The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability CVE‑2025‑40551 affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is rated critical because it enables remote code execution (RCE) and can be exploited without authentication. According…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Chrome Flaws Enable Arbitrary Code Execution and System Crashes
Google has released a new Stable Channel update for Chrome (version 144.0.7559.132/.133) on February 3, 2026, addressing two high‑severity vulnerabilities that could allow attackers to execute arbitrary code or cause system crashes. The update is rolling out gradually for Windows, macOS, and…
ValleyRAT Masquerades as LINE Installer to Target Users and Harvest Login Credentials
A malware campaign where cybercriminals distribute a fake LINE messenger installer that secretly deploys the ValleyRAT malware to steal credentials and evade detection. Since early 2025, threat actors have increasingly used fraudulent software installers to deliver malware. This campaign shares techniques with previously discovered LetsVPN-themed attacks,…
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks
A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate…
Ingress-NGINX Flaw Enables Arbitrary Code Execution Attacks
A high-severity vulnerability has been discovered in the Kubernetes ingress-nginx controller, allowing attackers to execute arbitrary code and potentially compromise entire clusters. Tracked as CVE-2026-24512, this high-severity flaw enables malicious actors to inject configuration directives through the ingress controller and…
Shadow DNS Operation Abuses Compromised Routers to Manipulate Internet Traffic
A sophisticated shadow DNS network that hijacks internet traffic by compromising home and business routers. The operation, active since mid-2022, manipulates DNS resolution through malicious resolvers hosted by Aeza International (AS210644), a bulletproof hosting provider sanctioned by the U.S. Treasury…
Critical Django Flaw Allows DoS and SQL Injection Attacks
The Django Software Foundation has issued emergency security patches addressing six critical vulnerabilities affecting multiple versions of the popular Python web framework. Released on February 3, 2026, the updates fix severe flaws that could enable attackers to execute SQL injection…
Hackers Actively Exploit React Native Metro Server to Target Software Developers
Threat actors are exploiting a critical remote code execution vulnerability in React Native’s Metro development server to deploy sophisticated malware payloads targeting software developers worldwide. The vulnerability, tracked as CVE-2025-11953 and nicknamed “Metro4Shell,” allows unauthenticated attackers to execute arbitrary operating system commands…
PDFly Variant Uses Custom PyInstaller Tweaks to Obfuscate Payload, Thwarting Analysis
A new malware variant dubbed “PDFly” is abusing a heavily modified PyInstaller stub to hide its Python bytecode, forcing analysts to reverse-engineer a custom decryption routine before any meaningful analysis can begin. A closely related sample, “PDFClick,” shows almost identical…
Fake Compliance Emails Weaponize Word and PDF Attachments to Steal Sensitive Data
A newly observed phishing campaign is abusing fake “audit/compliance confirmation” emails to target macOS users and steal highly sensitive data. The campaign uses convincing business-themed lures and malicious attachments that masquerade as Word or PDF files to trick employees into…
Fake Dropbox Phishing Campaign Targets Users, Steals Login Credentials
A sophisticated phishing campaign that uses a multi-stage approach to bypass email filtering and content-scanning systems. The attack exploits trusted platforms, benign file formats, and layered redirection techniques to harvest user credentials from unsuspecting victims successfully. The attack chain begins…
Infostealer Attacks Hit macOS, Abusing Python and Trusted Platforms
A sharp rise in campaigns targeting macOS users, while attackers also ramp up Python‑based stealers and abuse trusted platforms like WhatsApp and popular PDF utilities. These attacks focus on harvesting credentials, browser data, cloud keys, and cryptocurrency wallets, then quietly…
GlassWorm Infiltrates VSX Extensions With 22,000+ Downloads to Target Developers
A new GlassWorm-linked supply chain attack abusing the Open VSX Registry, this time via a suspected compromise of a legitimate publisher’s credentials rather than typosquatted packages. The Open VSX security team assessed the activity as consistent with leaked tokens or…
Malicious Google Play App With 50K+ Downloads Spreads Anatsa Banking Trojan
A malicious application on the Google Play Store masquerading as a legitimate document reader. The deceptive application, which has accumulated over 50,000 downloads, functions as a dropper for the notorious Anatsa banking trojan, a sophisticated malware strain known for targeting…
Abuse of OpenClaw AI Capabilities Enables Stealthy Malware Campaigns
Hundreds of malicious skills are distributed through OpenClaw’s marketplace, transforming the popular AI agent ecosystem into a new supply chain attack vector. Threat actors are weaponizing the platform’s extensibility features to deliver droppers, backdoors, and infostealers disguised as legitimate automation…
GhostChat Malware Locks Victims’ Devices, Demands Passcodes for Restoration
A new Android spyware campaign that uses romance scams and fake chat profiles to spy on users in Pakistan. The malicious app, named GhostChat and detected as Android/Spy.GhostChat.A, disguises itself as a dating chat platform but is actually built for…
Mozilla Introduces Global Kill Switch for Firefox AI Capabilities
Mozilla has rolled out comprehensive AI controls in Firefox 148, launching February 24, 2026, allowing users to globally disable all generative AI features across the browser. The update addresses growing user concerns about AI integration while maintaining optional AI functionality…
Chollima APT Hackers Weaponize LNK Files to Deploy Sophisticated Malware
In March 2025, the Ricochet Chollima APT group, widely recognized as APT37 and linked to North Korean state-sponsored operations, launched a targeted spear-phishing campaign against activists focused on North Korean affairs. The threat actors initiated the attack chain via spear-phishing…
New “Punishing Owl” Hacker Group Targets Networks Linked to Russian Security Agency
A previously unknown threat actor calling itself Punishing Owl has claimed responsibility for breaching a Russian government security agency, marking the emergence of what cybersecurity researchers believe is a new politically motivated hacktivist collective. The attack demonstrated sophisticated operational security…
Russian Hacker Alliance Launches Large-Scale Cyberattack Targeting Denmark
A pro-Russian hacker alliance calling itself “Russian Legion” has issued direct threats against Denmark, warning of large-scale cyberattacks linked to the country’s planned military support to Ukraine. The campaign appears designed to combine disruptive cyber activity with psychological pressure on…