A typosquatted copy of the popular Huorong Security antivirus site is being used to deliver ValleyRAT, a modular remote access trojan (RAT) built on the Winos4.0 framework, to users who believe they are downloading legitimate protection software. The attackers registered…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Odido Faces Alleged Data Breach as ShinyHunters Claims 21M Records Exposed
A notorious cybercriminal group, ShinyHunters, has claimed responsibility for a massive data breach involving Odido and BEN, exposing millions of customer records. The group asserts that Odido, a Dutch telecommunications provider, was not truthful in its initial disclosure of the…
Anthropic Facing Allegations from Musk Over Large‑Scale Data Misuse
Tech billionaire Elon Musk has publicly condemned the artificial intelligence firm Anthropic, accusing the company of massive data theft and hypocrisy. This confrontation follows Anthropic’s recent claims that competing Chinese artificial intelligence models unlawfully extracted training data from its flagship…
ClickFix Infostealer Spreads via Fake CAPTCHA Traps, Targeting Unsuspecting Users
A new wave of the ClickFix Infostealer campaign that abuses fake CAPTCHA pages to deliver credential-stealing malware. Initially detected through late-stage Endpoint Detection and Response (EDR) alerts, the campaign shows strong similarities to the ClickFix operation targeting restaurant reservation systems in July 2025,…
WhatsApp Rolls Out Optional Password Feature to Strengthen User Security
WhatsApp is developing a new feature to significantly strengthen account security by introducing optional account passwords. Currently available in the Google Play Beta Program through version 2.26.7.8, this functionality aims to add another robust layer of defense against unauthorized access…
Google Releases Emergency Chrome Patch Addressing Three Major Security Flaws
Google has rolled out an emergency security update for its Chrome browser, addressing three high-severity vulnerabilities. This update targets users on Windows, Mac, and Linux platforms, aiming to patch critical flaws that could compromise system security and user data. The…
Hackers Exploit DeepSeek and Claude AI to Launch Global Attacks on FortiGate Devices
Hackers are using commercial AI models DeepSeek and Claude to automate attacks against FortiGate firewalls worldwide, turning basic misconfigurations into a high‑volume intrusion campaign. In early February 2026, a misconfigured SimpleHTTP server running on 212.11.64[.]250:9999 was found exposing more than…
GrayCharlie Hacks WordPress Sites, Spreads NetSupport RAT and Stealc Malware
GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially motivated threat actor overlapping with…
Starkiller Phishing Kit Clones Real Login Pages to Evade MFA Protections
New phishing framework Starkiller is enabling more convincing, scalable credential theft by proxying real login pages and bypassing multi-factor authentication (MFA), significantly raising the bar for defenders. Traditional phishing kits typically serve static HTML clones of popular login portals, which…
CISA Warns of Actively Exploited Roundcube Vulnerabilities
On February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a…
jsPDF Flaw Exposes Millions of Developers to Object Injection
A serious security flaw in jsPDF, a widely used JavaScript library for generating PDFs in web browsers, puts millions of developers and their users at risk. CVE-2026-25755 allows attackers to perform PDF Object Injection through the library’s addJS method. This…
HPE Telco Service Activator Vulnerability Allows Attackers to Bypass Access Controls
Hewlett Packard Enterprise (HPE) has issued a security bulletin warning customers of a serious vulnerability in its Telco Service Activator product that could allow attackers to remotely bypass access restrictions. The vulnerability, identified as CVE-2025-12543, carries a CVSS base score of 9.6 (Critical) and affects…
North Korean Hackers Exploit Fake IT Worker Schemes and Malicious Interview Lures
North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the regime. Since at least 2022, North Korean…
DPRK-Linked Hackers Continue Aggressive Crypto Attacks One Year After Bybit Breach
DPRK-linked operators are maintaining a relentless focus on the crypto sector, with activity accelerating rather than slowing in the year since the record-breaking Bybit breach. On 21 February 2025, threat actors linked to North Korea stole around 1.46 billion dollars in cryptoassets…
Silver Fox APT Deploys DLL Sideloading and BYOVD in Advanced Malware Campaign
Silver Fox APT is running a new wave of targeted attacks in Taiwan that combine DLL sideloading and Bring Your Own Vulnerable Driver (BYOVD) techniques to deploy Winos 4.0 (ValleyRat) while aggressively disabling security tools. The campaigns rely on highly…
Splunk Enterprise for Windows Flaw Enables DLL Hijacking, SYSTEM Access
A serious flaw in Splunk Enterprise for Windows that lets low-privileged users hijack DLL loading and escalate to SYSTEM-level access. Tracked as CVE-2026-20140, this local privilege escalation (LPE) vulnerability stems from DLL search-order hijacking and carries a CVSSv3.1 score of…
Japanese Semiconductor Supplier Hit by Ransomware, Multiple Systems Impacted
Feb. 20, 2026 – Advantest Corporation, a top supplier of semiconductor test equipment, revealed it is battling a ransomware attack that struck its network last weekend. The incident, detected on February 15 (JST), has disrupted multiple systems and raised alarms…
Cache Deception Flaw in SvelteKit And Vercel Stack Exposes User Data
A cache deception vulnerability in SvelteKit apps deployed on Vercel exposes sensitive user data to attackers. The flaw allows publicly cached responses to be authenticated. SvelteKit, a full-stack JavaScript framework, often pairs with Vercel for deployment. The issue stems from…
128M Users Exposed as Popular VS Code Extensions Reveal Critical Flaws
Serious vulnerabilities in four popular Visual Studio Code (VS Code) extensions, affecting over 128 million downloads. These flaws, including three assigned CVEs CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717, highlight IDEs as the weakest link in organizational supply chain security. Developers often store…
Anthropic Debuts Claude Code Security – AI Now Scan Vulnerabilities in Your Entire Codebase
Anthropic has quietly flipped the script on application security. On February 20, the company launched Claude Code Security, a new capability baked directly into Claude Code on the web that automatically scans entire repositories for sophisticated vulnerabilities and delivers ready-to-review patch…