Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack

The ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identified as malicious and…

Fake Tax Assessment Pages Spread Windows Malware

Hackers are actively targeting Windows users with fake Indian Income Tax assessment pages in a campaign tracked as TAX#TRIDENT. The campaign begins with fraudulent tax assessment or penalty pages designed to create urgency. Victims are prompted to download what appears…

Pardus Linux Vulnerability Lets Local Attackers Gain Silent Root Access

A critical privilege escalation vulnerability chain, tracked as CVE-2026-5140, has been discovered in the Pardus Linux update mechanism, allowing local users to gain full root access without authentication. The issue, rated CVSS 9.3 (Critical), affects the pardus-update package and stems from a combination of…

Void Botnet Leverages Ethereum for Resilient C2

A newly identified botnet, named Void, is leveraging Ethereum smart contracts to build a resilient, hard-to-disrupt command-and-control (C2) infrastructure, marking a continued evolution in blockchain-enabled cybercrime. Discovered in March 2026 and advertised on a Russian-language cybercrime forum, Void Botnet follows…

Trapdoor Android Ad Fraud Ring Abuses 455 Apps for Fake Clicks

A large-scale Android ad fraud campaign named “Trapdoor,” exposing a sophisticated ecosystem built on 455 malicious apps and 183 command-and-control (C2) domains. The operation combines malvertising, automated click fraud, and advanced evasion techniques to create a self-sustaining revenue loop that…

Single-Letter Go Module Typosquat Drops DNS-Based Backdoor

A newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor. A malicious Go module, github.com/shopsprint/decimal, designed to impersonate the widely trusted github.com/shopspring/decimal library used for high-precision arithmetic in financial and analytics applications.…

DevilNFC Malware Traps Android Users in NFC Relay Attacks

A newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victims during NFC relay attacks. These malware families mark a significant evolution in NFC relay threats. Unlike…

FreePBX Security Flaw Lets Attackers Access User Portals

A critical security vulnerability has been discovered in FreePBX, a widely used open-source PBX platform, allowing unauthenticated attackers to access user portals under certain conditions. The flaw, tracked as CVE-2026-46376, carries a CVSS v4 base score of 9.1 and affects…

PoC Exploit Released for DirtyDecrypt Linux Kernel Vulnerability

PoC exploit code for the DirtyDecrypt (DirtyCBC) Linux kernel vulnerability has been released publicly, turning a previously theoretical local privilege escalation into a practical, copy‑paste exploit path to root on specific Linux distributions. DirtyDecrypt (also called DirtyCBC) is a local privilege…

UAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated Malware

UAC-0184 uses a multi‑stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed binaries such as VSLauncher.exe and PassMark Endpoint to gain stealthy network access on Ukrainian military networks. CERT‑UA…

macOS Malware Abuses Fake Google Update for Persistence

A newly observed variant of the SHub macOS infostealer, dubbed “Reaper,” is expanding its capabilities with stealthier delivery, enhanced data theft, and a persistence mechanism disguised as a legitimate Google software update. The Reaper variant continues SHub’s use of fake…