses 14 vulnerabilities affecting its widely used NAS and surveillance platforms, including QTS, QuTS hero, QuTS cloud, and QVP (QVR Pro appliances). These vulnerabilities were disclosed on April 6, 2026, and are categorized…
Microsoft 365 Sensitivity Labels Now Block AI-Powered Content Analysis in Office Apps
Microsoft has announced a significant update to its Microsoft 365 ecosystem to enhance data protection. This update will prevent AI-powered and connected content analysis in Office applications when sensitivity labels are applied. According to Microsoft, the company is expanding the…
Malicious npm Package Masquerades as PostCSS Utility to Deliver PowerShell Downloader
A malicious npm package, postcss-minify-selector-parser, has been discovered masquerading as a benign PostCSS utility and delivering a multi-stage Windows remote access trojan (RAT). The imposter deliberately mimics the widely used postcss-selector-parser a legitimate library with more than 150 million weekly…
Multi-Stage Steganographic Loader Deploys Remcos RAT and Multiple Infostealers Globally
A suspicious file named “GST Debit Note Apr_26.com,” which triggered a deeper investigation and revealed a polished, multi-stage steganographic loader delivering Remcos RAT and multiple infostealers across a global phishing campaign. The initial sample arrived as an archive attachment and…
LACUNA Chain Ghost Frames Technique Bypasses EDR Call-Stack Detection
The LACUNA Chain’s “Ghost Frames” technique introduces a new method for manipulating call stacks that effectively bypasses modern Endpoint Detection and Response (EDR) systems, which rely on kernel-level stack inspection. This marks a significant advancement in post-exploitation tactics. Security researcher…
282 iOS Apps Found Leaking LLM API Credentials in Network Traffic
Researchers have uncovered a systemic LLM credential exposure problem in the iOS ecosystem, with 282 AI‑powered apps leaking exploitable API credentials and backend access mechanisms directly in network traffic. The findings highlight widespread misuse of OpenAI, Gemini, and other LLM…
Microsoft Confirms Windows 11 26H2 Upgrade via Enablement Package for Faster Deployment
Microsoft has announced that the upcoming Windows 11 version 26H2 will be delivered using an enablement package model. This approach aligns with their goal of providing streamlined, low-disruption feature updates specifically for enterprise environments. According to the Windows IT Pro…
AryStinger Botnet Uses Intranet Scanning and Traffic Tunneling to Hide Attacker Activity
A newly analyzed botnet family, AryStinger, weaponizes long‑neglected routers and NAS appliances to build a stealthy reconnaissance and relay infrastructure that helps attackers obscure origin and extend lateral reach. AryStinger leverages decade‑old vulnerabilities in RTL819X‑based routers and a more feature‑rich…