A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes
A widespread ransomware campaign targeting misconfigured MongoDB databases continues to compromise thousands of servers worldwide, with attackers exploiting internet-exposed instances that lack basic authentication controls. Recent research reveals that opportunistic threat actors are leveraging automated scripts to wipe databases and…
Best E-Signature Solutions For Secure Digital Signing In 2026
As digital transactions become the backbone of modern business, secure electronic signatures are no longer optional. In 2026, organizations face increasing risks related to document fraud, identity theft, and regulatory violations. Choosing the right e-signature solution is now a cybersecurity…
Top 10 Best DNS Filtering Solutions 2026
In 2026, the perimeter is gone. Your users are everywhere, and the “castle and moat” security model is obsolete. The most effective way to secure a hybrid workforce is through DNS filtering and Secure Access Service Edge (SASE). These tools…
Metasploit Update Introduces 7 Exploit Modules Affecting Popular Enterprise Platforms
A significant Metasploit Framework update (version 6.4.111) featuring seven new exploit modules that target critical vulnerabilities across widely deployed enterprise systems. This release demonstrates the increasing sophistication of attack chains leveraging authentication bypass vulnerabilities chained with subsequent code execution techniques.…
SCADA Flaw Enables DoS Condition, Impacting Availability of Affected Systems
A vulnerability affecting the Mitsubishi Electric Iconics Suite, a widely deployed supervisory control and data acquisition (SCADA) system used across industrial sectors, including automotive, energy, and manufacturing. The flaw, tracked as CVE-2025-0921, carries a CVSS score of 6.5 (Medium severity)…
Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure
A sophisticated traffic distribution system (TDS) hiding behind education-themed domains. The operation uses bulletproof hosting to deliver phishing pages, scams, and malware files. Analysts triaged a first-stage JavaScript loader from hxxps[:]//toxicsnake-wifes[.]com/promise/script.js. This revealed a commodity cybercrime farm routing victims to…
GhostChat Spyware Targets Android Users Through WhatsApp, Steals Sensitive Data
A sneaky Android spyware called GhostChat, which tricks Pakistan-based users with romance scams via WhatsApp. The malware grabs sensitive data like contacts, photos, and files from victims’ devices. Threat actors pose as dating apps to hook targets. GhostChat mimics a…
Hugging Face Repositories Hijacked For Android RAT Delivery, Bypassing Traditional Defenses
A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads. Attackers combine social engineering, legitimate infrastructure abuse, and Accessibility Services exploitation to gain deep device control, evading hash-based detection through rapid…
Over 200 Magento Stores Compromised In Rootkit Rampage via Zero-Day Exploit
A dangerous wave of attacks exploiting CVE-2025-54236, dubbed “SessionReaper,” in Magento e-commerce platforms. This vulnerability lets attackers bypass authentication by reusing invalid session tokens, paving the way for session hijacking and full server takeovers. Researchers uncovered multiple intrusion campaigns hitting…
TAMECAT PowerShell Backdoor Targets Edge and Chrome: Login Credentials At Risk
TAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers while evading detection. Security researchers from Israel’s National Digital Agency detailed its modular design in recent…
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor,…
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently in Google Search results when users search for “mac cleaner,” displaying trusted domains such as docs.google.com…
Swarmer Tool Abuses Windows Registry to Evade Detection and Persist on Systems
Swarmer, a sophisticated tool designed to manipulate Windows registry hives while bypassing endpoint detection systems. The tool exploits legacy Windows infrastructure to achieve persistent access without triggering traditional EDR monitoring systems that typically flag direct registry modifications. Endpoint Detection and…
BlackIce Introduced as Container-Based Red Teaming Toolkit for AI Security Testing
Databricks introduced BlackIce at CAMLIS Red 2025, an open-source containerized toolkit that consolidates 14 widely-used AI security tools into a single, reproducible environment. This innovation addresses critical pain points in AI red teaming by eliminating complex setup procedures and dependency…
Open Directory Exposure Leaks BYOB Framework Across Windows, Linux, and macOS
An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and macOS systems. The discovery, made through Hunt.io’s AttackCapture tooling, reveals an active campaign that has operated…
Critical IDIS IP Camera Vulnerability Allows Full Computer Compromise with One-Click Exploit
A critical vulnerability in IDIS Cloud Manager (ICM) Viewer exposes organizations using IDIS IP cameras to one-click remote code execution (RCE), potentially allowing attackers to compromise Windows systems used to monitor video surveillance fully. IDIS, a South Korea–based global video…
Cybercriminals Leverage AI-Generated Malicious Job Offers to Spread PureRAT Malware
A Vietnamese threat actor is using AI-authored code to power a phishing campaign that delivers the PureRAT malware and related payloads, leveraging realistic job-themed lures to compromise corporate systems. The campaign, first documented by Trend Micro in December 2025, initially…
Gemini MCP Tool 0-Day Vulnerability Exposes Systems to Remote Code Execution
A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code on vulnerable installations without requiring user interaction or authentication. The vulnerability, tracked as CVE-2026-0755 with a CVSS score of 9.8,…
eSkimming Attacks Surge with Evolving Tactics and Ongoing Recovery Challenges
A new longitudinal study of Magecart-style eSkimming attacks overturns the assumption that discovery equals recovery. Instead of being a one-time incident that ends with script removal, eSkimming is emerging as a long-lived, shape‑shifting threat that lingers on previously compromised sites…