Security researchers from the Google Threat Intelligence Group (GTIG) have uncovered “Coruna,” a highly sophisticated iOS exploit kit responsible for compromising thousands of iPhones. Targeting iOS versions 13.0 through 17.2.1, the framework contains five complete exploit chains leveraging a staggering…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Malicious Laravel Packages Deploy PHP RAT, Grant Remote Access to Attackers
Malicious Packagist packages masquerading as Laravel helper utilities are delivering an obfuscated PHP remote access trojan (RAT) that grants full remote control over compromised hosts. Two of these, nhattuanbl/lara-helper and nhattuanbl/simple-queue, embed a byte‑for‑byte identical RAT payload in src/helper.php. A third package, nhattuanbl/lara-swagger, appears benign…
Windows 11 23H2 to 25H2 Upgrade Reportedly Disrupts Internet Connectivity for Users
A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention occurs. System administrators across Reddit’s r/sysadmin community are raising alarms, warning that this issue has reappeared…
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT
SloppyLemming, an India-linked espionage group also known as Outrider Tiger and Fishing Elephant, has run a year-long cyber campaign against high‑value targets in Pakistan and Bangladesh using a new BurrowShell backdoor and a Rust-based remote access tool (RAT). This activity…
Shannon: Autonomous AI Tool with Nmap Integration Can Uncover and Exploit Security Flaws
Keygraph has released Shannon, a fully autonomous AI-powered penetration testing tool designed to identify and actively exploit real vulnerabilities in web applications before malicious actors can. Unlike traditional scanners that generate alerts, Shannon delivers proven, reproducible exploits, closing the dangerous security…
Malvertising Actor ‘D-Shortiez’ Exploits WebKit Back-Button Hijack in Forced-Redirect Campaign
A new wave of malvertising activity linked to the threat group “D‑Shortiez” has been observed exploiting a WebKit browser flaw to hijack the back button on Safari and other iOS browsers. This technique revives a classic forced‑redirect approach that traps…
New Starkiller Phishing Framework Uses Real Login Pages to Bypass MFA Security
A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker infrastructure, making pages look authentic and stay up to date. By acting as a live reverse proxy, it can capture…
HPE AutoPass Vulnerability Allows Remote Attackers to Bypass Authentication
Hewlett Packard Enterprise (HPE) has disclosed a remote authentication-bypass vulnerability in HPE AutoPass License Server (APLS) that could let unauthenticated attackers bypass login controls over the network. The issue is tracked as CVE-2026-23600 and is fixed in APLS 9.19 and…
Zerobot Malware Exploits Tenda Command Injection Vulnerabilities to Deploy Malicious Payloads
An active Zerobot campaign abusing two critical vulnerabilities CVE-2025-7544 in Tenda AC1206 routers and CVE-2025-68613 in the n8n workflow automation platform to deploy a Mirai-based payload dubbed Zerobotv9. The campaign uses common download tools and multi-architecture binaries to rapidly enroll…
New ‘StegaBin’ Campaign Deploys Multi-Stage Credential Stealer via 26 Malicious npm Packages
A new supply-chain attack dubbed StegaBin is targeting JavaScript developers through 26 malicious npm packages that appear to be popular open-source libraries but secretly deploy a multi-stage credential-stealing toolkit and a Remote Access Trojan (RAT). The campaign is linked to…
Fortinet FortiGate Devices Targeted by CyberStrikeAI, Allowing Hackers to Bypass Security
Threat intelligence researchers at Team Cymru have uncovered an open-source AI-powered offensive security tool called CyberStrikeAI, actively used to target Fortinet FortiGate devices at scale, with its developer carrying suspected ties to China’s Ministry of State Security (MSS). CyberStrikeAI is…
Hackers Exploit Telegram for Initial Access to Corporate VPN, RDP, and Cloud Systems
Hackers are increasingly abusing Telegram as an initial access marketplace, turning stealer logs and leaked credentials into direct entry points for corporate VPN, RDP, and cloud environments. The platform now acts as a high-speed bridge between compromised credentials and full…
Epic Fury Cyber Shock: Iran’s Internet Down, Hacktivists Hit Back
On Feb. 28, 2026, the United States and Israel launched coordinated military operations against Iran, codenamed Operation Epic Fury by the U.S. and Operation Roaring Lion by Israel, opening a new phase where cyber operations are tightly coupled with kinetic…
MS-Agent Vulnerability Exposes AI Agents to Remote Hijacking, Granting Full System Control
A critical vulnerability has been discovered in the MS-Agent framework, a lightweight software tool used to build and run autonomous AI agents. Tracked as CVE-2026-2256, this command injection flaw allows remote attackers to hijack these AI agents, potentially granting them…
Malvertising Campaign Spreads AMOS ‘malext’ macOS Infostealer via Fake Text-Sharing Ads
A large-scale malvertising operation targets macOS users with fake Google Ads leading to malicious text-sharing sites. These lures deliver the AMOS infostealer variant, dubbed “malext,” which steals sensitive data such as browser credentials and crypto wallets. Suspicious password prompts halted…
Hackerbot-Claw Bot Exploits GitHub Actions CI/CD Flaw to Attack Microsoft and DataDog
Hackerbot-claw, an autonomous AI bot, has launched a week-long campaign abusing GitHub Actions misconfigurations to hit CI/CD pipelines at Microsoft, DataDog, and other major open-source projects, achieving remote code execution (RCE) and even full repo compromise in some cases. The…
Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks
Google Chrome’s Secure Web and Networking Team has unveiled a new initiative aimed at defending HTTPS traffic against emerging quantum computing threats. This development, rooted in the Internet Engineering Task Force’s (IETF) “PKI, Logs, And Tree Signatures” (PLANTS) working group,…
Android Security Update Fixes 129 Flaws and Tackles Actively Exploited Zero-Day Flaw
Google has rolled out the highly anticipated March 2026 Android Security Bulletin, delivering critical fixes for 129 security vulnerabilities across the Android ecosystem. This massive update represents one of the highest numbers of patches issued in a single month. The…
Cyberattackers Exploit OpenVSX Aqua Trivy with Malicious AI Prompts to Hijack Coding Tools
Threat actors compromised the Aqua Trivy VS Code extension on OpenVSX by publishing malicious versions 1.8.12 and 1.8.13 on February 27-28, 2026. These versions injected prompts to hijack local AI coding tools for system reconnaissance and data exfiltration. Aqua Trivy…
Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS Vulnerability
A high-severity security flaw has been discovered in Angular, one of the most popular web application frameworks. This vulnerability, tracked as CVE-2026-27970, affects the framework’s internationalization (i18n) pipeline. If exploited, it allows attackers to execute malicious code within an application,…