A single developer-known online as RockyBelling has assembled a highly modular PhaaS/MaaS ecosystem that affiliates worldwide use to launch highly targeted IRS and SSA-themed phishing campaigns that predominantly hit U.S. victims. SOCRadar research spanning April 2025–April 2026 ties almost 200…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Microsoft 365 Copilot Vulnerability Exposes Sensitive Data Through One-Click Attack
Microsoft 365 Copilot has been found vulnerable to a critical one-click data exfiltration attack chain dubbed “SearchLeak,” exposing sensitive enterprise data through a combination of AI-specific and traditional web vulnerabilities. Discovered by Varonis Threat Labs, the flaw, tracked as CVE-2026-42824…
Payroll Pirate Campaign Uses AiTM Session Hijacking to Bypass MFA and Redirect Salaries
A financially motivated campaign dubbed “Payroll Pirate” has emerged using advanced phishing and adversary-in-the-middle (AiTM) session hijacking to bypass multifactor authentication (MFA) and reroute payroll disbursements. This operation targets payroll and HR portals at mid-market and enterprise organizations, chaining credential…
Windows 11 Update Causes System Freezes, Triggers BitLocker Recovery, and Breaks OneDrive
Windows 11 cumulative update KB5094126, released on June 9, 2026, for builds 26200.8655 and 26100.8655, is triggering a wave of user reports about system freezes, forced BitLocker recovery screens, and broken OneDrive integration in File Explorer on some devices. While…
Jenkins RCE Flaw Exploited by Attackers in the Wild
A remote code execution (RCE) vulnerability in Jenkins, tracked as CVE-2026-53435, is now actively exploited in the wild. The flaw, stemming from insecure deserialization during Jenkins’ config.xml processing, allows unauthenticated or low-privileged attackers to execute arbitrary code on vulnerable instances, posing a…
Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network
A long-running, highly disciplined intrusion attributed to the China-nexus actor known as Velvet Ant has been revealed as a near-decade campaign of silent access that culminated in the replacement of core authentication components OpenSSH binaries and PAM modules across a…
New DPAPISnoop Tool Enables Extraction of CREDHIST Hashes From Windows Systems
A newly enhanced version of the open-source DPAPISnoop tool is drawing attention in the security community after researchers demonstrated its ability to extract offline-crackable hashes from Windows DPAPI credential history (CREDHIST) files, potentially exposing historical password material and enabling deeper…
SearchJack Adware Campaign Exposes 758,000 Users to Privacy and Phishing Risks
A coordinated campaign of 23 seemingly legitimate Chrome extensions tracked as “SearchJack” has quietly hijacked the default search settings of roughly 758,000 users, routing queries through operator-controlled monetization middleware before returning results. At first glance the extensions promise useful features…
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
Threat intelligence sources have flagged a potential cybersecurity incident involving Nintendo after threat actor “SHADOWBYT3$” allegedly claimed responsibility for breaching internal systems and exfiltrating sensitive data. The claim surfaced on June 13, 2026, via underground monitoring channels and was later…
Palo Alto Warns GlobalProtect VPN Flaw Is Being Actively Exploited
Palo Alto Networks has issued an urgent warning after confirming active exploitation of a GlobalProtect VPN vulnerability, tracked as CVE-2026-0257, impacting PAN-OS deployments with specific configurations. The flaw, which affects the GlobalProtect portal and gateway components, enables an authentication bypass…
PromptSnatcher Browser Extensions Abuse AI Platforms to Capture Full Chat Conversations
PromptSnatcher (internal identifier: Panel 231) is a modern, stealthy data collection operation embedded inside two browser extensions that masquerade as ad‑blockers while harvesting full chat conversations and account metadata from major AI platforms. The extensions deliver genuine ad‑blocking and cookie‑banner…
Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations
CVE-2025-8088, a WinRAR path traversal vulnerability patched in July 2025, remains a potent initial access vector for multiple intrusion sets targeting Ukraine. Analysis of attacks through April 2026 shows at least two distinct campaigns exploiting this vulnerability: a compiled-stealer chain…
Critical Wazuh Flaw Enables Threat Actors to Alter Alerts and Remove Logs
A critical security flaw in Wazuh Manager could allow unauthenticated threat actors to tamper with alerts, delete forensic evidence, and execute arbitrary OpenSearch operations by exploiting an input validation weakness in the platform’s new inventory synchronization pipeline. Tracked under GitHub…
APT37 Hackers Use NarwhalRAT Malware With MS-Themed Phishing and Dead-Drop C2
APT37 is using NarwhalRAT in a tightly engineered intrusion chain that starts with Microsoft-themed spear-phishing, pivots through malicious LNK files and PowerShell, and ends with a Python-based backdoor with dead-drop C2 via pCloud. The campaign is notable for its layered…
Threat Actor Malware Platform Exposed Through Unlocked PHP Installer Page
A misconfigured PHP-based malware distribution platform has been exposed after a security researcher inadvertently gained administrative access via an unlocked installation page, highlighting critical operational security failures in the active threat actor’s infrastructure. The incident, documented on June 11, 2026,…
Maine Shuts Down Breach Reporting Portal Following Fake VRChat and Discord Submissions
The Office of the Maine Attorney General has temporarily taken its public data breach reporting portal offline following the discovery of fraudulent submissions falsely claiming security incidents at VRChat and Discord. The incident, disclosed in an official statement on June…
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code
A newly disclosed Agentjacking attack class can silently weaponize AI coding agents against the very developers who rely on them, requiring no phishing, no server compromise, and no user interaction beyond a developer’s normal workflow of asking their AI assistant…
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases
A critical pre-authentication remote code execution (RCE) vulnerability in Splunk Enterprise has been disclosed, carrying a near-perfect CVSS score of 9.8. Tracked as CVE-2026-20253, the flaw was published by Splunk on June 10, 2026, and affects the PostgreSQL Sidecar Service introduced in Splunk…
Anthropic Blocks Fable 5 and Mythos 5 Following U.S. National Security Directive
Anthropic has disabled all access to its Fable 5 and Mythos 5 artificial intelligence models following a sudden export-control directive from the United States government. Issued at 5:21 PM ET on June 13, 2026, the directive cited pressing national security…
Malicious 152 Chrome Extensions Caught Spoofing Google Organic Search Traffic
A massive, coordinated network of 152 malicious Google Chrome browser extensions has been dismantled after researchers caught the operation generating fake organic Google search traffic. Socket’s Threat Research Team discovered the operation spanning 38 separate Chrome Web Store publisher accounts…