Hackers have deployed a new destructive malware, dubbed Lotus Wiper , in a targeted cyberattack against energy and utilities organizations in Venezuela, aiming not to extort money but to destroy data and disrupt operations permanently. Artifacts from the Lotus Wiper attack chain…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks
Atlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as CVE-2026-21571, was published as part…
Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks
A critical vulnerability, tracked as CVE-2026-22752, has been disclosed in Spring Security Authorization Server, affecting organizations running Dynamic Client Registration endpoints. The flaw allows attackers to inject malicious client metadata, potentially leading to Stored Cross-Site Scripting (XSS), Privilege Escalation, and Server-Side Request…
Microsoft warns of fake IT worker identities infiltrating cloud environments
Microsoft is warning that North Korea‑aligned group Jasper Sleet is abusing remote hiring to slip fake IT workers into cloud environments by posing as legitimate staff and then abusing trusted access. Since the pandemic, many companies hire globally, verify identities…
Auraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via Open C2 Panel
A fully exposed command-and-control (C2) panel for a previously undocumented remote access trojan (RAT) framework dubbed Auraboros, supporting live audio streaming, intensive keylogging, browser credential theft, and multi-cookie hijacking all accessible over the internet with zero authentication. Further inspection revealed “Auraboros…
DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
DinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker‑controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tooling gives threat actors a flexible way…
Namastex npm Packages Spread TeamPCP-Style CanisterWorm Malware
Compromised Namastex npm packages are delivering a new TeamPCP-style CanisterWorm variant that targets developer secrets, browser and wallet data, and then attempts to spread across npm and PyPI ecosystems using canister-backed exfiltration infrastructure. The campaign closely mirrors the original CanisterWorm,…
Amazon, Anthropic Expand Alliance With 5GW Compute Push to Power Claude
Amazon and Anthropic have announced a massive expansion of their strategic partnership. The tech giants signed a new agreement to secure up to 5 gigawatts (GW) of compute capacity for training and deploying the Claude AI model. This aggressive push…
1,370+ Microsoft SharePoint Servers at Risk of Spoofing Attacks Found Exposed Online
More than 1,370 Microsoft SharePoint servers remain publicly exposed to an actively exploited spoofing vulnerability, putting countless corporate networks at severe risk. Identified by threat intelligence researchers at The Shadowserver Foundation, these unpatched systems are vulnerable to sophisticated attacks that…
Hackers Tie Iranian Espionage to CastleRAT and ChainShell
A direct operational link between Iran’s MuddyWater espionage group and the Russian TAG-150 CastleRAT malware-as-a-service (MaaS) platform, showing how state and criminal ecosystems are now tightly intertwined. Investigators recovered 15 malware samples, including at least two CastleRAT “builds” and a…
French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations
The French National Agency for Secure Documents (ANTS) has officially confirmed a severe data breach affecting its central government portal. This critical infrastructure system manages the issuance of national identity cards, passports, vehicle registration certificates, and driver’s licenses nationwide. Recent…
Microsoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
Microsoft has issued an emergency out-of-band security update to address a severe vulnerability within the .NET framework. The critical release of .NET 10.0.7 patches an Elevation of Privilege flaw that inadvertently surfaced after a recent routine system update. Out-of-band patches…
Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign
Microsoft-signed developer tooling is being abused to quietly deploy a new LOTUSLITE backdoor variant against India’s banking sector, in what researchers link to the China‑nexus Mustang Panda espionage cluster with moderate confidence. The backdoor retains its espionage profile, offering remote…
Exclusive Anthropic Cyber Tool Mythos Accessed by Unapproved Actors
A group of unauthorized users has successfully bypassed access controls to reach Claude Mythos Preview, Anthropic’s closely guarded cybersecurity AI. This breach highlights critical concerns about third-party vendor security and the severe risks posed by advanced offensive AI falling into…
AI-Powered NGate Malware Evades Detection Inside NFC Payment Apps
A new NGate malware variant that hides inside a trojanized version of HandyPay, a legitimate NFC payment relay app for Android, to steal card data and PINs for ATM cash-outs and fraudulent payments. The injected code shows clear signs of…
Claude Code, Gemini CLI, and GitHub Copilot Exposed to Prompt Injection via GitHub Comments
Comment and Control prompt injection vulnerabilities discovered in AI agents, including Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent. The research, spearheaded by Aonan Guan and Johns Hopkins University researchers, highlights critical architectural flaws in how…
Microsoft spots Sapphire Sleet macOS attack using AppleScript and social engineering
A new macOS-focused cyber campaign linked to the North Korean threat actor Sapphire Sleet, highlighting how attackers are increasingly relying on social engineering rather than software vulnerabilities to compromise systems. Rather than exploiting security flaws, the attackers manipulate user trust,…
Apache Syncope RCE Vulnerability Detailed After Public Exploit Code Release
Security researchers have released full technical details and a working proof-of-concept (PoC) exploit for CVE-2025-57738, a high-severity remote code execution (RCE) vulnerability in Apache Syncope, a widely deployed open-source identity management platform used across enterprise and government environments. Tracked as…
PureRAT Hides PE Payloads in PNGs for Fileless Execution
A multi-stage PureRAT campaign that hides portable executable (PE) payloads inside PNG images and executes them almost entirely in memory, making detection and forensics significantly harder for defenders. The campaign combines steganography, PowerShell-based loaders, UAC bypass, process hollowing, and anti-virtualization…
CISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to network defenders regarding the active exploitation of Cisco Catalyst SD-WAN Manager. On April 20, 2026, CISA officially added three distinct security flaws affecting the platform to its…