Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. Security researchers recently demonstrated this vulnerability by exploiting the very malware infrastructure designed to steal victims’ credentials. StealC Malware and Its Infrastructure Weaknesses…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Windows 11 January Update Sparks Widespread Shutdown Complaints
Microsoft’s latest security update for Windows 11 has triggered an unexpected problem affecting enterprise users: PCs equipped with Secure Launch are unable to shut down or hibernate properly. Instead of powering off, affected devices restart automatically, disrupting workflows and forcing…
Best Security Awareness Training Platforms For 2026
Security awareness training platforms empower organizations to combat rising cyber threats by educating employees on phishing, ransomware, and social engineering in 2026. These top 10 solutions deliver simulated attacks, personalized learning, and measurable risk reduction for businesses seeking robust human…
Go 1.26 Released With Fixes for Multiple Vulnerabilities Causing Memory Exhaustion
The Go development team has released Go versions 1.25.6 and 1.24.12, addressing six critical security vulnerabilities that could enable denial-of-service attacks, arbitrary code execution, and unauthorised session resumption. These minor point releases follow the Go security policy and represent significant…
UAT-8837 Launches Targeted Attacks to Steal Sensitive Organizational Data
UAT-8837, a China-nexus advanced persistent threat (APT) actor, is conducting sustained campaigns against critical infrastructure sectors across North America. The group, assessed with medium confidence based on tactical overlaps with known Chinese threat actors, specializes in obtaining initial access to…
NSA Publishes New Guidelines for Implementing a Zero Trust Security Model
The National Security Agency has published the first two products in its Zero Trust Implementation Guidelines series, offering organizations practical recommendations for adopting Zero Trust security models. These foundational resources represent a significant step toward strengthening the cybersecurity posture of federal and private-sector entities. …
Cisco Secure Email Gateway Zero-Day RCE Exploited in Active Attacks
Cisco has confirmed an ongoing cyberattack campaign targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances, in which threat actors are executing arbitrary commands with root-level privileges on affected systems. The company became aware of the attack on…
Google Begins Rolling Out Long-Awaited @gmail.com Email Feature to Users
Google has initiated a gradual rollout of a highly requested feature that allows users to change their primary Google Account email address from one @gmail.com address to another. The functionality, which has been available in limited scenarios, is now being rolled out to all…
Zero-Click Exploit Chain Discovered Targeting Google Pixel 9 Devices
Security researchers at Google Project Zero have disclosed a complete zero-click exploit chain affecting Google Pixel 9 smartphones, chaining vulnerabilities in the Dolby audio decoder and kernel driver to achieve code execution and privilege escalation without any user interaction. The…
AWS Console Supply Chain Breach Enables GitHub Repository Hijacking
A newly reported supply chain attack targeting the Amazon Web Services (AWS) management console has raised alarms across the developer community. Cybersecurity researchers have discovered that threat actors are exploiting misconfigured AWS credentials and integrated GitHub actions to hijack repositories and inject…
Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches
Cymulate Research Labs discovered a high-severity authentication bypass vulnerability in Microsoft Windows Admin Centre’s Azure AD Single Sign-On implementation that enables attackers with local administrator access on a single machine to compromise any other Windows Admin Center-managed system within the…
Palo Alto Networks Firewall Vulnerability Allows Attackers To Trigger Denial Of Service
Palo Alto Networks has released security updates to address a high‑severity denial-of-service (DoS) vulnerability in PAN-OS that could allow unauthenticated attackers to repeatedly crash firewalls configured with GlobalProtect, forcing them into maintenance mode and disrupting network availability. The flaw, tracked…
Microsoft and Authorities Dismatles BEC Attack Chain Powered By RedVDS Fraud Engine
Microsoft, in collaboration with U.S. and U.K. authorities, has announced a major international operation that dismantled RedVDS, a cybercrime‑as‑a‑service platform linked to large‑scale business email compromise (BEC) and AI‑powered fraud schemes. The joint action supported by German authorities and Europol…
Windows Remote Assistance Vulnerability Allow attacker To bypass Security Features
Microsoft has published details of CVE-2026-20824 as a security feature bypass vulnerability in Windows Remote Assistance, assigning it an “Important” severity rating with a CVSS v3.1 base score of 5.5 (temporal 4.8). The issue is categorized under CWE-693 (Protection Mechanism Failure), meaning…
Critical Cal.com Vulnerability Let Attackers Bypass Authentication and Hijack Any User Account
A newly disclosed critical vulnerability in Cal.com, an open-source scheduling and booking platform, could allow attackers to bypass authentication and gain full access to any user account. The flaw, identified by GitHub researcher pedroccastro and tracked as GHSA-7hg4-x4pr-3hrg, affects Cal.com versions 3.1.6 through 6.0.6. The issue…
Promptware Kill Chain – Five-step Kill Chain Model For Analyzing Cyberthreats
Promptware Kill Chain is a new five-step model that explains how attacks against AI systems powered by large language models (LLMs) behave more like full malware campaigns than one-off “prompt injection” tricks. It treats malicious prompts and poisoned content as…
GoLogin vs MultiLogin vs VMLogin – What’s the Anti-Detect Browsers Difference?
A web browser is a door to the Global Network, allows to surf through different resources, obtain all required information, watch films, earn money, and many more legal and partly legal activities. It depends on the size of the door,…
LLMs Supercharge Ransomware Speed, Scale, and Global Reach
Large language models are not fundamentally transforming ransomware operations. However, they are dramatically accelerating the threat landscape through measurable gains in speed, volume, and multilingual capabilities. According to SentinelLABS research, adversaries are leveraging LLMs across reconnaissance, phishing, tooling assistance, data…
CastleLoader Malware Targets U.S. Government Agencies
Security researchers are sounding the alarm over CastleLoader, a stealthy first-stage malware loader now implicated in campaigns targeting US-based government entities and multiple high-value industries. According to a recent deep-dive by ANY.RUN’s malware analysis team, the loader has been observed…
Google Releases Chrome 144, Fixing 10 V8 Engine Vulnerabilities
Google has launched Chrome 144 for desktop platforms, addressing ten security vulnerabilities including multiple high-severity flaws in the V8 JavaScript engine. The stable channel update began rolling out on January 13, 2026, for Windows, Mac, and Linux systems. Chrome 144.0.7559.59…