Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers,…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Compromise Laravel-Lang Packages via 700 GitHub Repos
A sophisticated and active supply chain attack has struck the Laravel-Lang open-source organization, compromising over 700 historical package versions across four widely used PHP localization repositories. The attack, detected on May 22, 2026, and reported by both Aikido Security and the Socket Research…
Claude Mythos Preview Discovers 10,000+ 0-Days in Glasswing
Anthropic has published an update on Project Glasswing, its collaborative AI-powered vulnerability discovery initiative launched last month, revealing that Claude Mythos, the company’s most capable and tightly restricted model, has already surfaced more than 10,000 high- or critical-severity zero-day vulnerabilities…
Hackers Exploit Middle East Telecoms for Massive C2 Operations
Hackers are increasingly abusing Middle East telecommunications networks and hosting providers to operate large-scale command-and-control (C2) infrastructure. The findings highlight a strategic shift away from disposable indicators toward infrastructure-level tracking, allowing defenders to identify persistent patterns behind cyber operations rather…
Google’s Exploit Code Release Raises Concern Over Unfixed Chromium Security Bug
Google’s recent release of proof-of-concept (PoC) exploit code for a still-unpatched Chromium vulnerability has sparked significant concern across the cybersecurity community. The flaw, first reported in late 2022 by security researcher Lyra Rebane, remains unresolved after more than three years,…
World Cup Phishing Surge: 203 Malicious IPs Detected
The scale of phishing activity targeting the 2026 FIFA World Cup has expanded dramatically, with new research revealing a far broader and more complex threat landscape than initially reported. What began as a cluster of 79 malicious domains has now…
Russian Hackers Exploit RDP, VPNs, Supply Chains for Initial Access
Russian state-sponsored and aligned threat groups are increasingly combining Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), supply chain compromise, and sophisticated social engineering to gain initial access to targeted networks across government, critical infrastructure, and commercial sectors. This multi-vector…
CISA Adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting active exploitation risks and urging immediate remediation. The vulnerability stems from an origin validation flaw…
Popular npm Package “art-template” Backdoored in Watering-Hole Attack
Hackers compromised the popular art-template npm package to inject a stealthy backdoor that redirected users’ browsers to a malicious watering‑hole site delivering a Coruna‑class iOS exploit framework. The campaign turned a widely used JavaScript templating library into a delivery vehicle…
Hackers Use Six-Layer Persistence on FreePBX Systems
Hackers are actively exploiting FreePBX systems using a highly resilient six-layer persistence mechanism. The campaign has been attributed with high confidence to the threat actor INJ3CTOR3, known for targeting VoIP infrastructure for financial gain since 2019. The operation deploys a…
Hackers Weaponize NF-e Invoice Lures to Deploy Banana RAT
Hackers are actively using Brazil’s electronic invoice system (NF-e) as a lure to distribute a sophisticated banking trojan known as Banana RAT. The campaign has been attributed to a financially motivated threat cluster tracked as SHADOW-WATER-063 and appears exclusively focused…
CISA Issues Alert on Exploited Microsoft Defender Zero-Day Vulnerabilities
CISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Known Exploited Vulnerabilities (KEV) catalog on May 20, 2026. CVE-2026-45498: Microsoft Defender DoS Vulnerability CVE-2026-45498 is a denial-of-service (DoS)…
Android Malware Secretly Signs Users Up for Premium Services
Android users are being targeted by a large-scale malware campaign that silently subscribes victims to premium mobile services without their knowledge. The malware campaign focuses on carrier billing fraud, abusing premium SMS services to generate revenue for attackers. What makes…
Splunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data Exposure
Splunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt Splunk Enterprise deployments through denial-of-service (DoS) conditions. The patches address issues in both Splunk Enterprise and the Splunk…
Google API Key Issue Allows Deleted Keys to Retain Access to Cloud Services
Google Cloud API keys may continue functioning for up to 23 minutes after deletion, exposing a significant security gap that could allow attackers to retain unauthorized access to cloud services even after credentials are revoked. Google API Deleted Keys to…
FBI Warns Kali365 PhaaS Platform Targets Microsoft 365 Users to Steal Logins
The U.S. Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (Alert I-052126-PSA) warning about a newly identified Phishing-as-a-Service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users. First observed in April 2026, the platform enables attackers…
Operation Dragon Whistle Targets Changzhou University with Malicious LNK Files
A recent phishing campaign dubbed “Operation Dragon Whistle” highlights an evolving trend in cyberattacks: threat actors abusing legitimate developer tools and cloud services to maintain stealth and persistence. Although initially linked to targeting academic environments such as Changzhou University, new…
Hackers Hide Malware in Nested macOS-Style Folders to Evade Scans
Hackers are increasingly adopting stealthy delivery techniques, and a newly uncovered spear-phishing campaign shows how nested macOS-like folder structures can be abused to evade detection while deploying advanced malware. The phishing email carries a ZIP attachment named “常州大学2026年《国家学生体质健康标准》测试通知最终版.zip,” posing as…
Megalodon Malware Rapidly Infects Over 5,500 GitHub Repositories
A newly identified malware campaign dubbed “Megalodon” has compromised more than 5,500 GitHub repositories, raising serious concerns about the security of open-source ecosystems. Security researchers from SafeDep report that the malware spreads through malicious code injections hidden inside seemingly legitimate…
CISA Warns Trend Micro Apex One Vulnerability Is Being Exploited in Attacks
CISA has added a newly disclosed vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively being exploited in real-world attacks. The issue, tracked as CVE-2026-34926, affects on-premise deployments of Trend…