The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical code-injection vulnerability in Langflow. Tracked as CVE-2026-33017, this severe security flaw has been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog following verified evidence…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Silver Fox Tax Audit Phishing Campaign Shifts from RATs to Python Stealers
Threat intelligence teams have tracked Silver Fox (also known as Void Arachne), a China-based intrusion set that sits at the intersection of financially motivated cybercrime and APT-style espionage. Originally associated with large-scale, profit-driven campaigns, the group has steadily adopted more…
Critical NVIDIA Vulnerabilities Risk Remote Code Execution and Denial-of-Service Attacks
NVIDIA has recently published its March 2026 security bulletins, addressing a wave of newly discovered vulnerabilities across its hardware and software ecosystems. The technology giant has urged organizations to immediately evaluate their environments and apply the necessary corrective actions to…
Critical Ivanti EPMM Vulnerabilities Expose Systems to Arbitrary Code Execution Attacks
In February 2026, threat actors actively exploited two critical remote code execution (RCE) vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). A recent incident response investigation by WithSecure’s STINGR Group revealed that attackers used highly automated methods to exfiltrate sensitive data…
Torg Grabber Malware Shifts from Telegram Exfiltration to Encrypted REST API for C2
A fast-evolving information‑stealing malware dubbed “Torg Grabber” that has shifted from simple Telegram‑based exfiltration to a hardened, encrypted REST API command‑and‑control (C2) channel fronted by Cloudflare. The operation surfaced when a 747 KB 64‑bit sample initially tagged as Vidar was…
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack
Fake screenshot links are being used to quietly deploy a multi‑stage backdoor against Web3 customer support teams, in a campaign assessed to be linked to the Chinese financially motivated group APT‑Q‑27 (GoldenEyeDog). The operation abuses live chat workflows, signed .NET…
IDrive for Windows Vulnerability Allows Attackers to Escalate Privileges and Gain Unauthorized Access
A critical security flaw has been identified in the IDrive Cloud Backup Client for Windows, exposing users to local privilege escalation attacks. Tracked as CVE-2026-1995, this vulnerability allows authenticated, low-privilege attackers to execute arbitrary code with the highest system permissions,…
Preventing Account Takeovers: A Practical Guide to Detection and Response
Yesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driven by bots that replay stolen credentials and infostealer malware that sidesteps multi-factor prompts. The fallout, billions in fraud losses,…
Kiss Loader Malware Targets with Early Bird APC Injection in New Attack Campaign
A newly identified malware loader dubbed “Kiss Loader” is emerging as a potential threat, leveraging advanced process injection techniques and dynamic delivery infrastructure. The loader, still under active development at the time of discovery, demonstrates a blend of stealth, modular…
Fake npm Install Messages Conceal RAT Malware in New Open Source Supply Chain Attack
Fake npm install messages are the latest social engineering trick in the open source supply chain, with attackers abusing npm post‑install scripts to silently deploy a crypto‑stealing remote access trojan (RAT) in what ReversingLabs is calling the “Ghost campaign.” By…
Synology DiskStation Manager Vulnerability Puts Users at Risk of Remote Command Execution Attacks
Synology has issued an urgent security update for its DiskStation Manager (DSM) software to address a critical vulnerability. If left unpatched, this flaw could allow unauthenticated remote attackers to execute arbitrary commands on affected network-attached storage (NAS) devices. Tracked under…
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Aqua Security’s vulnerability scanner, Trivy, suffered a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, leveraged prior incomplete remediation to inject credential-stealing malware into official releases. This incident, tracked as CVE-2026-33634, successfully weaponized a trusted security tool…
LeakBase Forum Admin Arrested by Russian Authorities in Global Cybercrime Operation
Russian law enforcement agencies have successfully apprehended the suspected administrator of LeakBase, a prominent international cybercrime forum. The arrest, executed by officers from the Russian Ministry of Internal Affairs (MVD) alongside regional security services in Rostov, marks a significant disruption…
Fake VS Code Security Alerts on GitHub Spread Malware in Massive Phishing Attack
A large-scale phishing campaign is actively targeting developers on GitHub by abusing the platform’s Discussions feature to distribute fake Visual Studio Code (VS Code) security alerts. The campaign appears highly coordinated, with thousands of near-identical posts discovered across multiple repositories,…
Node.js Releases Urgent Patches for Multiple Vulnerabilities Exposing Systems to DoS and Crashes
The Node.js project issued a critical security update for its Long-Term Support (LTS) branch, marking version 20.20.2 ‘Iron’ as a security release. This urgent patch addresses seven distinct vulnerabilities impacting TLS error handling, HTTP/2 flow control, cryptographic timing, and permission…
Cisco Secure Firewall Vulnerability Exposes Systems to Remote Code Execution by Attackers
Cisco has released critical security updates to address a maximum-severity vulnerability affecting its Secure Firewall Management Center (FMC) Software. Tracked under the identifier CVE-2026-20131, this flaw carries a perfect CVSS base score of 10.0 and allows unauthenticated, remote attackers to…
China-Backed Hackers Target Southeast Asian Military Systems in Ongoing Spy Campaign
China-linked threat actors have been identified targeting Southeast Asian military networks in a long-running cyber espionage campaign focused on intelligence collection and operational surveillance. The activity, tracked as CL-STA-1087, demonstrates a highly disciplined approach that combines custom malware, stealth techniques,…
Obfuscated VBS and PNG Loaders Power New Open Directory Malware Campaign with RAT Payloads
A sophisticated, multi-stage delivery framework leveraging obfuscated Visual Basic Script (VBS) files, fileless PowerShell loaders, and payloads hidden within PNG images. The activity was initially detected by LevelBlue’s Managed Detection and Response (MDR) SOC through a SentinelOne alert involving a…
GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise
A critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnerability stems from hardcoded default credentials that remain active unless manually altered by an administrator. Harbor functions as an open-source,…
Mirai Botnets Evolve Into Major DDoS and Proxy Abuse Threats
Mirai-based botnets have evolved from simple IoT malware into large-scale DDoS and proxy abuse platforms that now underpin record-breaking attacks and stealthy cybercrime operations. In total, over 21,000 C2 servers were observed between July and December 2025, with a notable…