The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This specific security flaw, identified as CVE-2008-0015, impacts the Windows Video ActiveX Control and allows for remote…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
New SysUpdate Variant Malware Discovered, Decryption Tool for Linux C2 Traffic Released
A new Linux malware sample that strongly aligns with the SysUpdate malware family used by APT27/Iron Tiger. Initially detected on a client’s system, the binary behaved like a system service and executed the GNU/Linux id command when run without specific arguments, returning…
MetaMask Users Targeted by Phishing Emails with Fake Security Report to Bypass Detection
A new phishing campaign is targeting MetaMask users with cleverly crafted emails designed to trick recipients into enabling a fake Two-Factor Authentication (2FA) setup. The lure includes a forged “security report” PDF meant to mimic a legitimate notification about unusual…
Foxveil Malware Loader Uses Cloudflare, Netlify, and Discord to Bypass Detection
A new malware loader, dubbed Foxveil, that abuses trusted platforms such as Cloudflare Pages, Netlify, and Discord to stage and deliver malicious payloads while evading traditional detection methods. Active since at least August 2025, the loader is used as an…
CISA Warns of Actively Exploited Google Chromium 0‑Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Google Chromium engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracking as CVE-2026-2441, this security flaw is currently being actively exploited in the wild. The…
New Phishing Campaign Exploits Booking.com Partners, Targets Customers in Multi-Stage Fraud Scheme
New phishing activity is again abusing the Booking.com ecosystem to defraud both hotel partners and their guests, using a coordinated multi‑stage campaign that blends email, infrastructure abuse, and social engineering across email and WhatsApp. The primary objective is financial gain, using tailored…
Critical Flaw in Windows Admin Center Exposes Systems to Privilege Escalation Attacks
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying on the platform for server management. The…
CRESCENTHARVEST Malware Campaign Uses Iran Protest Lures to Deploy Info‑Stealing RAT
A new malware campaign, dubbed CRESCENTHARVEST, that abuses the ongoing Iran protest narrative to deliver a powerful information‑stealing remote access trojan (RAT) against Farsi‑speaking users. The operation appears tailored to supporters of the protests and other Iran‑focused audiences, with a clear…
OpenClaw AI ‘Log Poisoning’ Flaw Enables Malicious Content Injection
A severe “log poisoning” vulnerability has been discovered in the popular OpenClaw AI assistant, potentially allowing attackers to manipulate the agent’s behaviour through indirect prompt injection. OpenClaw, an open-source autonomous agent known for its deep system integrations and ability to…
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk…
Russia Set to Block Telegram Access Nationwide from April 1
Russia is preparing to implement a nationwide block on Telegram starting April 1, 2026, according to reports from the Russian insider channel Baza. The move would make the messaging platform completely inaccessible without VPN technology, mirroring previous restrictions imposed on…
Cybercriminals Exploit Atlassian Cloud to Launch Spam Campaigns Promoting Fraudulent Investments
Cybercriminals abused Atlassian Cloud’s trusted infrastructure to run a burst of highly automated spam campaigns that redirected victims to fraudulent investment schemes and online casinos, highlighting the growing risk of SaaS-powered email abuse. By riding on Atlassian Jira Cloud’s strong…
Matanbuchus 3.0 Unleashes AstarionRAT via ClickFix Social Engineering and Silent MSI Installs
Matanbuchus 3.0 has resurfaced in a tightly orchestrated intrusion chain that blends ClickFix social engineering, silent MSI installations, DLL sideloading, and a new remote access trojan dubbed AstarionRAT, underscoring how mature loaders are evolving toward stealthy, multi‑stage operations rather than simple payload…
Washington Hotel in Japan Hit by Ransomware Attack
Washington Hotel, a prominent hotel chain in Japan, has confirmed a ransomware attack that compromised several of its servers on February 13, 2026. The incident was detected at 10:00 PM when unauthorized access was identified on multiple servers, prompting immediate…
New ‘ClickFix’ Malware Payload Targets Browser Cache, Warns Cybersecurity Experts
Threat actors on underground forums are now promoting a new “ClickFix” payload-delivery technique that hides malware in the browser cache to evade endpoint detection and response (EDR) tools. The seller pitches the method as an evolution of existing ClickFix/FileFix social‑engineering…
India’s Largest Pharmacy Exposes Customer Personal Data and Internal System Access
A major security vulnerability was recently discovered in the online infrastructure of Dava India, one of the country’s largest generic pharmacy retail chains. The breach, identified by security researcher Eaton, exposed sensitive customer personal data and granted unauthorized access to…
EU Parliament Suspends AI Integration on Corporate Devices Over Cybersecurity Fears
The European Parliament has taken a precautionary step by disabling built-in artificial intelligence features on work devices issued to lawmakers and staff members, citing unresolved cybersecurity and data protection risks. The decision follows an internal IT security assessment that identified potential vulnerabilities…
New Sophisticated ‘Carding-as-a-Service’ Marketplaces Fuel Surge in Credit Card Fraud
Credit card fraud has matured into a service-based criminal economy where stolen cards, malware, and support are bundled and sold like commercial products. Underground “dump shops” such as Findsome, UltimateShop, and Brian’s Club now operate as full-fledged carding-as-a-service (CaaS) marketplaces, mirroring legitimate…
DigitStealer Infostealer Targets macOS, Revealing Critical Infrastructure Vulnerabilities
DigitStealer is an increasingly active macOS‑targeting infostealer whose predictable command‑and‑control (C2) setup exposes structural weaknesses in its operators’ infrastructure decisions. While technically sophisticated on the endpoint, its reuse of the same providers, protocols, and registration patterns has made much of…
Firefox v147.0.3 Released with Critical Fix for Heap Buffer Overflow Vulnerability
Mozilla has released an emergency security update for Firefox, addressing a critical heap buffer overflow vulnerability in the libvpx library. The update, version 147.0.4, was announced on February 16, 2026, alongside corresponding patches for Firefox ESR 140.7.1 and ESR 115.32.1.…