Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A new wave of malicious browser extensions is quietly harvesting sensitive user interactions with AI tools, in a growing threat now dubbed “prompt poaching.” The rise of AI assistants in everyday browsing has created a usability gap. Most users interact…

Read more →

BlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi‑stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built‑in tools such as certutil.exe, heavily…

Read more →

Open VSX, the extension marketplace used by VS Code forks such as Cursor and Windsurf, recently fixed a critical vulnerability in its newly introduced pre-publish scanning pipeline that could allow malicious extensions to bypass security checks and go live undetected.…

Read more →

The European Commission has confirmed a cybersecurity incident affecting its cloud-based infrastructure after attackers gained access to an Amazon Web Services (AWS) account hosting parts of the Europa.eu platform. According to an official statement, the compromised infrastructure supported the Commission’s…

Read more →

The Internet Systems Consortium (ISC) has released critical security advisories addressing three new vulnerabilities in the widely used BIND 9 Domain Name System (DNS) software suite. If left unpatched, remote attackers could exploit these weaknesses to bypass access control lists,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targets continuous integration and continuous…

Read more →

A threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to coincide with the country’s busy tax-filing and corporate restructuring season. The campaign focuses heavily on manufacturers and enterprises that are…

Read more →

The FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers successfully compromised two widely used developer tools, creating a cascading security incident for organizations building artificial…

Read more →

Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility. Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentially grant threat actors unauthorised remote access to…

Read more →

A South Asian financial institution has been hit by a custom malware toolkit combining a modular backdoor, dubbed BRUSHWORM, and a DLL side‑loaded keylogger known as BRUSHLOGGER.  The attackers relied on a backdoor initially named paint.exe and a keylogger masquerading as libcurl.dll,…

Read more →

A multi-cluster cyberespionage operation in which attackers used USB-propagated malware, multiple RATs, loaders, and a custom stealer to target a Southeast Asian government organization between June and August 2025. Analysts initially observed USB-borne malware dubbed USBFect (also known as HIUPAN), which spreads…

Read more →

Microsoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as CVE-2026-20817. This flaw allows a local attacker with standard user rights to escalate to SYSTEM privileges by exploiting improper permission…

Read more →

A sharp rise in PXA Stealer campaigns targeting global financial institutions during the first quarter of 2026. The activity marks a notable shift in the infostealer landscape, with PXA Stealer filling the gap left by the takedowns of major malware…

Read more →

The Internet Systems Consortium (ISC) has released a critical security advisory addressing a high-severity vulnerability in its Kea DHCP server software.  Kea is a modern, high-performance DHCP server widely used by enterprise networks and internet service providers to manage network…

Read more →

A newly discovered macOS infostealer dubbed Infiniti Stealer is being actively distributed through deceptive Cloudflare-style CAPTCHA pages, marking a notable evolution in social engineering attacks targeting Apple users. Initially tracked as “NukeChain” during threat hunting efforts, the malware’s true identity was confirmed…

Read more →

A China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investigation by Rapid7 Labs, this long-term espionage campaign utilises a highly evasive Linux kernel malware called BPFdoor.  Instead of…

Read more →

Threat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. Insikt Group has tracked five distinct ClickFix activity clusters active since at least May…

Read more →

A new cybercriminal service called “Leak Bazaar” has surfaced on the Russian-speaking TierOne forum, advertised on March 25, 2026, by a user known as Snow of SnowTeam. Unlike traditional data leak sites, Leak Bazaar introduces a more structured approach to…

Read more →

VoidLink is a new Linux rootkit family that combines classic kernel modules with eBPF to hide processes and network activity deep inside modern cloud environments. It targets distributions from CentOS 7 up to Ubuntu 22.04, giving attackers a stealthy way…

Read more →

GhostClaw is a multi-stage macOS infostealer that now abuses both GitHub and AI-assisted development workflows to harvest credentials and deploy secondary payloads, significantly widening its potential victim base. Jamf Threat Labs has since expanded on this work, uncovering at least…

Read more →