Russian state-sponsored hackers, known as APT28 or Fancy Bear, have launched a new wave of cyberattacks targeting government and military organizations across Europe. This sophisticated espionage campaign, observed in late January 2026, targets the theft on secrets from maritime and…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems
A new cyber-espionage threat group dubbed Amaranth-Dragon. Active throughout 2025, this group has launched highly targeted attacks against government and law enforcement agencies across Southeast Asia. Evidence links Amaranth-Dragon to APT-41, a notorious Chinese state-sponsored hacking group, due to shared tools and…
Threat Actors Exploiting NGINX Servers to Redirect Web Traffic to Malicious Sites
A new cyber campaign where attackers are hijacking web servers to redirect visitors to malicious websites . The campaign targets NGINX, a popular web server software, and specifically focuses on servers using the Baota (BT) management panel. The attackers, linked…
New DesckVB RAT Unveiled with Multi-Stage Infection Chain and Plugin-Based Architecture
A sophisticated strain of the DeskVB Remote Access Trojan (RAT) has been identified in the wild, showcasing a highly modular architecture and a complex, multi-stage infection chain. While the malware family itself is not entirely new, this latest iteration (v2.9.0.0)…
New 3-Step Malvertising Chain Exploits Facebook Ads to Promote Tech Support Scam Kit
A new, sophisticated malvertising campaign targeting users in the United States. This attack leverages Facebook’s massive paid advertising platform to lure victims into a tech support scam (TSS) kit. The campaign is notable for its rapid infrastructure rotation and a…
CISA Confirms VMware ESXi 0-Day Vulnerability Exploited in Ransomware Operations
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting VMware ESXi to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-22225, this zero-day flaw allows attackers to escape security sandboxes. It is currently being leveraged in…
Microsoft to Integrate Sysmon Threat Detection Natively into Windows 11
Microsoft has officially begun rolling out native System Monitor (Sysmon) functionality to Windows 11, marking a significant shift for threat hunters and security operations centers (SOCs). Released via the Windows 11 Insider Preview Build 26300.7733 (Dev Channel) on February 3,…
Cisco Warns of Meeting Management Flaw Enabling Arbitrary File Upload by Remote Attackers
Cisco has released a security advisory detailing a high-severity vulnerability in Cisco Meeting Management (CMM). The flaw, caused by improper input validation, allows authenticated remote attackers to upload arbitrary files and potentially execute commands with root privileges. The vulnerability is located…
Cyberattackers Exploit DNS TXT Records in ClickFix Script to Execute Malicious PowerShell Commands
A new evolution in the “ClickFix” social engineering campaigns, dubbed KongTuke. This latest variant, observed actively since late December 2025, distinguishes itself by leveraging DNS TXT records to stage and retrieve malicious payloads, marking a significant shift in evasion tactics. The “ClickFix” technique…
WatchGuard VPN Client Flaw on Windows Enables SYSTEM‑Level Command Execution
WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to execute arbitrary commands…
Critical ASUSTOR NAS Security Flaw Enables Complete Device Takeover
A severe vulnerability affecting ASUSTOR Network Attached Storage (NAS) devices has been disclosed, potentially allowing unauthenticated attackers to seize full control of affected systems. Tracked as CVE-2026-24936, this critical flaw carries a CVSS v4.0 base score of 9.5, highlighting the urgency for…
PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users
A new threat called PhantomVAI, a custom “loader” used to launch cyberattacks worldwide. A loader is a type of malicious software designed to secretly download and start other dangerous programs on a victim’s computer. What makes PhantomVAI special is that…
New AI-Powered Threat Allows Hackers to Gain AWS Admin Access in Minutes
A highly sophisticated offensive cloud operation targeting an AWS environment.The attack was notable for its extreme speed taking less than 10 minutes to go from initial entry to full administrative control and its heavy reliance on AI automation. The threat…
TP-Link Vulnerabilities Let Hackers Take Full Control of Devices
TP-Link has disclosed multiple critical authenticated command injection vulnerabilities affecting the Archer BE230 v1.2 Wi-Fi router, enabling attackers with administrative access to execute arbitrary commands and seize complete control of affected devices. Security researchers jro, caprinuxx, and sunshinefactory discovered nine…
Hackers Exfiltrate NTDS.dit File, Gain Full Control of Active Directory Environments
Active Directory serves as the central repository for an organization’s authentication infrastructure, making it a prime target for sophisticated threat actors. The NTDS.dit database, which stores encrypted password hashes and critical domain configuration data, is the crown jewel of enterprise…
CISA Warns of Exploited GitLab Community and Enterprise SSRF Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical server-side request forgery (SSRF) vulnerability affecting GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2021-39935, is now confirmed to be under…
Threat Actors Conduct Widespread Scanning for Exposed Citrix NetScaler Login Pages
A coordinated reconnaissance campaign targeting Citrix ADC (NetScaler) Gateway infrastructure worldwide. The operation used over 63,000 residential proxy IPs and AWS cloud infrastructure to map login panels and enumerate software versions, a clear indicator of pre-exploitation preparation. The scanning activity…
CISA Adds SolarWinds Web Help Desk RCE Flaw to Known Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability CVE‑2025‑40551 affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is rated critical because it enables remote code execution (RCE) and can be exploited without authentication. According…
Chrome Flaws Enable Arbitrary Code Execution and System Crashes
Google has released a new Stable Channel update for Chrome (version 144.0.7559.132/.133) on February 3, 2026, addressing two high‑severity vulnerabilities that could allow attackers to execute arbitrary code or cause system crashes. The update is rolling out gradually for Windows, macOS, and…
ValleyRAT Masquerades as LINE Installer to Target Users and Harvest Login Credentials
A malware campaign where cybercriminals distribute a fake LINE messenger installer that secretly deploys the ValleyRAT malware to steal credentials and evade detection. Since early 2025, threat actors have increasingly used fraudulent software installers to deliver malware. This campaign shares techniques with previously discovered LetsVPN-themed attacks,…