A newly disclosed forensic investigation has revealed that Pegasus spyware was used to hack a sitting Member of the European Parliament (MEP) who was actively investigating spyware abuses across the European Union. This raises serious concerns about surveillance targeting democratic…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Fake Google Play Store Pages Use Trusted Brand Names to Push Gambling PWAs
Scammers are exploiting consumers’ trust in household and financial brands by deploying polished fake Google Play Store pages and social media ads that push Progressive Web Apps (PWAs) linked to online casinos. The fraud begins with paid social creative on…
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware
Threat actors are currently exploiting sophisticated ClickFix social engineering campaigns that mimic Google and Cloudflare verification systems to distribute several high-impact malware families, including StealC, HijackLoader, NetSupport RAT, and newly identified loaders. Recent threat intelligence research indicates that these campaigns…
Alibaba Reportedly Bans Claude Code Over Alleged Backdoor Risk in AI Coding Tool
Alibaba is reportedly preparing to ban the use of Anthropic’s Claude Code across its internal environments starting July 10. This decision comes in light of allegations that the AI-powered coding assistant has a covert detection mechanism resembling a backdoor. The…
Microsoft Exchange SSRF Vulnerability Lets Low-Privileged Attackers Read Arbitrary Files
A newly disclosed vulnerability in Microsoft Exchange, identified as CVE-2026-45504 (CVSS score: 8.8), exposes a critical server-side request forgery (SSRF) flaw. This issue allows authenticated low-privileged users to access and read arbitrary files from vulnerable Exchange servers. The vulnerability, discovered…
Hackers Use Fake API Documentation to Trick AI Agents Into Sending Crypto Payments
Hackers are now weaponizing documentation and site metadata to mislead autonomous AI agents into executing cryptocurrency payments. The attack leverages indirect prompt injection (IPI): malicious instructions hidden in web content and structured data that influence an AI agent’s reasoning during…
Anthropic Unveils Cyber Jailbreak Severity Framework for Claude Fable 5 Safeguards
Anthropic has provided detailed technical insights into the cybersecurity safeguards of its redeployed Claude Fable 5 model. Alongside this, they have introduced a proposed Cyber Jailbreak Severity (CJS) framework designed to standardize how AI jailbreak risks are measured across various…
ChatGPT Guardrail Bypass Vulnerability Exposes LFI Risk Through Download Flow
A now-patched guardrail bypass in ChatGPT that could be exploited through a Local File Inclusion (LFI) vulnerability via its file download mechanism. This incident underscores how logic flaws in large language model (LLM) workflows, particularly concerning temporary file handling and…
FBI Says TeamPCP Uses Trojanized Updates to Steal Cloud Tokens, SSH Keys, and Kubernetes Secrets
The Federal Bureau of Investigation (FBI) has issued an urgent FLASH advisory warning that the cybercriminal group TeamPCP is weaponizing trojanized software updates to harvest cloud access tokens, SSH keys, and Kubernetes secrets at scale. This campaign represents one of…
Hackers Use Compromised Websites and transcript.pdf.js Lure to Deliver PureLog Stealer
Hackers are using compromised websites and a deceptive transcript.pdf.js lure to deliver PureLog Stealer through a layered, fileless infection chain that leans heavily on PowerShell, trusted cloud infrastructure, and in-memory execution. The campaign, described in the attached research, shows how…
Claude Cowork Sandbox Flaw Lets Attackers Execute Commands as Root in Hyper-V VM
A newly disclosed sandbox escape technique in Anthropic’s Claude Cowork for Windows illustrates how attackers can achieve root-level command execution inside a Hyper-V–isolated Ubuntu virtual machine (VM) by exploiting design vulnerabilities in CoworkVMService and its Remote Procedure Call (RPC) interface.…
SharkLoader Malware Uses Perfect DLL Hijacking to Execute Cobalt Strike in Memory
SharkLoader, used by an intrusion cluster tracked as StrikeShark to deliver Cobalt Strike Beacon entirely in memory across a wide international footprint. The campaign combines opportunistic exploitation of exposed internet-facing infrastructure with custom droppers disguised as trusted installers to establish…
CitrixBleed Vulnerability Exploitation Within 24 Hours of Disclosure
Citrix NetScaler appliances are currently facing significant threats due to the rapid exploitation of a newly disclosed memory disclosure vulnerability, CVE-2026-8451, which is part of the evolving “CitrixBleed” class. This high-severity flaw (CVSS 8.8), disclosed on June 30, 2026, in…
Google Disrupts NetNut Residential Proxy Botnet Used for Malware C2 and Password Spray Attacks
Google has disrupted the NetNut residential proxy botnet, a large-scale infrastructure widely exploited for malware command-and-control (C2) operations and password spray attacks. This coordinated effort involved the FBI, Lumen, and various industry partners. It was announced by Google’s Threat Intelligence…
Hackers Compromise GitHub Maintainer Accounts to Publish PolinRider-Infected Package Versions
A widescale escalation in the PolinRider supply‑chain campaign: threat actors have compromised GitHub maintainer accounts to publish infected package versions across multiple ecosystems. The investigation identified 162 malicious release artifacts across 108 unique packages and extensions in npm, Packagist, Go…
Opera Browser Adds Native Paste Protect to Stop Clipboard Hijacking and Code Injection Attacks
Opera has announced a new native security feature called “Paste Protect,” which aims to combat clipboard hijacking and command injection attacks directly within the browser. This marks a significant advancement in proactive endpoint protection at the user interaction level. Introduced…
Hackers Abuse ScreenConnect Remote Access Tool to Deploy AsyncRAT Through Fake Installers
A wide-reaching campaign in which attackers abused the legitimate remote administration tool ScreenConnect to deploy AsyncRAT via faux software installers. The infection chain leverages trusted binaries, DLL sideloading, reflective loading and process hollowing to achieve stealthy persistence and remote control…
950 Oracle E-Business Suite Instances Exposed as CVE-2026-46817 Attacks Observed in the Wild
Around 950 internet-facing Oracle E-Business Suite (EBS) instances have been identified as exposed following enhanced scanning efforts. At the same time, active exploitation attempts tied to CVE-2026-46817 have already been observed in the wild. The findings were disclosed by The…
Phishing Campaign Uses Fake Invoice PDF to Drop AsyncRAT, VenomRAT, and XWorm
A sophisticated phishing campaign that uses a fake invoice PDF to mask the delivery of multiple remote access trojans primarily AsyncRAT, but also VenomRAT and XWorm via layered shortcuts. TryCloudflare quick tunnels, and disguised Python packages. The campaign echoes an…
CISA Adds Actively Exploited Microsoft SharePoint Vulnerability to KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a newly discovered vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition highlights the active exploitation risks present in enterprise environments. The…