Mozilla released Firefox 149.0 to the Release channel, bringing a significant set of privacy and security enhancements to the browser. The standout feature of this update is the integration of a free, built-in VPN designed to protect users on public…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Linux Ransomware Pay2Key Targets Servers, Virtualization Hosts, and Cloud Workloads
Linux-focused ransomware Pay2Key is actively targeting enterprise servers, VMware ESXi virtualization hosts, and cloud workloads, underscoring how far Linux ransomware has evolved beyond simple file lockers. Originally known for fast, human-operated Windows intrusions against Israeli and Brazilian organizations, Pay2Key has re-emerged…
SmartApeSG ClickFix Campaign Spreads Remcos, NetSupport RAT, StealC, Sectop RAT
A recent SmartApeSG campaign observed on March 24, 2026, highlights the growing sophistication of ClickFix-based attack chains, which deliver multiple remote access trojans (RATs) and information stealers through a staged infection process. The infection begins with the ClickFix technique, where…
Hackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account Access
A critical vulnerability dubbed “PolyShell” is actively being exploited across Magento and Adobe Commerce platforms. Discovered by the Sansec Forensics Team and published on March 17, 2026, this flaw allows unauthenticated attackers to upload executable files via the platform’s REST…
F5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 File
F5 has disclosed a high-severity vulnerability (CVE-2026-32647) in the NGINX ngx_http_mp4_module that allows attackers execute arbitrary code or cause a denial-of-service (DoS) using crafted MP4 files. This flaw impacts NGINX Plus and NGINX Open Source deployments where the MP4 streaming module is…
ClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top Skill
Silverfort researchers recently uncovered a critical security flaw in ClawHub, the main public registry for the OpenClaw agent ecosystem. This vulnerability allowed attackers to artificially boost download numbers, pushing malicious code to the top of the search results. This created…
New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours
New research is shedding light on how infostealer malware turns a single careless click into full-blown credential exposure on dark web marketplaces in less than 48 hours far faster than traditional breach detection timelines. Unlike database breaches that take weeks…
Kali Linux 2026.1 Launches With 8 New Hacking Tools for Penetration Testers
Offensive Security has officially released Kali Linux 2026.1, marking the first major update of the year for the popular penetration testing distribution. Building on the foundation of the 2025.4 release, this new version introduces a comprehensive visual refresh, a nostalgic…
AI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub Repos
A large-scale malware operation abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but trojanized repositories. The campaign, tracked as “TroyDen’s Lure Factory,” spans more than 300 delivery packages and uses AI-assisted lures…
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
Five malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them directly to a hardcoded Telegram bot. Each package typosquats or wraps a legitimate crypto library and funnels stolen private keys…
FCC Blocks New Foreign Consumer Router Models Citing Serious Security Risks
On March 23, 2026, the Federal Communications Commission (FCC) officially updated its Covered List to ban all new consumer-grade routers produced in foreign countries from receiving equipment authorisation. This regulatory action, driven by a White House-convened Executive Branch interagency determination,…
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy & KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious…
Google Authenticator’s Hidden Passkey Design May Expose New Passwordless Attack Vectors
Google’s passkey ecosystem quietly depends on a powerful cloud-side component that changes where “passwordless trust” actually lives and that shift could open new avenues for account takeover in the real world. Most passkey discussions focus on WebAuthn and FIDO specs,…
HackerOne Confirms Employee Data Stolen Following Linked Navia Hack
HackerOne, a leading vulnerability coordination and bug bounty platform, has officially confirmed a data breach impacting its employees. The security incident did not occur directly on HackerOne’s internal network or infrastructure. Instead, the sensitive data was exposed through a targeted…
Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity
A sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silently exfiltrate sensitive credentials. While Aqua’s commercial products remain completely unaffected, the…
SQL Server Ransomware Attacks: How They Work and How to Harden Your Database
Key Takeaways ● Documented SQL Server attacks have moved from initial access to ransomware deployment within the hour when exposure is high and defenses are absent — but attack timelines vary widely depending on privileges, host controls,…
DarkSword Exploit Chain Leaked Online, Posing Risk to Millions of iPhones
Security researchers have confirmed that the sophisticated iOS exploit chain known as DarkSword is now accessible outside of its original threat actor groups. Recently, security researcher @matteyeux successfully achieved kernel read/write access on an iPad mini 6th generation running iOS…
Tycoon2FA Operators Resume Cloud Account Phishing Following Infrastructure
Tycoon2FA operators have resumed large-scale cloud account phishing just days after law enforcement and industry partners disrupted the platform’s core infrastructure, underscoring the resilience of phishing-as-a-service (PhaaS) ecosystems and the limits of infrastructure-only takedowns. Authorities in Latvia, Lithuania, Portugal, Poland,…
Dell Wyse Management Flaws Could Lead to Full System Compromise
Security researcher Aleksandr Zhurnakov from PT Security has discovered a critical exploit chain in Dell Wyse Management Suite. By combining seemingly minor logic flaws, an attacker can achieve unauthenticated remote code execution. This attack targets the On-Premises version of the…
TeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes Wiper
CanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it lands on systems configured for Iran. The campaign reuses the same Internet Computer Protocol (ICP) canister C2 and backdoor infrastructure…