Cybercriminals are exploiting India’s tax season by launching sophisticated phishing campaigns that impersonate the Income Tax Department to deliver dangerous malware to unsuspecting taxpayers. The malicious operation uses fake assessment notices and tax compliance warnings to trick victims into downloading…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Researchers Warn macOS textutil, KeePassXC Can Fuel Automation Attacks
Researchers are warning that widely trusted local tools such as macOS’s textutil and KeePassXC can pose unexpected security risks when used within automated workflows. The issue is not traditional vulnerabilities such as memory corruption or code execution, but how normal…
Linux ELF Malware Generator Evades ML Detection With Semantic-Preserving Changes
As Linux continues to dominate high-performance computing, cloud services, and Internet of Things (IoT) devices, it has become a prime target for cybercriminals. However, while much research has focused on manipulating Windows executables to bypass security, the Linux Executable and…
Itron Discloses Data Breach After Hackers Access Internal Systems
Itron, Inc., a leading smart metering and energy infrastructure technology company, has disclosed a cybersecurity incident after an unauthorized third party gained access to certain of its internal systems, according to a Form 8-K filing submitted to the U.S. Securities…
OpenClaw Flaws Expose Systems to Policy Bypass Attacks
OpenClaw, a rapidly adopted open-source autonomous AI agent framework, has released critical security updates to address three moderate-severity vulnerabilities. Found in npm package versions before 2026.4.20, these complex flaws expose systems to severe policy bypasses, unauthorized local configuration modifications, and…
North Korean Hackers Target Pharma Firms with Malware-Laced Excel Attacks
North Korean state-backed hackers are using weaponized Excel-themed files to infect pharmaceutical and life science companies with malware, abusing Windows shortcut files, PowerShell, and cloud storage for stealthy data theft. The campaign begins with highly tailored spear‑phishing emails sent to…
Critical Gemini CLI Flaw Raises Supply Chain Security Concerns
Google has rolled out urgent security updates for its Gemini CLI and the accompanying GitHub Action to address a critical vulnerability. Tracked as GHSA-wpqr-6v78-jr5g, this flaw exposes continuous integration and continuous deployment (CI/CD) pipelines to Remote Code Execution (RCE) attacks.…
NPM Worm Hits Namastex Packages, Steals Secrets Across Registries
A newly uncovered npm malware campaign is targeting packages linked to Namastex Labs, abusing developer trust to steal sensitive secrets and silently spread across both npm and PyPI ecosystems. The malicious activity centers on Namastex.ai, a company that promotes AI…
ClickFix Attack Swaps PowerShell for Cmdkey, Remote Regsvr32 Payloads
A newly identified ClickFix attack variant is raising concerns among cybersecurity researchers after it was observed replacing traditional PowerShell-based delivery with a stealthier technique leveraging native Windows utilities. The infection begins with a familiar ClickFix tactic: a phishing page disguised…
Nessus Agent Windows Flaw Enables SYSTEM-Level Code Execution
Tenable has disclosed a high-severity security vulnerability in its Nessus Agent software for Windows that could allow attackers to execute malicious code with full SYSTEM-level privileges. The flaw, tracked as CVE-2026-33694, has been patched in the newly released Nessus Agent version 11.1.3.…
Vidar Malware Conceals Payloads in JPEG, TXT Files to Evade Detection
Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses. First observed in 2018, Vidar now operates as a mature Malware‑as‑a‑Service (MaaS) with…
Suspicious Microsoft Store App Vibing.exe Allegedly Harvests Screens and Audio
A recently discovered application called Vibing.exe has raised major privacy and security alarms after researchers caught it stealthily recording user screens and audio. Originally available on the Microsoft Store as an AI productivity interface, the app was pulled in late…
Fast16 Malware Targets High-Value Systems With Sabotage Capabilities
A previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consists…
Metabase Enterprise RCE Flaw Now Has Public Proof-of-Concept Exploit
Security researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary files on targeted systems. The…
Attackers Chain CODESYS Vulnerabilities to Backdoor Applications
Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a backdoored version. Ultimately,…
GPT-5.5 Bio Bug Bounty Program Aims to Improve AI Safety and Performance
OpenAI has officially launched the GPT-5.5 Bio Bug Bounty program to strengthen safeguards against emerging biological risks. As artificial intelligence models become more advanced, the potential for malicious actors to generate dangerous biological information increases. Advanced persistent threats (APTs) and…
Hackers Exploit Agent ID Administrator Role to Hijack Service Principals
A severe scoping vulnerability was recently discovered in Microsoft Entra ID’s new Agent Identity Platform. The security flaw allowed users assigned the Agent ID Administrator role to hijack arbitrary service principals across an organization’s tenant, leading to potential privilege escalation.…
Hackers Exploit Cisco Firepower N-Day Flaws for Unauthorized Access
A state-sponsored threat actor known as UAT-4356 is actively exploiting known vulnerabilities in Cisco Firepower devices to deploy a sophisticated custom backdoor. UAT-4356 exploited two n-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362m affecting Cisco’s Firepower eXtensible Operating System (FXOS). These flaws allowed the threat actor to gain…
Fake CAPTCHA Scam Triggers Costly SMS Fraud
Hackers are abusing fake CAPTCHA pages to run a silent but lucrative international SMS fraud scheme, turning routine “prove you’re human” checks into a revenue engine built on international revenue share fraud (IRSF). Attackers set up lookalike and scam domains…
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers
A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks…