Firefox has launched a major update to help protect web applications from Cross-Site Scripting (XSS) attacks. With the release of Firefox 148, Mozilla introduces the new standardized Sanitizer API, making it the first browser to ship this built-in security tool.…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Kali Linux Introduces Claude AI for Automated Penetration Testing Using Model Context Protocol
Offensive security operations are evolving with a new method for running Kali Linux. By combining Kali with Anthropic’s Claude AI via the Model Context Protocol (MCP), security analysts can now execute penetration testing tools using simple natural language. This moves…
Steaelite RAT Drives Surge in Double Extortion Attacks on Enterprises
A newly surfaced Remote Access Trojan (RAT) named Stealer is rapidly gaining traction across cybercrime networks, fueling a fresh wave of double-extortion incidents against enterprise targets. It offers features such as HVNC (Hidden Virtual Network Computing) monitoring and banking application bypass capabilities once reserved for advanced, custom-built…
Google Disrupts Chinese Hacker Network Behind 53 Telecom, Gov’t Breaches
Google and its partners have disrupted a major Chinese state-linked cyber espionage campaign that breached at least 53 telecommunications and government entities across 42 countries on four continents. The operation, led by Google Threat Intelligence Group (GTIG) alongside Mandiant and…
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Cisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.…
Hackers Exploit Cortex XDR Live Terminal for C2 Communications
Hackers can repurpose the Cortex XDR Live Terminal feature as a stealthy, EDR‑trusted command‑and‑control (C2) channel, effectively turning a built‑in response tool into a “living off the land” backdoor on protected endpoints. This abuse leverages the agent’s trusted communications and…
CISA Issues Alert on Active Exploitation of FileZen Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The vulnerability affects FileZen, a file-sharing and data transfer product developed by Japanese…
Critical SolarWinds Serv-U Vulnerabilities Enable Remote Root Access
SolarWinds has released a critical security update for its Serv-U file transfer software, patching four vulnerabilities that could allow attackers to execute arbitrary code with root-level privileges on affected servers. All four flaws carry a CVSS score of 9.1, placing…
Cybercriminals Exploit Fake Avast Website to Steal Users Credit Card Information
Cybercriminals have launched a convincing phishing operation by building a fake Avast website designed to steal credit card information from unsuspecting visitors. The fraudulent page mimics Avast’s official portal almost perfectly, complete with the genuine Avast logo pulled directly from…
Android RAT SURXRAT Grants Hackers Full Device Control and Data Exfiltration
SURXRAT is an actively developed Android Remote Access Trojan (RAT) sold as a commercial malware-as-a-service (MaaS) on Telegram, giving attackers full device control and powerful data‑stealing capabilities. It combines large‑scale affiliate distribution, cloud‑hosted command‑and‑control, and even experimental AI modules, making…
Threat Actors Exploit Apache ActiveMQ Vulnerability to Gain RDP Access, Deploy LockBit Ransomware
Threat actors recently abused a critical Apache ActiveMQ vulnerability to gain deep access to a Windows environment, eventually deploying LockBit ransomware over RDP. The attack shows how failing to patch CVE-2023-46604 can give adversaries repeat access and time to turn an initial…
OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
OAuth consent attacks in Microsoft Entra ID are giving threat actors a stealthy path to cloud email, and even trusted apps like ChatGPT can become a vehicle if permissions are abused. In this hypothetical case, a user in an Entra…
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft has warned that threat actors are weaponizing malicious Next.js repositories to compromise developers through what appear to be legitimate projects and recruiting‑style technical assessments. The campaign abuses normal workflows in Visual Studio Code and Node.js to reach a staged…
US Sanctions Exploit Brokers Behind Theft of Government Cyber Tools
The United States Department of the Treasury has taken decisive action against a network of exploit brokers responsible for trafficking stolen government cyber tools. On February 24, 2026, the Office of Foreign Assets Control designated Russian national Sergey Zelenyuk and…
VMware Aria Flaws Enable Attackers to Execute Remote Code
Broadcom has released security advisory VMSA-2026-0001 on February 24, 2026, disclosing three vulnerabilities in VMware Aria Operations that could allow attackers to execute arbitrary commands remotely. The flaws affect VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform, and…
Threat Actors Exploit Weaponized AI to Seize Full Domain Access in Under 30 Minutes
Threat actors are rapidly weaponizing artificial intelligence to move from initial access to full domain compromise in under half an hour, leaving defenders with almost no room for error or delay. As enterprises adopt AI across development, identity, and cloud…
Cybercriminals Exploit Windows Management Instrumentation WMI to Maintain Stealthy Access and Silent Control
Windows Management Instrumentation (WMI) is a critical utility built into the Windows operating system designed to help administrators monitor status and automate routine tasks. However, cybercriminals have increasingly weaponized this legitimate infrastructure to maintain persistent access to compromised networks. Unlike…
Massive Conduent Data Breach Exfiltrates 8 TB Affects Over 25 Million Americans
A massive data breach at business services giant Conduent has compromised the sensitive personal information of over 25 million Americans, making it one of the largest cybersecurity incidents in recent history. The breach, which went undetected for nearly three months,…
Malicious NuGet Packages Target ASP.NET Developers to Steal Login Credentials
Malicious NuGet packages posing as legitimate developer utilities are targeting ASP.NET projects to steal identity credentials and silently backdoor applications through a localhost proxy. All four were published between August 12–21, 2024, by a NuGet user named “hamzazaheer” and have…
Chinese AI Labs Launch Massive Distillation Attacks on Anthropic Claude, Tracking 13M Exchanges
Anthropic has identified and exposed industrial-scale data extraction campaigns orchestrated by three major Chinese AI laboratories: DeepSeek, Moonshot, and MiniMax. These organizations utilized approximately 24,000 fraudulent accounts to generate over 16 million exchanges with Anthropic’s Claude models. The primary objective…