A large-scale supply chain poisoning campaign dubbed ClawHavoc has hit OpenClaw’s official skill marketplace, ClawHub, with at least 1,184 malicious “Skills” historically published on the platform. The incident highlights how fast-growing AI agent ecosystems can become high-value malware distribution channels when plugins…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
ClickFix Exploits Homebrew Workflow to Deploy Cuckoo Stealer for macOS Credential Theft
ClickFix is being weaponized against macOS developers by turning a trusted Homebrew workflow into a stealthy delivery channel for a new infostealer dubbed Cuckoo Stealer. The campaign shows how attackers can skip exploit chains entirely and instead rely on users…
Palo Alto Networks to Acquire Koi Security for Enhanced Agentic Endpoint Security
Palo Alto Networks announced on February 17, 2026, that it has entered a definitive agreement to acquire Koi Security, a pioneer in Agentic Endpoint Security. The acquisition aims to address a critical security gap created by AI agents and tools…
Malware Campaign Targets Crypto Users with Fake MetaMask Wallet and Remote Access Backdoor
An aggressive malware campaign targeting IT professionals in cryptocurrency, Web3, and AI to steal sensitive data and live crypto funds from victim wallets. The attackers pose as recruiters and use trojanized coding tasks to deliver two core malware families, BeaverTail…
CISA Flags Actively Exploited Windows Video ActiveX Control RCE in KEV List
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This specific security flaw, identified as CVE-2008-0015, impacts the Windows Video ActiveX Control and allows for remote…
New SysUpdate Variant Malware Discovered, Decryption Tool for Linux C2 Traffic Released
A new Linux malware sample that strongly aligns with the SysUpdate malware family used by APT27/Iron Tiger. Initially detected on a client’s system, the binary behaved like a system service and executed the GNU/Linux id command when run without specific arguments, returning…
MetaMask Users Targeted by Phishing Emails with Fake Security Report to Bypass Detection
A new phishing campaign is targeting MetaMask users with cleverly crafted emails designed to trick recipients into enabling a fake Two-Factor Authentication (2FA) setup. The lure includes a forged “security report” PDF meant to mimic a legitimate notification about unusual…
Foxveil Malware Loader Uses Cloudflare, Netlify, and Discord to Bypass Detection
A new malware loader, dubbed Foxveil, that abuses trusted platforms such as Cloudflare Pages, Netlify, and Discord to stage and deliver malicious payloads while evading traditional detection methods. Active since at least August 2025, the loader is used as an…
CISA Warns of Actively Exploited Google Chromium 0‑Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Google Chromium engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracking as CVE-2026-2441, this security flaw is currently being actively exploited in the wild. The…
New Phishing Campaign Exploits Booking.com Partners, Targets Customers in Multi-Stage Fraud Scheme
New phishing activity is again abusing the Booking.com ecosystem to defraud both hotel partners and their guests, using a coordinated multi‑stage campaign that blends email, infrastructure abuse, and social engineering across email and WhatsApp. The primary objective is financial gain, using tailored…
Critical Flaw in Windows Admin Center Exposes Systems to Privilege Escalation Attacks
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying on the platform for server management. The…
CRESCENTHARVEST Malware Campaign Uses Iran Protest Lures to Deploy Info‑Stealing RAT
A new malware campaign, dubbed CRESCENTHARVEST, that abuses the ongoing Iran protest narrative to deliver a powerful information‑stealing remote access trojan (RAT) against Farsi‑speaking users. The operation appears tailored to supporters of the protests and other Iran‑focused audiences, with a clear…
OpenClaw AI ‘Log Poisoning’ Flaw Enables Malicious Content Injection
A severe “log poisoning” vulnerability has been discovered in the popular OpenClaw AI assistant, potentially allowing attackers to manipulate the agent’s behaviour through indirect prompt injection. OpenClaw, an open-source autonomous agent known for its deep system integrations and ability to…
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk…
Russia Set to Block Telegram Access Nationwide from April 1
Russia is preparing to implement a nationwide block on Telegram starting April 1, 2026, according to reports from the Russian insider channel Baza. The move would make the messaging platform completely inaccessible without VPN technology, mirroring previous restrictions imposed on…
Cybercriminals Exploit Atlassian Cloud to Launch Spam Campaigns Promoting Fraudulent Investments
Cybercriminals abused Atlassian Cloud’s trusted infrastructure to run a burst of highly automated spam campaigns that redirected victims to fraudulent investment schemes and online casinos, highlighting the growing risk of SaaS-powered email abuse. By riding on Atlassian Jira Cloud’s strong…
Matanbuchus 3.0 Unleashes AstarionRAT via ClickFix Social Engineering and Silent MSI Installs
Matanbuchus 3.0 has resurfaced in a tightly orchestrated intrusion chain that blends ClickFix social engineering, silent MSI installations, DLL sideloading, and a new remote access trojan dubbed AstarionRAT, underscoring how mature loaders are evolving toward stealthy, multi‑stage operations rather than simple payload…
Washington Hotel in Japan Hit by Ransomware Attack
Washington Hotel, a prominent hotel chain in Japan, has confirmed a ransomware attack that compromised several of its servers on February 13, 2026. The incident was detected at 10:00 PM when unauthorized access was identified on multiple servers, prompting immediate…
New ‘ClickFix’ Malware Payload Targets Browser Cache, Warns Cybersecurity Experts
Threat actors on underground forums are now promoting a new “ClickFix” payload-delivery technique that hides malware in the browser cache to evade endpoint detection and response (EDR) tools. The seller pitches the method as an evolution of existing ClickFix/FileFix social‑engineering…
India’s Largest Pharmacy Exposes Customer Personal Data and Internal System Access
A major security vulnerability was recently discovered in the online infrastructure of Dava India, one of the country’s largest generic pharmacy retail chains. The breach, identified by security researcher Eaton, exposed sensitive customer personal data and granted unauthorized access to…