Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Fake Video Player Updates Spread Miner and RAT Malware

Hackers are actively exploiting illegal streaming platforms to distribute advanced malware, using fake video player updates as a lure to infect unsuspecting users. The attack begins when users attempt to play a video on compromised streaming websites. Instead of playback,…

Fake Codex Remote UI Steals OpenAI Auth Tokens

A newly uncovered supply chain attack is leveraging a legitimate-looking developer tool, codexui-android, to silently steal OpenAI Codex authentication tokens, highlighting a growing trend where threat actors build credible software to mask malicious intent. Unlike typical typosquatting or disposable malware packages,…

MicrosoftSystem64 Malware Abuses Hugging Face for Stealthy Data Theft

A sophisticated supply chain attack targeting the npm ecosystem has been uncovered, involving a malicious package named js-logger-pack that evolved into a powerful cross-platform malware loader. First observed in early April 2026, the package went through 29 incremental versions, gradually transforming from…

Carnival Cruise Breach Leaks Sensitive Customer Information

Carnival Corporation has disclosed a significant data breach impacting approximately 5.99 million individuals, raising serious concerns about data security within the global travel and hospitality sector. The incident, officially reported to the Maine Attorney General’s office, involved unauthorized access to…

Malicious RVTools Installer Uses Sectigo Cert to Evade SmartScreen

A malicious fake RVTools installer is abusing a legitimately issued Sectigo code‑signing certificate to slip past Microsoft Defender SmartScreen and many endpoint controls, ultimately deploying a multi‑stage Python‑based RAT with deep AD reconnaissance and persistent C2 access. For VMware‑heavy environments,…

VaultJacking Attack Exposes Google Password Vaults via Single PIN

A newly disclosed phishing technique dubbed “VaultJacking” is raising serious concerns across the cybersecurity community after researchers demonstrated how a single captured Google Password Manager (GPM) PIN can expose an entire user credential vault. The attack shows that even passkeys…

AI-Generated npm Malware Leaks Hacker’s Private GitHub Token

A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitHub token. Identified by OX Security researchers, the package, named mouse5212-super-formatter, operates as an infostealer that silently exfiltrates sensitive files from…

Critical Notepad++ Flaw Could Enable Remote Code Execution Attacks

Notepad++ has released version 8.9.6.1 to address multiple security vulnerabilities, including critical flaws that could allow arbitrary code execution under specific conditions. The update, published on May 26, 2026, patches three vulnerabilities tracked as CVE-2026-48770, CVE-2026-48778, and CVE-2026-48800. These issues…

ClearFake Abuses BSC Testnet Contracts for Resilient C2 Operations

Threat actors behind the ClearFake campaign have adopted a novel and highly resilient command-and-control (C2) architecture by leveraging BNB Smart Chain (BSC) testnet smart contracts, creating an infrastructure that is effectively immune to traditional takedown efforts. Unlike conventional malware campaigns…

Hackers Spread VIP Keylogger via Fake Business Emails

Hackers are actively deploying VIP Keylogger through phishing emails disguised as routine business documents, using multi‑layered loaders, steganography, and in‑memory execution to quietly steal credentials and other sensitive data from compromised systems. Recent VIP Keylogger campaigns rely heavily on social…