A critical security vulnerability in Airleader Master software has been disclosed by CISA, exposing industrial control systems across multiple critical infrastructure sectors to potential remote code execution attacks. The flaw, tracked as CVE-2026-1358, affects versions up to and including 6.381…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Matryoshka Clickfix Variant Targets macOS Users, Deploys New Stealer Malware
A new variant of the “ClickFix” social engineering campaign specifically targeting macOS users. Codenamed Matryoshka a reference to its multiple nested obfuscation layers this evolution builds on prior ClickFix lures. However, it adds advanced evasion features, including in‑memory decompression and API‑gated communication that make detection…
LockBit 5.0 Emerges: Cross-Platform Ransomware Now Targeting Windows, Linux, and ESXi Systems
LockBit’s new 5.0 version is actively attacking Windows, Linux, and ESXi systems, using a unified yet highly optimized ransomware framework that significantly increases the risk to enterprise environments. Analysis by the Acronis Threat Research Unit (TRU) shows that while all…
FileZen Flaw Allows Attackers to Execute Commands Remotely
A high-severity vulnerability in FileZen, a file transfer solution developed by Soliton Systems K.K., enables authenticated attackers to remotely execute arbitrary operating system commands on affected systems. The security flaw, tracked as CVE-2026-25108, poses a severe risk to organizations using…
CISA Issues Alert on ZLAN ICS Flaws Enabling Full Device Takeover
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding significant security flaws discovered in industrial networking equipment manufactured by ZLAN Information Technology Co. The alert, identified as ICSA-26-041-02, focuses on the ZLAN5143D serial-to-Ethernet device server, a…
ZeroDayRAT Exploit Targets Android & iOS, Enabling Real-Time Surveillance and Massive Data Theft
A newly surfaced mobile spyware platform called ZeroDayRAT is rapidly gaining traction across underground Telegram channels. ZeroDayRAT is designed to give attackers complete remote control over both Android and iOS devices, supporting versions from Android 5 through 16 and iOS up to version 26, including the latest iPhone…
Attackers Exploit Critical BeyondTrust Flaw to Seize Full Active Directory Control
A critical vulnerability, CVE-2026-1731, affecting self-hosted BeyondTrust Remote Support and Privileged Remote Access deployments. This security flaw allows unauthenticated attackers to inject operating system commands, effectively granting them remote code execution capabilities. The severity of this campaign has prompted the…
Chrome 0-Day Enables Remote Code Execution in Ongoing Campaign
Google has released an urgent security update for the Chrome desktop web browser to address a severe high-severity vulnerability that is currently being exploited in the wild. The search giant rolled out the fix on Friday, updating the Stable channel…
Lotus Blossom Hackers Breach Official Notepad++ Hosting Infrastructure
Between June and December 2025, a state-sponsored threat group known as Lotus Blossom quietly hijacked the official hosting infrastructure used to deliver Notepad++ updates, turning a trusted developer tool into a precision espionage delivery channel. By compromising the shared hosting…
REMnux v8 Linux Toolkit Released With AI-Powered Malware Analysis Capabilities
The landscape of malware analysis has taken a significant leap forward with the official release of REMnux v8. This popular Linux toolkit, which has served the security community for fifteen years, has been updated to address modern threats and integrate…
Phishing Campaigns Target Users with Fake Meeting Invites and Update Alerts via Zoom, Teams, and Google Meet
An ongoing wave of phishing campaigns exploiting fake meeting invites from popular video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The attacks use social engineering to lure corporate users into downloading malicious “software updates,” which are, in reality,…
CVE-2025-64712 in Unstructured.io Puts Amazon, Google, and Tech Giants at Risk of Remote Code Execution
A newly disclosed critical flaw, CVE-2025-64712 (CVSS 9.8), in Unstructured.io’s “unstructured” ETL library could let attackers perform arbitrary file writes and potentially achieve remote code execution (RCE) on systems that process untrusted documents. Unstructured is widely used to convert messy business files…
Malicious Chrome AI Extensions Target 260,000 Users with Injected Iframes
As AI tools like ChatGPT, Claude, Gemini, and Grok gain mainstream adoption, cybercriminals are weaponizing their popularity to distribute malicious browser extensions. Security researchers have uncovered a coordinated campaign involving 30 Chrome extensions that masquerade as legitimate AI assistants while…
Chrome Extensions Infect 500K Users to Hijack VKontakte Accounts
A long-running Chrome extension malware campaign has silently hijacked more than 500,000 VKontakte (VK) accounts, forcing users into attacker-controlled groups, resetting their settings every 30 days, and abusing VK’s own infrastructure as command-and-control. What appeared to be harmless VK customization…
OpenClaw 2026.2.12 Released to Patch Over 40 Security Vulnerabilities
The OpenClaw team has officially released version 2026.2.12, a comprehensive update focused heavily on security hardening and architectural stability. This release addresses over 40 security vulnerabilities and stability issues, marking a significant milestone for the AI agent framework. The update…
New XWorm RAT Campaign Leverages Phishing and CVE-2018-0802 Excel Exploit to Bypass Detection
XWorm, a multi-functional .NET‑based RAT first observed in 2022, remains actively traded across cybercrime marketplaces and continues to attract both low-skilled and advanced operators thanks to its rich feature set and plugin-based architecture. Once deployed, it enables full remote control…
CISA Alerts Users to Notepad++ Flaw Allowing Code Execution
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the popular Notepad++ text editor to its Known Exploited Vulnerabilities catalog, warning users of a flaw that could allow attackers to execute malicious code on affected systems.…
CISA Issues Urgent Warning on Microsoft Configuration Manager SQL Injection Vulnerability Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection vulnerability in Microsoft Configuration Manager to its Known Exploited Vulnerabilities (KEV) catalogue. The threat actors are actively exploiting the flaw in the wild. The addition signals immediate…
OysterLoader Evasion Tactics Exposed: Advanced Obfuscation and Rhysida Ransomware Ties Uncovered
OysterLoader, also tracked as Broomstick and CleanUp, is a multi‑stage loader malware written in C++ and actively leveraged in campaigns linked to the Rhysida ransomware group. First highlighted in mid‑2024 during malvertising and SEO‑poisoning campaigns abusing trojanized installers for popular…
next-mdx-remote Vulnerability Allows Arbitrary Code Execution in React SSR
A security vulnerability has been discovered in next-mdx-remote, a popular TypeScript library used for rendering MDX content in React applications. The flaw, tracked as CVE-2026-0969 and identified by researchers at Sejong University, enables attackers to execute arbitrary code on servers…