A sophisticated traffic distribution system (TDS) hiding behind education-themed domains. The operation uses bulletproof hosting to deliver phishing pages, scams, and malware files. Analysts triaged a first-stage JavaScript loader from hxxps[:]//toxicsnake-wifes[.]com/promise/script.js. This revealed a commodity cybercrime farm routing victims to…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
GhostChat Spyware Targets Android Users Through WhatsApp, Steals Sensitive Data
A sneaky Android spyware called GhostChat, which tricks Pakistan-based users with romance scams via WhatsApp. The malware grabs sensitive data like contacts, photos, and files from victims’ devices. Threat actors pose as dating apps to hook targets. GhostChat mimics a…
Hugging Face Repositories Hijacked For Android RAT Delivery, Bypassing Traditional Defenses
A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads. Attackers combine social engineering, legitimate infrastructure abuse, and Accessibility Services exploitation to gain deep device control, evading hash-based detection through rapid…
Over 200 Magento Stores Compromised In Rootkit Rampage via Zero-Day Exploit
A dangerous wave of attacks exploiting CVE-2025-54236, dubbed “SessionReaper,” in Magento e-commerce platforms. This vulnerability lets attackers bypass authentication by reusing invalid session tokens, paving the way for session hijacking and full server takeovers. Researchers uncovered multiple intrusion campaigns hitting…
TAMECAT PowerShell Backdoor Targets Edge and Chrome: Login Credentials At Risk
TAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers while evading detection. Security researchers from Israel’s National Digital Agency detailed its modular design in recent…
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor,…
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently in Google Search results when users search for “mac cleaner,” displaying trusted domains such as docs.google.com…
Swarmer Tool Abuses Windows Registry to Evade Detection and Persist on Systems
Swarmer, a sophisticated tool designed to manipulate Windows registry hives while bypassing endpoint detection systems. The tool exploits legacy Windows infrastructure to achieve persistent access without triggering traditional EDR monitoring systems that typically flag direct registry modifications. Endpoint Detection and…
BlackIce Introduced as Container-Based Red Teaming Toolkit for AI Security Testing
Databricks introduced BlackIce at CAMLIS Red 2025, an open-source containerized toolkit that consolidates 14 widely-used AI security tools into a single, reproducible environment. This innovation addresses critical pain points in AI red teaming by eliminating complex setup procedures and dependency…
Open Directory Exposure Leaks BYOB Framework Across Windows, Linux, and macOS
An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and macOS systems. The discovery, made through Hunt.io’s AttackCapture tooling, reveals an active campaign that has operated…
Critical IDIS IP Camera Vulnerability Allows Full Computer Compromise with One-Click Exploit
A critical vulnerability in IDIS Cloud Manager (ICM) Viewer exposes organizations using IDIS IP cameras to one-click remote code execution (RCE), potentially allowing attackers to compromise Windows systems used to monitor video surveillance fully. IDIS, a South Korea–based global video…
Cybercriminals Leverage AI-Generated Malicious Job Offers to Spread PureRAT Malware
A Vietnamese threat actor is using AI-authored code to power a phishing campaign that delivers the PureRAT malware and related payloads, leveraging realistic job-themed lures to compromise corporate systems. The campaign, first documented by Trend Micro in December 2025, initially…
Gemini MCP Tool 0-Day Vulnerability Exposes Systems to Remote Code Execution
A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code on vulnerable installations without requiring user interaction or authentication. The vulnerability, tracked as CVE-2026-0755 with a CVSS score of 9.8,…
eSkimming Attacks Surge with Evolving Tactics and Ongoing Recovery Challenges
A new longitudinal study of Magecart-style eSkimming attacks overturns the assumption that discovery equals recovery. Instead of being a one-time incident that ends with script removal, eSkimming is emerging as a long-lived, shape‑shifting threat that lingers on previously compromised sites…
Cal.com Broken Access Controls Lead to Account Takeover and Data Exposure
Cal.com, an open-source scheduling platform and developer-friendly alternative to Calendly, recently patched a set of critical vulnerabilities that exposed user accounts and sensitive booking data to attackers. The flaws, discovered by Gecko’s AI security engineer in Cal.com Cloud, allowed complete…
Critical vm2 Flaw Lets Attackers Bypass Sandbox and Execute Arbitrary Code in Node.js
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback functions, allowing remote code execution without…
ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games
A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A sophisticated identity-theft campaign has emerged, targeting Single Sign-On (SSO) platforms particularly Okta across more than…
CISA Urges Public to Stay Alert Against Rising Natural Disaster Scams
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize on the chaos and emotional vulnerability of…
G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified as “G_Wagon,” employs multi-stage obfuscation techniques to extract browser credentials, cryptocurrency wallets, cloud authentication keys,…
Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain begins with a deceptively simple but effective technique. Attackers create throwaway GitHub accounts and fork…