A wave of phishing campaigns across the Middle East and North Africa exposes a sophisticated, centralized fraud ecosystem operating under the SniperDz banner. What initially appeared as isolated Facebook and Instagram scams fake offers for free mobile data, government subsidies,…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Attackers Exploit Critical Langflow Flaw for Remote Code Execution
Attackers have begun actively exploiting a high-severity vulnerability in Langflow, tracked as CVE-2026-5027, which enables remote code execution via a path traversal flaw in the platform’s file upload functionality. The issue, disclosed by Tenable under advisory TRA-2026-26, affects the POST /api/v2/files endpoint,…
Weaponized DMG Files Deliver macOS Infostealer Malware
A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are leveraging convincing, branded DMG installers and social-engineering tricks to bypass Gatekeeper and trick users into executing…
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems
A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in mid-to-late March 2026 and suspected to target Israeli entities, BLUERABBIT implements a full-spectrum intrusion framework:…
Hackers Use Residential Proxies Networks to Evade Detection
The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer networks. Follow‑up analysis of billions of DNS resolutions across Infoblox Threat Defense Cloud customers reveals a…
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials
Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of criminal services. These platforms modeled explicitly on consumer escrow systems such as Alipay’s 担保交易 (dānbǎo jiāoyì)…
Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader
Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in turn deploys a Havoc Demon implant in memory. TRU attributes both operations to a previously unreported…
China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits
A significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity. Once a component of the larger KV-botnet ecosystem, JDY has expanded to more than 1,500 compromised small office/home office (SOHO) and Internet of Things…
GitLab Patches Multiple Vulnerabilities Allowing Account Takeover
GitLab has released security updates for GitLab CE/EE and EE that patch multiple vulnerabilities, including several high‑impact flaws that could lead to account takeover, data exposure, and denial of service if left unpatched. Administrators are strongly advised to upgrade to…
Hackers Exploit AWS CloudTrail and Google Cloud Logging to Hide Attacks and Steal Logs
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cases maintain long-term visibility into victim environments. The techniques are simple in concept, powerful in effect, and…
PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM/arm64 environments. The flaw, dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem…
Ivanti Command Injection Flaw Exploited After PoC Code Release
Ivanti Sentry is facing active exploitation attempts following the public release of proof-of-concept (PoC) code targeting a critical OS command injection vulnerability tracked as CVE-2026-10520. The flaw, along with a second critical issue (CVE-2026-10523), was disclosed by Ivanti on June…
Anthropic’s Claude Fable 5 AI Model Jailbroken for Stack Exploit Creation
Anthropic’s latest AI release, Claude Fable 5, is facing scrutiny after claims emerged that researchers have successfully jailbroken the model to generate sensitive and potentially harmful outputs, including guidance relevant to exploit development and illicit activities. The development raises fresh…
73 Microsoft Packages Weaponized in Password Stealer Attack
GitHub disabled 73 repositories across four Microsoft organizations Azure, Azure-Samples, microsoft, and MicrosoftDocs inside a 105-second window. Each repo now shows GitHub’s “This repository has been disabled. Access to this repository has been disabled by GitHub Staff due to a…
New Windows CTF 0-Day Vulnerability Lets Attackers Gain Elevated Privileges
Microsoft has disclosed a new zero-day vulnerability in the Windows Collaborative Translation Framework (CTFMON) that could allow attackers to gain elevated privileges on affected systems. The flaw, tracked as CVE-2026-45586, was officially published on June 9, 2026, and is rated…
Hackers Use Fake Utility Downloads to Deploy ScreenConnect and Cryptominers
An active cryptojacking campaign in which malicious download sites are surfaced not only through traditional search engine poisoning, but also through AI chatbot interactions. Threat actors are luring users to attacker-controlled lookalike download sites that impersonate trusted system utilities CrystalDiskInfo,…
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw
CISA has issued a new warning about an actively exploited zero-day vulnerability in Google Chromium that could allow attackers to execute arbitrary code through malicious web content. The vulnerability, tracked as CVE-2026-11645, affects the Chromium V8 JavaScript engine and involves…
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems
Cybercriminals are leveraging tax-themed phishing emails to deploy sophisticated in-memory malware on Windows systems, bypassing traditional disk-based detection mechanisms. The attack cascade begins when victims receive phishing emails containing malicious attachments disguised as official tax documents, W-2 forms, or rejected…
Malicious npm Package ‘dbmux’ Targets Developers
Malware was discovered in the npm package dbmux. Any computer with this package installed or running should be considered fully compromised. The GitHub Advisory (GHSA-62wx-5f55-w8g2) characterizes the incident as severe: any machine with dbmux installed or executing it should be…
Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges
A newly disclosed zero-day vulnerability dubbed “RoguePlanet” is affecting Microsoft Defender, allowing attackers to escalate privileges and obtain full SYSTEM-level access on vulnerable Windows machines. A security researcher recently published the issue under the alias “MSNightmare,” who released a proof-of-concept…