Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

CloudZ is a new modular remote access trojan that abuses Microsoft’s built‑in Phone Link feature to steal SMS one‑time passwords (OTPs) and other mobile notifications directly from Windows PCs, without infecting the phone itself. Microsoft Phone Link (formerly “Your Phone”)…

Read more →

Salesforce Marketing Cloud (SFMC) recently patched a cluster of high‑impact vulnerabilities that could have allowed attackers to read and enumerate marketing emails and subscriber data across tenants, including Fortune 500 organizations. Modern enterprises rely on centralised marketing clouds to deliver branded, trackable…

Read more →

A critical vulnerability has been identified in Argo CD that could allow attackers with minimal privileges to extract highly sensitive Kubernetes Secrets directly from etcd clusters. Tracked as CVE-2026-42880 and rated 9.6, this severe security flaw exposes a missing authorisation…

Read more →

QLNX is a newly documented Linux remote access trojan (RAT) that targets the theft on developers’ and DevOps credentials to hijack software supply chains. Recent attacks against popular projects like LiteLLM on PyPI and the Axios npm package have shown…

Read more →

A Latvian national operating from Moscow has been sentenced to 102 months in federal prison for his role as a key negotiator within a prolific Russian ransomware network. Deniss Zolotarjovs, 35, participated in a cybercrime syndicate that orchestrated data theft…

Read more →

Iran-linked operators have mounted a broad espionage operation against multiple Omani ministries, abusing exposed webshells, SQL escalation scripts, and a poorly secured C2 server to steal judicial and identity data at scale. Attacker’s own open directory strongly suggests a Ministry…

Read more →

OpenClaw’s agent “skill” ecosystem to deliver both Remcos RAT and a cross‑platform stealer called GhostLoader by hiding malware inside a deceptive DeepSeek integration called “DeepSeek‑Claw.” The campaign shows how agentic AI workflows with high local privileges can be quietly hijacked…

Read more →

A severe authorization vulnerability was recently discovered in Schemata, an AI-powered virtual training platform serving the United States Department of Defense. Security researcher Alex Schapiro, utilizing the open-source AI hacking agent Strix, identified a critical lack of API authorization. Backed…

Read more →

Remus is a newly observed 64-bit infostealer that closely tracks the Lumma Stealer codebase while adding EtherHiding-based C2 resolution and a refined Application‑Bound Encryption (ABE) bypass for Chromium browsers. The first Remus activity dates back to early 2026, shortly after…

Read more →

Video hosting platform Vimeo has confirmed a data breach that exposed approximately 119,000 unique user email addresses, attributing the incident to a security compromise at Anodot, a third-party analytics vendor integrated with its systems. The breach came to light after…

Read more →

A recent authorized red team operation by Howler Cell has demonstrated a critical attack path that completely bypasses Microsoft Entra ID (Azure AD) Conditional Access. Azure Conditional Access acts as the primary gatekeeper for cloud identity security, enforcing access rules…

Read more →

Palo Alto Networks has issued an urgent security advisory concerning a critical vulnerability affecting its PAN-OS software. Tracked as CVE-2026-0300, this high-severity security flaw carries a CVSS 4.0 base score of 9.3 and is currently experiencing limited active exploitation in…

Read more →

Ransomware and data extortion groups are increasingly targeting the aviation and aerospace sector, exploiting interconnected systems, shared platforms, and identity-based access models to cause operational disruption and data compromise. Cyber risk across aviation has shifted beyond traditional IT incidents toward…

Read more →

A sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate digital certificates to conduct highly targeted cyberespionage operations.…

Read more →

A sophisticated multiplatform supply-chain attack orchestrated by the North Korea-aligned APT group ScarCruft, targeting ethnic Koreans in China’s Yanbian region through a compromised gaming platform. The attack, believed to have been ongoing since late 2024, weaponized both Windows and Android…

Read more →

A critical unauthenticated remote code execution vulnerability in Weaver (Fanwei) E-cology is being actively exploited in the wild, with real-world intrusion activity traced back to mid-March 2026, weeks before public awareness. Tracked as CVE-2026-22679 with a CVSS score of 9.8, this flaw exposes…

Read more →

Silver Fox is running a tax‑themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, using a customized RustSL loader to evade detection and enforce strict geofencing…

Read more →

Networking and security leader Cisco has announced its intent to acquire Astrix Security, a pioneer in Non-Human Identity (NHI) management. Announced in May 2026, this acquisition is designed to help enterprises secure the rapidly expanding “agentic workforce”, the growing ecosystem…

Read more →

Cerberus Anti-theft, a long-running Android “security” app, is operating as full-featured stalkerware on Google Play, abusing accessibility services and Google Firebase to give abusers near-total remote control over victims’ phones. Once installed, Cerberus lets an abuser push a custom lock‑screen…

Read more →

Educational institutions are now facing a coordinated mix of state espionage, spear‑phishing, and supply chain intrusions, even as classic ransomware and vulnerability volumes show signs of easing. Every attributed campaign was linked to state actors, with no financially motivated groups…

Read more →