Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Fake Claude Code Installer on Google Sites Steals Credentials

Fake installers for Anthropic’s Claude Code are being weaponized in a new ClickFix-style campaign that abuses trusted Google Sites hosting to deliver a fileless credential‑stealing malware payload. The operation impersonates popular AI development tools such as Claude Code and Codex,…

HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications

A newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels that are difficult for defenders to detect. The campaign primarily targets government networks in Southeast Asia…

CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems

The Cybersecurity and Infrastructure Security Agency (CISA), alongside the FBI, NSA, Department of Energy, EPA, TSA, Department of Transportation, and USDA, has issued a joint warning about ongoing cyberattacks targeting automatic tank gauge (ATG) systems across the United States. These…

Laravel CRLF Injection Flaw Could Disrupt Outbound Email Handling

A high-severity vulnerability in the Laravel framework could allow attackers to manipulate outbound email processing, potentially leading to unauthorized message delivery, data exposure, or the abuse of mail relays. The issue, tracked as CVE-2026-48019, stems from improper neutralization of CRLF…

50+ Malicious Chrome Extensions Hit 30K Users

50+ malicious Chrome extensions posing as “live wallpaper” utilities have been caught running an adware operation that hijacks browser behavior and quietly pushes remote HTML content to around 30,000 users. These extensions were distributed through at least three publisher accounts…

1-Click GitHub Vulnerability Enables OAuth Token Theft

A newly disclosed vulnerability in GitHub’s browser-based editor, GitHub.dev, allows attackers to steal powerful OAuth tokens with just a single click, giving them read and write access to private repositories. The flaw exploits how Visual Studio Code (VSCode) webviews handle…

Hackers Spread WeedHack Malware via YouTube and SEO Poisoning

Hackers are increasingly abusing trusted platforms like YouTube and search engines to distribute malware, and a newly uncovered campaign targeting Minecraft players highlights how effective this tactic has become. Minecraft, originally released in 2011 by Mojang Studios, remains the best-selling…