Malicious OpenClaw skills are being weaponized to coerce users into manually entering their passwords, enabling a new Atomic (AMOS) Stealer infection chain that abuses AI agent workflows as a social engineering channel. TrendAI™ Research has tracked Atomic (AMOS) Stealer’s evolution…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Deserialization Flaw in Ruby Workers That Could Enable Full Compromise
A severe Remote Code Execution (RCE) vulnerability has been identified in RubitMQ job workers, stemming from unsafe JSON deserialization practices. The issue arises not from memory corruption or complex undefined behavior, but from design-level trust assumptions regarding how data is…
Hackers Use Steganographic Images to Bypass Anti-Malware and Deploy Malware
Hackers are abusing steganography in PNG images to smuggle a Pulsar Remote Access Trojan (RAT) into Windows systems through a malicious NPM package named buildrunner‑dev. The attack starts with a typosquatted NPM package, buildrunner‑dev, which impersonates the abandoned “buildrunner”/“build-runner” tools to catch…
LUKS Encryption Compromised on Linux ICS Devices via TPM Bus Sniffing Exploit
Security researchers Per Idenfeldt Okuyama and Sam Eizad have uncovered a critical physical attack vulnerability in the Moxa UC-1222A Secure Edition industrial computer, demonstrating that its LUKS full-disk encryption can be fully defeated by passively sniffing the SPI bus between…
Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign
A typosquatted copy of the popular Huorong Security antivirus site is being used to deliver ValleyRAT, a modular remote access trojan (RAT) built on the Winos4.0 framework, to users who believe they are downloading legitimate protection software. The attackers registered…
Odido Faces Alleged Data Breach as ShinyHunters Claims 21M Records Exposed
A notorious cybercriminal group, ShinyHunters, has claimed responsibility for a massive data breach involving Odido and BEN, exposing millions of customer records. The group asserts that Odido, a Dutch telecommunications provider, was not truthful in its initial disclosure of the…
Anthropic Facing Allegations from Musk Over Large‑Scale Data Misuse
Tech billionaire Elon Musk has publicly condemned the artificial intelligence firm Anthropic, accusing the company of massive data theft and hypocrisy. This confrontation follows Anthropic’s recent claims that competing Chinese artificial intelligence models unlawfully extracted training data from its flagship…
ClickFix Infostealer Spreads via Fake CAPTCHA Traps, Targeting Unsuspecting Users
A new wave of the ClickFix Infostealer campaign that abuses fake CAPTCHA pages to deliver credential-stealing malware. Initially detected through late-stage Endpoint Detection and Response (EDR) alerts, the campaign shows strong similarities to the ClickFix operation targeting restaurant reservation systems in July 2025,…
WhatsApp Rolls Out Optional Password Feature to Strengthen User Security
WhatsApp is developing a new feature to significantly strengthen account security by introducing optional account passwords. Currently available in the Google Play Beta Program through version 2.26.7.8, this functionality aims to add another robust layer of defense against unauthorized access…
Google Releases Emergency Chrome Patch Addressing Three Major Security Flaws
Google has rolled out an emergency security update for its Chrome browser, addressing three high-severity vulnerabilities. This update targets users on Windows, Mac, and Linux platforms, aiming to patch critical flaws that could compromise system security and user data. The…
Hackers Exploit DeepSeek and Claude AI to Launch Global Attacks on FortiGate Devices
Hackers are using commercial AI models DeepSeek and Claude to automate attacks against FortiGate firewalls worldwide, turning basic misconfigurations into a high‑volume intrusion campaign. In early February 2026, a misconfigured SimpleHTTP server running on 212.11.64[.]250:9999 was found exposing more than…
GrayCharlie Hacks WordPress Sites, Spreads NetSupport RAT and Stealc Malware
GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially motivated threat actor overlapping with…
Starkiller Phishing Kit Clones Real Login Pages to Evade MFA Protections
New phishing framework Starkiller is enabling more convincing, scalable credential theft by proxying real login pages and bypassing multi-factor authentication (MFA), significantly raising the bar for defenders. Traditional phishing kits typically serve static HTML clones of popular login portals, which…
CISA Warns of Actively Exploited Roundcube Vulnerabilities
On February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a…
jsPDF Flaw Exposes Millions of Developers to Object Injection
A serious security flaw in jsPDF, a widely used JavaScript library for generating PDFs in web browsers, puts millions of developers and their users at risk. CVE-2026-25755 allows attackers to perform PDF Object Injection through the library’s addJS method. This…
HPE Telco Service Activator Vulnerability Allows Attackers to Bypass Access Controls
Hewlett Packard Enterprise (HPE) has issued a security bulletin warning customers of a serious vulnerability in its Telco Service Activator product that could allow attackers to remotely bypass access restrictions. The vulnerability, identified as CVE-2025-12543, carries a CVSS base score of 9.6 (Critical) and affects…
North Korean Hackers Exploit Fake IT Worker Schemes and Malicious Interview Lures
North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the regime. Since at least 2022, North Korean…
DPRK-Linked Hackers Continue Aggressive Crypto Attacks One Year After Bybit Breach
DPRK-linked operators are maintaining a relentless focus on the crypto sector, with activity accelerating rather than slowing in the year since the record-breaking Bybit breach. On 21 February 2025, threat actors linked to North Korea stole around 1.46 billion dollars in cryptoassets…
Silver Fox APT Deploys DLL Sideloading and BYOVD in Advanced Malware Campaign
Silver Fox APT is running a new wave of targeted attacks in Taiwan that combine DLL sideloading and Bring Your Own Vulnerable Driver (BYOVD) techniques to deploy Winos 4.0 (ValleyRat) while aggressively disabling security tools. The campaigns rely on highly…
Splunk Enterprise for Windows Flaw Enables DLL Hijacking, SYSTEM Access
A serious flaw in Splunk Enterprise for Windows that lets low-privileged users hijack DLL loading and escalate to SYSTEM-level access. Tracked as CVE-2026-20140, this local privilege escalation (LPE) vulnerability stems from DLL search-order hijacking and carries a CVSSv3.1 score of…