Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Weaponized DMG Files Deliver macOS Infostealer Malware

A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are leveraging convincing, branded DMG installers and social-engineering tricks to bypass Gatekeeper and trick users into executing…

BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems

A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in mid-to-late March 2026 and suspected to target Israeli entities, BLUERABBIT implements a full-spectrum intrusion framework:…

Hackers Use Residential Proxies Networks to Evade Detection

The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer networks.  Follow‑up analysis of billions of DNS resolutions across Infoblox Threat Defense Cloud customers reveals a…

Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader

Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in turn deploys a Havoc Demon implant in memory. TRU attributes both operations to a previously unreported…

PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability

A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM/arm64 environments. The flaw, dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem…

Ivanti Command Injection Flaw Exploited After PoC Code Release

Ivanti Sentry is facing active exploitation attempts following the public release of proof-of-concept (PoC) code targeting a critical OS command injection vulnerability tracked as CVE-2026-10520. The flaw, along with a second critical issue (CVE-2026-10523), was disclosed by Ivanti on June…

73 Microsoft Packages Weaponized in Password Stealer Attack

GitHub disabled 73 repositories across four Microsoft organizations Azure, Azure-Samples, microsoft, and MicrosoftDocs inside a 105-second window. Each repo now shows GitHub’s “This repository has been disabled. Access to this repository has been disabled by GitHub Staff due to a…

Tax Phishing Emails Deliver In-Memory Malware to Windows Systems

Cybercriminals are leveraging tax-themed phishing emails to deploy sophisticated in-memory malware on Windows systems, bypassing traditional disk-based detection mechanisms. The attack cascade begins when victims receive phishing emails containing malicious attachments disguised as official tax documents, W-2 forms, or rejected…

Malicious npm Package ‘dbmux’ Targets Developers

Malware was discovered in the npm package dbmux. Any computer with this package installed or running should be considered fully compromised. The GitHub Advisory (GHSA-62wx-5f55-w8g2) characterizes the incident as severe: any machine with dbmux installed or executing it should be…

OpenClaw AI Agent Leaks Credentials in Phishing Simulation

Autonomous email agents can become high‑impact phishing victims, leaking cloud credentials and sensitive business data even when wrapped in explicit safety instructions. In a controlled lab deployment on the OpenClaw agent platform, an AI agent dubbed “Pinchy” failed multiple classic…