Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Zero-Click Agentic AI Attack Bypasses Human Oversight

Taxonomy of Failure Modes in Agentic AI Systems v2.0 published in April 2026, the field received more than a classification update: it got operational guidance grounded in a year of real-world red teaming that exposed how quickly agentic AI systems…

Malicious Python Package Mimics Parsimonious Parser

A sophisticated typosquatting attack targeting Python developers through a malicious package named “parsimonius” on the Python Package Index (PyPI). The rogue package was engineered to impersonate the legitimate parsimonious parsing library, a well-known tool for building recursive descent parsers in…

VECT 2.0 Ransomware Breaks Files Beyond Its Own Recovery

VECT 2.0 ransomware can leave victims with files that even the attacker’s own decryptor cannot reliably restore. While researchers previously exposed a cross-platform design flaw that discards nonces for earlier parts of large files, our Windows-focused analysis shows additional implementation…

Fake Ghidra, dnSpy & SpiderFoot Sites Used to Spread Malware

Hackers are abusing search results and professional-looking fake download portals to distribute malware by impersonating popular security tools like Ghidra, dnSpy, and SpiderFoot. These sites capture users’ first click on a “Download” button and silently hand it to a traffic…

Malicious Ads Target macOS Users with FlutterShell Backdoor

Hackers are leveraging large-scale malvertising campaigns to distribute a newly identified macOS backdoor dubbed FlutterShell, marking a significant evolution in financially motivated adware operations. Security researchers tracking the activity attribute it to a broader cluster known as CL-CRI-1089 and have…

Fake Claude Code Installer Spreads Fileless .NET Infostealer

Hackers are actively abusing interest in AI development tools by launching a sophisticated SEO poisoning campaign that impersonates Anthropic’s Claude Code installation flow to deliver a fully fileless .NET infostealer, according to researchers at Howler Cell. The campaign targets users…

Comodo Internet Security 0-Day Flaw Triggers Windows System Crashes

A remotely exploitable zero-day vulnerability in Comodo Internet Security’s kernel-level firewall driver allows attackers to crash Windows systems with a single IPv6 packet, and the vendor has yet to respond. Security researcher Marcus Hutchins publicly disclosed a critical zero-day vulnerability…

IronWorm npm Attack Steals Developer Secrets

A newly uncovered supply chain attack dubbed “IronWorm” is leveraging malicious npm packages to compromise developer environments, steal sensitive credentials, and propagate itself across repositories in a worm-like fashion. The campaign, identified in the wild, targets software developers with a…

Proofpoint: TA4922 Deploys New RAT and Loader Arsenal

A rapidly evolving threat cluster tracked as TA4922, a Chinese-speaking cybercriminal actor deploying a diverse and expanding malware arsenal that now includes Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT. The group is notable for its high operational tempo, shifting tactics, and…