Microsoft’s June 2026 cumulative update for Windows 11 (KB5095051, OS Build 28000.2269) introduces an unexpected application compatibility issue that may disrupt enterprise workflows, as users report that Microsoft Office applications fail to launch when opened via certain third-party applications. The…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data
A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitive data and establish command-and-control (C2) channels directly within the database engine, significantly expanding the post-exploitation attack surface.…
Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution
Splunk has disclosed a critical security vulnerability in its AI Toolkit that could allow authenticated administrators to execute arbitrary operating system commands on affected systems, raising significant concerns for enterprises that rely on Splunk for security analytics and automation. The…
Modified OpenSSH Binaries Let Velvet Ant Steal Passwords, Log Commands, and Hide Activity
A long-running, stealthy campaign attributed to the China-nexus actor tracked as Velvet Ant has been found to include deeply engineered backdoors in the authentication stack: modified OpenSSH binaries and tampered PAM modules that exfiltrate credentials, record every executed command, and…
FortiBleed Exploit Campaign Hits 70,000+ Fortinet Firewalls Worldwide
A large-scale cyber espionage campaign dubbed “FortiBleed” has compromised more than 70,000 Fortinet firewalls and VPN gateways worldwide, exposing enterprise networks across 194 countries. The activity, first identified by security researcher Volodymyr Diachenko and further analyzed by Hudson Rock and…
Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender
Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a proof-of-concept (PoC) exploit dubbed “RoguePlanet” by security researcher NightmareEclipse. The vulnerability, classified as an elevation-of-privilege flaw, was officially published on…
Financially Motivated Hackers Turn Legitimate IT Tools Into Remote Access Payloads
A novel evolution of LLMjacking: a threat actor leveraging a publicly exposed Ollama model server as the reasoning engine for an automated, multi-stage offensive framework. Rather than using the model for chat or resale, the attacker integrated unauthenticated model inference…
AI-Generated ClickFix Campaign Delivers SmartRAT Banking Trojan via Fake Brazilian Bank Website
Multiple instances of typosquatting domains hosting malicious content generated with AI-powered website creation tools. One striking campaign combined an AI-created fake Brazilian bank site with a ClickFix social-engineering lure to deliver a PowerShell-based remote access trojan Zscaler named SmartRAT. The…
Hackers Use Reporter Impersonation to Target C-Suite Executives in Social Engineering Attacks
A recent engagement demonstrates how persuasive pretexts and careful reconnaissance let attackers bypass technical controls by exploiting human trust at the executive level. Rather than inventing a sophisticated exploit, testers impersonated a journalist reporting an anonymous tip about hazardous-waste disposal…
Malicious LNK Files Disguised as Job Resumes Target Corporate Employees
Malicious LNK files masquerading as job resumes are being used in targeted campaigns against corporate employees, combining social engineering with multi-stage malware delivery to achieve stealthy persistence and remote access. Attackers craft filenames that include company names and job titles…
Hackers Use AI-Generated YouTube Narrators to Promote Crypto Clipper Malware
A sophisticated social‑engineering campaign is leveraging AI‑generated YouTube narrators, ghost accounts across multiple platforms, and manipulated reputation signals to distribute a Rust‑based clipboard hijacker that steals cryptocurrency by replacing wallet addresses on victims’ clipboards. The operation centers on a WordPress…
Modular Phishing Kit Uses GitHub Pages to Steal Payment Card Details and Passwords
A sophisticated, long-running phishing operation has evolved into a serverless, modular campaign that weaponizes GitHub Pages to harvest payment card data, credentials, and customer identifiers from banking customers in Mexico. The campaign’s architecture centers on a phishing kit containing a…
ClickFix Attack Deploys Potemkin Loader, RMMProject RAT, and EtherRAT Across 11 Hosts
A sophisticated ClickFix social engineering campaign in May 2026 triggered a full hands-on-keyboard intrusion spanning 11 hosts, deploying a novel trio of malicious tools: Potemkin loader, RMMProject RAT, and EtherRAT. The attack chain began when the user visited a compromised…
Sapphire Sleet macOS Malware Abuses curl-to-osascript Execution for Multi-Stage Payload Delivery
Sapphire Sleet’s latest macOS campaign uses crafted .scpt AppleScript lures that pipe curl output directly to osascript, enabling a compact, multi-stage payload chain that executes entirely within Script Editor and evades many built‑in macOS protections. The infection begins with a…
Hackers Target npm Ecosystem by Compromising 140+ Mastra Packages
A large-scale software supply chain attack has compromised more than 140 npm packages under the widely used Mastra namespace, exposing developers, CI/CD pipelines, and enterprise environments to a stealthy cross-platform infostealer. The campaign, uncovered by the Socket Research Team on…
Google Cloud Vertex AI Vulnerability Lets Attackers Take Over and Poison AI Models
A critical vulnerability in Google Cloud’s Vertex AI has been discovered, allowing attackers to hijack machine learning model uploads, poison artifacts, and achieve cross-tenant remote code execution (RCE) without any prior access to the victim’s environment. Dubbed “Pickle in the…
Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity
Attackers are increasingly targeting cloud logging platforms to evade detection and maintain persistent visibility into compromised environments. The report highlights how critical services such as AWS CloudTrail and Google Cloud Logging, designed to provide comprehensive audit trails, are being actively…
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic
Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows builds internally labelled WIN_DRV and WIN_PLUS preserve the original SprySOCKS protocol and command set while adding…
Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers
A sophisticated malware campaign has been abusing Steam Workshop’s sharing model to distribute backdoors, infostealers and crypto miners hidden inside Wallpaper Engine packages, primarily targeting gamers in China and Russia. The campaign exploits Wallpaper Engine’s “application” wallpaper type essentially standalone…
7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass
A significant authentication flaw has been discovered in the PPP stack of OpenBSD, allowing attackers to bypass the Password Authentication Protocol (PAP) validation and gain unauthorized network access. Although this vulnerability was patched in June 2026, it originated from legacy…