The OPNsense team has started the new year with the release of version 25.7.11, bringing a notable networking enhancement: a native host discovery service that deepens visibility into connected devices and tightens policy control across the firewall. Native host discovery improves network visibility. The…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Spear-Phishing Campaign Abuses Argentine Federal Court Rulings to Deliver Covert RAT
Seqrite Labs has uncovered a sophisticated spear-phishing campaign targeting Argentina’s judicial sector with a multi-stage infection chain designed to deploy a stealthy Rust-based Remote Access Trojan (RAT). The campaign primarily targets Argentina’s judicial institutions, legal professionals, justice-adjacent government bodies, and…
Critical WordPress Plugin Vulnerability Exposes 100,000+ Websites to Privilege Escalation Attacks
A critical privilege escalation vulnerability discovered in the Advanced Custom Fields: Extended WordPress plugin threatens over 100,000 active installations. The vulnerability, identified as CVE-2025-14533 with a CVSS score of 9.8, allows unauthenticated attackers to elevate their privileges to administrative by…
VoidLink Debuts AI-Assisted, Server-Side Kernel Compilation Rootkit Technique
On January 13, 2026, Check Point Research published its analysis of VoidLink, a Chinese-developed Linux malware framework designed to target cloud environments. Following this disclosure, the Sysdig Threat Research Team (TRT) examined VoidLink’s binaries to understand its loader chain, rootkit…
TP-Link Router Flaw Enables Authentication Bypass Through Password Recovery Mechanism
TP-Link has disclosed a high-severity authentication bypass vulnerability affecting its VIGI security camera lineup, allowing attackers on local networks to reset administrator passwords without verification. The flaw lies in the password recovery feature of the local web interface, which is exploited via client-side state…
Discord Exploited to Spread Clipboard Hijacker Stealing Cryptocurrency Funds
CloudSEK’s STRIKE team has uncovered a sophisticated cryptocurrency theft operation orchestrated by the threat actor “RedLineCyber,” who deliberately impersonates the notorious RedLine Solutions to establish credibility within underground communities. Rather than collecting comprehensive system data, the malware employs a highly…
SolyxImmortal Malware Abuses Discord to Quietly Harvest Sensitive Information
A newly discovered information-stealing malware, SolyxImmortal, has emerged as a persistent surveillance threat targeting Windows users. Distributed through underground Telegram channels, this Python-based implant combines credential theft, document harvesting, keystroke logging, and screen capture capabilities into a continuously running surveillance…
WhisperPair Vulnerability Allows Attackers to Pair Devices Without User Consent
Google’s Fast Pair technology has revolutionised Bluetooth connectivity, enabling seamless one-tap pairing across supported accessories and account synchronisation for millions of users. However, a critical vulnerability discovered in flagship audio accessories threatens the security of hundreds of millions of devices. Attribute Details …
Critical AVEVA Software Flaws Allow Remote Code Execution With SYSTEM Privileges
AVEVA has disclosed seven critical and high-severity vulnerabilities in its Process Optimization software (formerly ROMeo) that could enable attackers to execute remote code with SYSTEM privileges and completely compromise industrial control systems. The security bulletin, published on January 13, 2026,…
Cloudflare Zero-Day Flaw Allows Attackers to Bypass Security and Access Any Host
A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers from FearsOff discovered on October 9, 2025, that requests targeting a specific certificate-validation path could completely…
Google Ads Exploited to Deliver TamperedChef Through Malicious PDF Editor
A sophisticated malvertising campaign tracked as TamperedChef has compromised over 100 organizations across 19 countries by distributing weaponized PDF editing software through Google Ads. Sophos Managed Detection and Response (MDR) teams discovered the operation in September 2025, revealing a multi-layered…
Google Gemini Flaw Allows Access to Private Meeting Details Through Calendar Events
A harmless-looking Google Calendar invite has revealed a new frontier in the exploitation of artificial intelligence (AI). Security researchers at Miggo discovered a vulnerability in Google Gemini’s integration with Google Calendar that allowed attackers to bypass privacy controls and exfiltrate sensitive…
Visual Studio Code Abused in Sophisticated Multistage Malware Attacks
A newly analyzed campaign dubbed “Evelyn Stealer” is turning the Visual Studio Code (VSC) extension ecosystem into an attack delivery platform, enabling threat actors to compromise software developers and pivot deeper into enterprise environments. The campaign abuses seemingly legitimate extensions…
Remcos RAT Campaign Uses Trojanized VeraCrypt Installers to Steal Credentials
AhnLab Security Intelligence Center (ASEC) has identified an active Remcos RAT campaign targeting users in South Korea. The malware is being spread through multiple channels. It often masquerades as VeraCrypt utilities or tools used within illegal online gambling ecosystems. Once…
Cybercriminals Impersonate Malwarebytes to Steal User Credentials
As part of an ongoing effort to highlight active and technically interesting intrusions, a new “Flash Hunting Findings” investigation has uncovered a short but well‑structured malware campaign impersonating MalwareBytes to deliver infostealers and steal user logins and crypto‑wallet data. The…
Windows SMB Client Vulnerability Exposes Organizations to Full Active Directory Compromise
A severe vulnerability in Windows Server Message Block (SMB) client authentication has emerged as a critical threat to Active Directory environments. CVE-2025-33073, a logical flaw in NTLM reflection handling, enables authenticated attackers to escalate to SYSTEM-level privileges and compromise domain controllers, potentially…
CIRO Confirms Data Breach Impacting 750,000 Canadian Investors
The Canadian Investment Regulatory Organization (CIRO) has officially confirmed a significant data breach affecting approximately 750,000 Canadian investors, stemming from a sophisticated phishing attack initially detected in August 2025. The organization publicly disclosed the incident on January 14, 2026, following a comprehensive…
Unmasked by Leaks: The Hidden Backbone of a Ransomware Operation
The leaks tied to the BlackBasta ransomware group and Russian hosting company Media Land pulled back the curtain on something defenders rarely get to see: the internal machinery and people behind a major ransomware operation. In February 2025, an unknown…
Pulsar RAT Abuses Memory-Only Execution and HVNC for Stealthy Remote Takeover
Pulsar RAT, an advanced evolution of the open-source Quasar RAT, is actively targeting Windows systems with enhanced stealth capabilities and fileless execution techniques. This modular remote access trojan combines memory-only loading, hidden virtual network computing (HVNC), and cryptocurrency wallet clipping to establish persistent backdoor…
Five Chrome Extensions Used to Hijack Enterprise HR and ERP Systems
Socket’s Threat Research Team has uncovered a coordinated Chrome extension campaign targeting enterprise HR and ERP platforms, including Workday, NetSuite, and SAP SuccessFactors. Five malicious extensions, collectively installed over 2,300 times, work together to steal session tokens, block security controls,…