Critical infrastructure worldwide faces mounting threats from sophisticated, state-sponsored “espionage ecosystems.” These well-funded organizations deploy various tools designed to disrupt essential services and gather intelligence. Some launch denial-of-service (DDoS) attacks against transport hubs and supply chains. In contrast, others seek…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Socelars Malware Targets Windows Systems to Steal Sensitive Data
Security researchers are tracking Socelars, an information-stealing Trojan aimed at Windows users that focuses on quietly harvesting browser-based access rather than damaging files. The malware is designed to collect authenticated session data and other system identifiers that can let attackers reuse…
UNC1069 Targets Financial Firms With New Tools and AI-Driven Social Engineering Attacks
North Korean threat actor UNC1069 has escalated attacks against the cryptocurrency and decentralized finance (DeFi) sector using sophisticated AI-powered social engineering tactics and seven distinct malware families, according to a recent Mandiant investigation. The financially motivated group, active since 2018,…
Threat Actors Weaponize Bing Ads for Azure Tech Support Scams
A sophisticated tech support scam campaign has emerged, exploiting malicious advertisements on Bing search results to redirect victims to fraudulent websites hosted on Microsoft’s Azure Blob Storage platform. The attack, first detected on February 2, 2026, affected users across 48…
VoidLink Linux C2 Uses LLM-Generated Malware with Kernel-Level Stealth
VoidLink represents a concerning evolution in malware development: a sophisticated Linux command-and-control framework that shows clear signs of being built with AI assistance. This Linux malware operates as a modular implant designed for long-term access to compromised systems. It doesn’t discriminate between…
Attackers Weaponize Windows Shortcut Files to Deploy Global Group Ransomware
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior of hiding known file extensions makes this shortcut appear…
Windows Error Reporting Flaw Allows Attackers to Elevate Privileges
A newly documented Windows vulnerability, CVE-2026-20817, impacts the Windows Error Reporting Service (WER) and enables local privilege escalation. The issue matters because WER runs as NT AUTHORITY\SYSTEM, so any mistake in its permission checks can become a direct path to…
Axios Vulnerability Allows Attackers to Trigger DoS and Crash Node.js Servers
A serious security flaw has been discovered in Axios, one of the most popular HTTP client libraries for Node.js, allowing attackers to crash servers and trigger denial-of-service (DoS) attacks. The vulnerability, tracked as CVE-2026-25639, affects all versions up to and…
Fancy Bear Exploits Microsoft Zero-Day to Deploy Backdoors and Email Stealers
Fancy Bear has launched a sophisticated campaign exploiting a critical zero-day vulnerability in Microsoft RTF files to target users across Central and Eastern Europe. The operation, dubbed “Operation Neusploit,” demonstrates the group’s continued evolution in tradecraft and its strategic focus…
15,200 OpenClaw Control Panels Exposed Online with Full System Access
A critical security oversight has left thousands of AI agents wide open to the public internet. 15,200 instances of the OpenClaw AI framework (formerly Clawdbot and Moltbot) are vulnerable to remote takeover. The STRIKE team used internet-wide reconnaissance, including favicon…
25 Million Users Affected as AI Chat Platform Leaks 300 Million Messages
“Chat & Ask AI,” a highly popular mobile application available on both Google Play and the Apple App Store, has suffered a significant data exposure. An independent security researcher discovered a vulnerability that left approximately 300 million private messages accessible…
Bloody Wolf Cybercrime Group Uses NetSupport RAT to Breach Organizations
The latest campaign, they have switched to misusing a legitimate remote administration tool called NetSupport RAT. A cybercriminal group known as “Stan Ghouls” (or Bloody Wolf) has launched a fresh wave of attacks targeting organizations across Central Asia and Russia.…
GuLoader Leverages Polymorphic Malware and Trusted Cloud Infrastructure to Evade Detection
GuLoader, also known as CloudEye, is a sophisticated malware downloader that has been active since late 2019. Its primary function is to download and install secondary malware, such as Remote Access Trojans (RATs) and information stealers, onto compromised systems. One…
Chinese Hackers Target Singapore Telecoms in Edge Device Compromise Campaign
A massive, eleven-month campaign to root out sophisticated attackers from the nation’s critical infrastructure. The Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) revealed details of “Operation CYBER GUARDIAN,” a multi-agency effort to defend the…
Microsoft Acknowledges Exchange Online Spam Filter Mistakenly Blocks Valid Email
Microsoft is currently tackling a significant service degradation within Exchange Online that is disrupting business communications by incorrectly flagging legitimate emails as phishing attempts. The incident, tracked under the identifier EX1227432, began on February 5, 2026, and is causing valid messages…
Threat Actors Using Ivanti EPMM Flaws to Install Stealth Backdoors
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant backdoors. Unlike typical attacks that immediately steal…
0-Click RCE Found in Claude Desktop Extensions, Putting 10,000+ Users at Risk
A critical “zero-click” vulnerability in Claude Desktop Extensions (DXT) that allows attackers to compromise a computer using nothing more than a Google Calendar event. The flaw, which has been assigned a maximum severity score of CVSS 10/10, affects more than 10,000…
DPRK IT Workers Use Stolen LinkedIn Identities to Secure Remote Employment
A new wave of identity fraud has hit the remote job market, with North Korean (DPRK) operatives adopting a sophisticated new tactic to bypass hiring screens. This development marks a significant shift in tradecraft. Previously, these operatives often relied on…
European Commission Mitigates Cyberattack Aimed at Employee Mobile Information
The European Commission successfully contained a cyberattack targeting its mobile device management infrastructure on January 30, 2026. The incident, which potentially exposed staff names and mobile numbers, was neutralized within nine hours of detection, demonstrating the organization’s robust cybersecurity protocols.…
Hackers Abuse Apple & PayPal Invoice Emails in DKIM Replay Attack Campaign
A sophisticated way to bypass email security by weaponizing legitimate messages from trusted companies like Apple and PayPal. These attacks, known as DKIM replay attacks, exploit email authentication systems to deliver scams that appear completely authentic. The technique is deceptively…