Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses. First observed in 2018, Vidar now operates as a mature Malware‑as‑a‑Service (MaaS) with…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Suspicious Microsoft Store App Vibing.exe Allegedly Harvests Screens and Audio
A recently discovered application called Vibing.exe has raised major privacy and security alarms after researchers caught it stealthily recording user screens and audio. Originally available on the Microsoft Store as an AI productivity interface, the app was pulled in late…
Fast16 Malware Targets High-Value Systems With Sabotage Capabilities
A previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consists…
Metabase Enterprise RCE Flaw Now Has Public Proof-of-Concept Exploit
Security researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary files on targeted systems. The…
Attackers Chain CODESYS Vulnerabilities to Backdoor Applications
Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a backdoored version. Ultimately,…
GPT-5.5 Bio Bug Bounty Program Aims to Improve AI Safety and Performance
OpenAI has officially launched the GPT-5.5 Bio Bug Bounty program to strengthen safeguards against emerging biological risks. As artificial intelligence models become more advanced, the potential for malicious actors to generate dangerous biological information increases. Advanced persistent threats (APTs) and…
Hackers Exploit Agent ID Administrator Role to Hijack Service Principals
A severe scoping vulnerability was recently discovered in Microsoft Entra ID’s new Agent Identity Platform. The security flaw allowed users assigned the Agent ID Administrator role to hijack arbitrary service principals across an organization’s tenant, leading to potential privilege escalation.…
Hackers Exploit Cisco Firepower N-Day Flaws for Unauthorized Access
A state-sponsored threat actor known as UAT-4356 is actively exploiting known vulnerabilities in Cisco Firepower devices to deploy a sophisticated custom backdoor. UAT-4356 exploited two n-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362m affecting Cisco’s Firepower eXtensible Operating System (FXOS). These flaws allowed the threat actor to gain…
Fake CAPTCHA Scam Triggers Costly SMS Fraud
Hackers are abusing fake CAPTCHA pages to run a silent but lucrative international SMS fraud scheme, turning routine “prove you’re human” checks into a revenue engine built on international revenue share fraud (IRSF). Attackers set up lookalike and scam domains…
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers
A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks…
Hackers Exploit Pastebin PowerShell Script to Hijack Telegram Sessions
Hackers are experimenting with a new Telegram‑focused session stealer that hides in a Pastebin‑hosted PowerShell script posing as a Windows telemetry update, giving defenders a rare view into how such tools are built and tested. The script does not attempt…
Void Dokkaebi Hackers Spread Malware Through Fake Job Interviews
Void Dokkaebi, also known as Famous Chollima, is expanding its cyber operations by turning fake job interviews into a large-scale malware distribution campaign targeting developers. The campaign begins with attackers posing as recruiters from cryptocurrency or AI companies. Developers are…
Xiongmai IP Camera Flaw Lets Attackers Bypass Authentication
A critical security vulnerability has been identified in Hangzhou Xiongmai Technology’s XM530 IP Cameras, putting countless commercial facilities at risk. This severe flaw allows remote attackers to bypass authentication protocols and access sensitive device information easily. The Cybersecurity and Infrastructure…
Python Vulnerability Enables Out-of-Bounds Write on Windows
A high-severity security vulnerability has been discovered in Python’s asyncio module on Windows, potentially allowing attackers to write data beyond the boundaries of an allocated memory buffer. The flaw, tracked as CVE-2026-3298, was publicly disclosed on April 21, 2026, by Python security developer…
Hackers Exploit Ollama Model Uploads to Leak Server Data
Cybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows an unauthenticated attacker…
China-Linked Hackers Hide Behind Compromised Routers
Hackers linked to China are increasingly abusing compromised routers and edge devices to build covert networks, enabling stealthy cyber operations that are harder to detect and block. Instead of relying on dedicated servers or purchased hosting, threat actors are now…
Hackers Track 900+ React2Shell Exploits via Telegram Bots
Hackers are using Telegram bots and AI tooling to run a structured, at-scale exploitation campaign abusing the critical React2Shell vulnerability (CVE-2025-55182), with evidence of 900+ confirmed compromises. Investigators found an exposed server tied to the Bissa scanner platform, used for…
Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally
A recent investigation by Citizen Lab has uncovered sophisticated, multi-year surveillance campaigns exploiting foundational vulnerabilities in global mobile networks. The report, titled “Bad Connection,” reveals how suspected commercial surveillance vendors (CSVs) weaponize the SS7 and Diameter signaling protocols to covertly…
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams
A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite…
Ransomware Gang Unveils Custom Data-Theft Tool
Ransomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now using a proprietary tool to steal…