Hackers are injecting malicious JavaScript into compromised WordPress sites to deploy ErrTraffic-powered ClickFix lures, a campaign that achieved nearly 60% victim conversion rates an unprecedented figure in malware ecosystems. Threat actors exploit WordPress vulnerabilities to inject a single line of…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
JetBrains Plugin Security Alert: 70,000+ Installs Linked to AI Key Theft
A coordinated supply chain attack targeting JetBrains IDE users has exposed over 70,000 developers to silent credential theft. The campaign involves at least 15 malicious plugins distributed via the JetBrains Marketplace, masquerading as AI-powered coding assistants built on models such…
Rokarolla Malware Abuses Android Accessibility Services to Steal Banking Credentials
Rokarolla, a new Android banking trojan named after its Command-and-Control (C2) infrastructure, that combines sophisticated social engineering, broad permissions abuse, and a flexible command set to harvest credentials from 217 targeted banking and cryptocurrency apps. Distributed via malicious websites that…
Critical Chrome Flaws Let Attackers Execute Arbitrary Code – Update Immediately
Google has released an urgent Chrome security update addressing multiple critical vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 149.0.7827.155/.156 for Windows and macOS…
Malware Uses Deno Permission Flags to Run Commands and Proxy Internal Network Traffic
A recent intrusion demonstrates how threat actors are shifting toward scripting runtimes to evade traditional detection: attackers delivered a modular Remote Access Trojan (RAT) built on Deno, using social engineering to install a multi-process JavaScript implant that executes commands and…
Fortra Access Manager Security Flaw Exposes Systems to Command Injection
Fortra has reported a critical command injection vulnerability in its Core Privileged Access Manager (BoKS) platform, which could allow remote attackers to execute arbitrary commands with elevated privileges. This could potentially lead to a full system compromise. Tracked as CVE-2026-9862…
NVIDIA NeMo Security Flaw Exposes Systems to Command Injection Attacks
NVIDIA has disclosed multiple high-severity vulnerabilities in its NeMo Framework, including a critical command injection flaw that could allow attackers to execute arbitrary code on affected systems. These issues, outlined in the June 2026 security bulletin, impact NeMo versions up…
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
A critical security vulnerability tracked as CVE-2026-49468 has been disclosed in the LiteLLM framework, exposing deployments to authentication bypass attacks via Host header injection. The issue, published in the GitHub Advisory Database and classified under GHSA-4xpc-pv4p-pm3w, affects all LiteLLM versions…
Silent Ransom Group Targets US Legal Firms With Voice Phishing and Data Theft Extortion
A concentrated data theft extortion campaign by UNC3753 also reported as Luna Moth, Chatty Spider, and Silent Ransom Group targeting dozens of U.S. professional, legal, and financial services firms. The cluster’s hallmark is fast, human-centric intrusions that combine voice phishing…
Hackers Exploit Critical Fortinet FortiSandbox Flaws in Active Attacks
Security researchers have reported active exploitation attempts targeting multiple critical vulnerabilities in Fortinet FortiSandbox appliances, raising concerns about potential compromises in enterprise security infrastructure. According to threat intelligence shared by Defused Cyber, attackers have started leveraging newly disclosed flaws, including…
Novo Nordisk Confirms Cyberattack Exposing Patient Medical Data and Internal AI Assets
Novo Nordisk, the Danish pharmaceutical giant behind blockbuster weight-loss drugs Ozempic and Wegovy, has confirmed a cybersecurity breach involving unauthorized access to sensitive clinical data and internal artificial intelligence (AI) assets. The company disclosed that attackers successfully exfiltrated a limited…
Hackers Use OnionDrop Loader With DLL Sideloading to Deploy Multiple Infostealers
A professionally engineered loader called OnionDrop is being used in high-tempo campaigns to deliver multiple infostealers at scale. Between February 28 and May 20, 2026, YARA retro-hunting uncovered more than 645 unique OnionDrop DLL samples, and deliveries remained active at…
Microsoft Teams Relay Abused by Hackers to Hide Malicious Traffic
Microsoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel technique in which attackers exploit Microsoft Teams’…
Infinite Campus Breach Leaks Personal Information of 137,000 Users
A data breach affecting the widely used K–12 student information system, Infinite Campus, has exposed the personal information of approximately 137,000 users. This incident is linked to an extortion campaign that occurred in March 2026 and has been attributed to…
Hackers Abuse Compromised WordPress Sites to Deliver GULoader Through EtherHiding Chain
In April 2026, incident responders traced a sophisticated intrusion that abused compromised WordPress sites to deliver GULoader via an EtherHiding → ClickFix → UNC-chain. The real-world ClickFix incident produced convergent evidence from an ANY.RUN sandbox detonation and live EDR telemetry,…
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes
Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes, CERT Polska reports. The group historically focused on Polish email providers such as Onet, Wirtualna Polska…
Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts
An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather than capturing credentials with a fake login page, the threat actors persuade victims to complete a…
OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks
A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise. The campaign also affects the TrustPulse and PushEngage plugins, both developed by Awesome Motive, significantly amplifying the attack surface…
Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem
Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse. IBM X-Force’s long-term analysis ties both groups to initial access brokers, private crypters, downloaders, and backdoors…
Russian and Chinese Actors Use AI Translation and Visual Content in Malign Influence Operations
AI is reshaping foreign malign influence operations in subtle but consequential ways. Our analysis of pro-Russia and pro-China inauthentic accounts on X across 2024–2026 shows actors are not leveraging AI primarily to flood platforms with volume. Instead, they are using…