Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

ResidentBat is a custom Android spyware implant used by the Belarusian KGB to turn seized smartphones into long‑lived surveillance platforms against journalists and civil society targets. Operating outside the Play Store ecosystem and requiring hands‑on installation, it combines deep data…

Read more →

Every so often, a new piece of malware emerges that truly shifts the threat landscape. Oblivion, a newly discovered Android Remote Access Trojan (RAT), appears to be one such moment. Unlike recycled or buggy Remote Access Trojan (RATs) seen across underground…

Read more →

Hydra Saiga is running a long-running espionage campaign that abuses Telegram as command-and-control (C2) to infiltrate critical utilities in Central Asia and exfiltrate sensitive data from government and infrastructure networks. The first known Hydra Saiga activity dates to December 2024,…

Read more →

Security researchers have released a new Proof of Concept (PoC) for a vulnerability in the Windows Common Log File System (CLFS) driver. The flaw, identified as CVE-2026-2636, allows low-privileged users to force a system into a Blue Screen of Death…

Read more →

Infostealers continue to dominate the initial access landscape in 2026, driving breaches through scalable credential theft. Among these, DarkCloud has emerged as a major threat, illustrating how low-cost, commercialized malware is reshaping enterprise compromise dynamics worldwide. Despite being promoted as “surveillance software,”…

Read more →

Anthropic has unveiled a significant update to its Claude Code platform, introducing a new “Remote Control” feature. This capability allows developers to manage terminal sessions directly from their smartphones or remote web browsers, bridging the gap between desktop development and…

Read more →

Firefox has launched a major update to help protect web applications from Cross-Site Scripting (XSS) attacks. With the release of Firefox 148, Mozilla introduces the new standardized Sanitizer API, making it the first browser to ship this built-in security tool.…

Read more →

Offensive security operations are evolving with a new method for running Kali Linux. By combining Kali with Anthropic’s Claude AI via the Model Context Protocol (MCP), security analysts can now execute penetration testing tools using simple natural language. This moves…

Read more →

A newly surfaced Remote Access Trojan (RAT) named Stealer is rapidly gaining traction across cybercrime networks, fueling a fresh wave of double-extortion incidents against enterprise targets. It offers features such as HVNC (Hidden Virtual Network Computing) monitoring and banking application bypass capabilities once reserved for advanced, custom-built…

Read more →

Google and its partners have disrupted a major Chinese state-linked cyber espionage campaign that breached at least 53 telecommunications and government entities across 42 countries on four continents. The operation, led by Google Threat Intelligence Group (GTIG) alongside Mandiant and…

Read more →

Cisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.​…

Read more →

Hackers can repurpose the Cortex XDR Live Terminal feature as a stealthy, EDR‑trusted command‑and‑control (C2) channel, effectively turning a built‑in response tool into a “living off the land” backdoor on protected endpoints. This abuse leverages the agent’s trusted communications and…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The vulnerability affects FileZen, a file-sharing and data transfer product developed by Japanese…

Read more →

SolarWinds has released a critical security update for its Serv-U file transfer software, patching four vulnerabilities that could allow attackers to execute arbitrary code with root-level privileges on affected servers. All four flaws carry a CVSS score of 9.1, placing…

Read more →

Cybercriminals have launched a convincing phishing operation by building a fake Avast website designed to steal credit card information from unsuspecting visitors. The fraudulent page mimics Avast’s official portal almost perfectly, complete with the genuine Avast logo pulled directly from…

Read more →

SURXRAT is an actively developed Android Remote Access Trojan (RAT) sold as a commercial malware-as-a-service (MaaS) on Telegram, giving attackers full device control and powerful data‑stealing capabilities. It combines large‑scale affiliate distribution, cloud‑hosted command‑and‑control, and even experimental AI modules, making…

Read more →

Threat actors recently abused a critical Apache ActiveMQ vulnerability to gain deep access to a Windows environment, eventually deploying LockBit ransomware over RDP. The attack shows how failing to patch CVE-2023-46604 can give adversaries repeat access and time to turn an initial…

Read more →

OAuth consent attacks in Microsoft Entra ID are giving threat actors a stealthy path to cloud email, and even trusted apps like ChatGPT can become a vehicle if permissions are abused. In this hypothetical case, a user in an Entra…

Read more →

Microsoft has warned that threat actors are weaponizing malicious Next.js repositories to compromise developers through what appear to be legitimate projects and recruiting‑style technical assessments. The campaign abuses normal workflows in Visual Studio Code and Node.js to reach a staged…

Read more →

The United States Department of the Treasury has taken decisive action against a network of exploit brokers responsible for trafficking stolen government cyber tools. On February 24, 2026, the Office of Foreign Assets Control designated Russian national Sergey Zelenyuk and…

Read more →