Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack

OceanLotus APT has executed a precision supply‑chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market‑data component. Telemetry collected from mid‑2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long‑running espionage intrusion…

GoFlateLoader Hides Infostealers in Massive PE Overlay

GoFlateLoader, a widespread Golang loader that has become a go-to delivery mechanism for multiple infostealers including Lumma, Vidar, StealC, Amatera and Remus. GoFlateLoader’s design is intentionally unspectacular: its code implements a straightforward in-memory manual PE loader, lacking anti-debugging, anti-VM, API…

Attackers Exploit Critical Langflow Flaw for Remote Code Execution

Attackers have begun actively exploiting a high-severity vulnerability in Langflow, tracked as CVE-2026-5027, which enables remote code execution via a path traversal flaw in the platform’s file upload functionality. The issue, disclosed by Tenable under advisory TRA-2026-26, affects the POST /api/v2/files endpoint,…

Weaponized DMG Files Deliver macOS Infostealer Malware

A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are leveraging convincing, branded DMG installers and social-engineering tricks to bypass Gatekeeper and trick users into executing…

BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems

A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in mid-to-late March 2026 and suspected to target Israeli entities, BLUERABBIT implements a full-spectrum intrusion framework:…

Hackers Use Residential Proxies Networks to Evade Detection

The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer networks.  Follow‑up analysis of billions of DNS resolutions across Infoblox Threat Defense Cloud customers reveals a…

Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader

Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in turn deploys a Havoc Demon implant in memory. TRU attributes both operations to a previously unreported…

PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability

A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM/arm64 environments. The flaw, dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem…

Ivanti Command Injection Flaw Exploited After PoC Code Release

Ivanti Sentry is facing active exploitation attempts following the public release of proof-of-concept (PoC) code targeting a critical OS command injection vulnerability tracked as CVE-2026-10520. The flaw, along with a second critical issue (CVE-2026-10523), was disclosed by Ivanti on June…

73 Microsoft Packages Weaponized in Password Stealer Attack

GitHub disabled 73 repositories across four Microsoft organizations Azure, Azure-Samples, microsoft, and MicrosoftDocs inside a 105-second window. Each repo now shows GitHub’s “This repository has been disabled. Access to this repository has been disabled by GitHub Staff due to a…