Threat actors are abusing shareable ChatGPT and Grok conversations and pushing them with Google Search ads to trick macOS users into running Terminal commands that install the Atomic macOS Stealer (AMOS). This campaign shows how attackers now blend social engineering…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Windows Shell Zero-Day Vulnerability Allows Attackers to Bypass Authentication
Microsoft has issued an urgent security warning following the discovery of a zero-day vulnerability in the Windows Shell, now tracked as CVE-2026-21510. This critical flaw, which carries a high severity score of 8.8, is currently being exploited in the wild, forcing a…
Legacy IRC Botnet Leverages Automated SSH Exploit Pipeline to Mass-Enroll Linux Hosts
Identified through data captured by our SSH honeypots over two months, this campaign represents a sophisticated blend of eras. It merges “old-school” Internet Relay Chat (IRC) botnet tactics from the late 2000s with modern, automated mass-compromise techniques. While the infrastructure…
Cephalus Ransomware Emerges as Go-Based Double-Extortion Threat Exploiting Exposed RDP Access
A sophisticated ransomware operation known as Cephalus has emerged as a significant cybersecurity threat since mid-2025, exploiting exposed Remote Desktop Protocol (RDP) services to breach organizations worldwide. Developed in the Go programming language, this malware represents a growing trend of…
FortiOS Vulnerability Enables LDAP Authentication Bypass
Fortinet has issued a high-severity security advisory regarding a vulnerability in specific versions of its FortiOS operating system. The flaw, identified as CVE-2026-22153, could allow unauthorized attackers to bypass authentication mechanisms, potentially granting them access to critical network resources. The vulnerability…
GitLab Patches Multiple Vulnerabilities Enabling DoS and Cross-Site Scripting Attacks
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. These patches, detailed in the release notes for versions 18.8.4, 18.7.4, and 18.6.6, resolve flaws that could allow attackers to…
Microsoft Patch Tuesday February 2026 Fixes 54 Flaws, 6 Zero-Days Under Active Exploitation
Microsoft’s February 2026 Patch Tuesday update has arrived with critical urgency, addressing 54 security vulnerabilities across its ecosystem. This month’s release is particularly severe due to the inclusion of six zero-day vulnerabilities that are currently being exploited in the wild. Security teams are urged…
Coinbase Cartel Shifts to Data-Theft-First Tactics, Targeting High-Value Industries
A ransomware threat actor calling itself Coinbase Cartel has quickly become one to watch, not because it locks files, but because it often doesn’t. First seen in September 2025, the group claimed 14 victims in that single month and later…
Hackers Weaponize 7-Zip Downloads to Turn Home PCs Into Proxy Nodes
A fake website impersonating the popular 7-Zip file archiver has been distributing malicious software that secretly converts infected computers into residential proxy nodes. The counterfeit site has been operating undetected for an extended period, exploiting user trust in what appears…
TeamPCP Turns Cloud Misconfigurations Into a Self-Propagating Cybercrime Platform
TeamPCP, operating under aliases including PCPcat, ShellForce, and DeadCatx3, emerged in late 2025 as a cloud-native cybercrime operation that transforms misconfigured infrastructure into automated attack platforms. Unlike traditional malware groups, this threat actor doesn’t break into systems they walk through…
SAP Security Patch Day Fixes Critical Code Injection Flaw in SAP CRM and S/4HANA
SAP said the February 10, 2026 Patch Day delivered fixes across multiple SAP products and urged customers to apply patches with priority via the Support Portal to protect their SAP landscape. The highest-risk item highlighted this month is CVE-2026-0488, described…
React2Shell Vulnerability Exploited in the Wild, Analysts Warn
React2Shell (CVE-2025-55182) is a critical, pre-auth remote code execution weakness in React Server Components that impacts multiple React versions used across the React 19 ecosystem. WXA Internet Abuse Signal Collective (WXA IASC) is inaugurating To Cache A Predator, a threat research…
APT36 Targets Linux Systems With New Tools Designed to Disrupt Services
Critical infrastructure worldwide faces mounting threats from sophisticated, state-sponsored “espionage ecosystems.” These well-funded organizations deploy various tools designed to disrupt essential services and gather intelligence. Some launch denial-of-service (DDoS) attacks against transport hubs and supply chains. In contrast, others seek…
Socelars Malware Targets Windows Systems to Steal Sensitive Data
Security researchers are tracking Socelars, an information-stealing Trojan aimed at Windows users that focuses on quietly harvesting browser-based access rather than damaging files. The malware is designed to collect authenticated session data and other system identifiers that can let attackers reuse…
UNC1069 Targets Financial Firms With New Tools and AI-Driven Social Engineering Attacks
North Korean threat actor UNC1069 has escalated attacks against the cryptocurrency and decentralized finance (DeFi) sector using sophisticated AI-powered social engineering tactics and seven distinct malware families, according to a recent Mandiant investigation. The financially motivated group, active since 2018,…
Threat Actors Weaponize Bing Ads for Azure Tech Support Scams
A sophisticated tech support scam campaign has emerged, exploiting malicious advertisements on Bing search results to redirect victims to fraudulent websites hosted on Microsoft’s Azure Blob Storage platform. The attack, first detected on February 2, 2026, affected users across 48…
VoidLink Linux C2 Uses LLM-Generated Malware with Kernel-Level Stealth
VoidLink represents a concerning evolution in malware development: a sophisticated Linux command-and-control framework that shows clear signs of being built with AI assistance. This Linux malware operates as a modular implant designed for long-term access to compromised systems. It doesn’t discriminate between…
Attackers Weaponize Windows Shortcut Files to Deploy Global Group Ransomware
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior of hiding known file extensions makes this shortcut appear…
Windows Error Reporting Flaw Allows Attackers to Elevate Privileges
A newly documented Windows vulnerability, CVE-2026-20817, impacts the Windows Error Reporting Service (WER) and enables local privilege escalation. The issue matters because WER runs as NT AUTHORITY\SYSTEM, so any mistake in its permission checks can become a direct path to…
Axios Vulnerability Allows Attackers to Trigger DoS and Crash Node.js Servers
A serious security flaw has been discovered in Axios, one of the most popular HTTP client libraries for Node.js, allowing attackers to crash servers and trigger denial-of-service (DoS) attacks. The vulnerability, tracked as CVE-2026-25639, affects all versions up to and…