Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection logic and…

Read more →

A severe security flaw has been discovered in the Ninja Forms File Upload plugin, a widely utilized WordPress add-on that allows website administrators to accept documents, images, and other media from their visitors. Tracked officially as CVE-2026-0740, this unauthenticated arbitrary…

Read more →

Microsoft is warning that a fast‑moving threat actor it tracks as Storm‑1175 is aggressively exploiting vulnerabilities in internet‑exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm‑1175 is a financially motivated group known for high‑velocity…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, indicating that threat…

Read more →

A newly discovered zero-day vulnerability, dubbed “BlueHammer,” has been publicly disclosed. The flaw, which has been linked to Windows Defender, allows attackers to achieve Local Privilege Escalation (LPE) and potentially gain full administrative access to compromised systems. Because a patch…

Read more →

A new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information‑stealing malware on Windows and macOS systems. The campaign targets users searching for free or pirated versions of TradingView…

Read more →

A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university AI service. Marketed as an OpenAI-compatible, Tor-routed proxy requiring no API keys, the package actually hijacks a…

Read more →

Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already…

Read more →

Google has announced a significant update for its Chrome browser, extending native lazy loading capabilities to audio and video elements. This highly anticipated feature aims to improve web performance, drastically save bandwidth, and offer subtle security benefits by controlling when…

Read more →

Hackers are abusing Windows shortcut files and GitHub to run a stealthy, multi‑stage malware campaign against organizations in South Korea. The operation chains LNK files, PowerShell, and GitHub APIs to deliver surveillance tools while blending into normal enterprise traffic.The campaign…

Read more →

An automated campaign abusing GitHub’s pull_request_target workflow trigger to steal CI/CD secrets at scale. The attacker, using the handle ezmtebo, fired off more than 475 malicious pull requests (PRs) in just 26 hours, impersonating routine CI configuration updates to trick maintainers. The campaign…

Read more →

North Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running under constant pressure. Years of sanctions, coordinated law-enforcement pressure, and rapid public disclosure of campaigns…

Read more →

Anthropic’s flagship AI coding agent, Claude Code, was recently discovered to contain a critical security flaw that silently bypasses developer-configured safety rules. The vulnerability allows attackers to execute blocked commands, such as data exfiltration scripts, by simply padding them with…

Read more →

Google has announced a record-breaking year for its Vulnerability Reward Program (VRP). In 2025, the tech giant paid out more than $17 million to ethical hackers worldwide to help secure its platforms. This major milestone marks a massive 40% increase…

Read more →

German authorities have officially put a face to one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias “UNKN.” According to…

Read more →

The Apache Software Foundation has released critical security updates to address two vulnerabilities in Apache Traffic Server (ATS). Disclosed on April 2, 2026, these flaws could allow remote threat actors to trigger denial-of-service (DoS) conditions or execute HTTP request smuggling…

Read more →

Hackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross‑platform remote access trojan (RAT) on macOS, Windows, and Linux systems. Axios is one of the JavaScript ecosystem’s most…

Read more →

The official WordPress website for ILSpy, a highly popular open-source tool used by software developers to examine .NET code, has been compromised. Hackers successfully breached the site to redirect visitors and deliver malware, turning a trusted developer resource into a…

Read more →

A newly discovered critical vulnerability in the open-source Dgraph database system leaves servers exposed to complete system takeovers. Tracked as CVE-2026-34976 and carrying a maximum CVSS score of 10.0, this missing authorization flaw allows remote, unauthenticated attackers to overwrite databases,…

Read more →

A newly identified Windows malware dubbed ResokerRAT abuses Telegram’s Bot API as its main command-and-control (C2) channel to remotely monitor and control infected systems without relying on a traditional attacker‑owned server. By blending in with legitimate encrypted Telegram traffic, it becomes harder…

Read more →