Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Data loss prevention (DLP) refers to technology and techniques for detecting and preventing unauthorized access, use, disclosure, or destruction of sensitive data. DLP solutions are designed to monitor and control access to sensitive information by identifying, classifying, and protecting sensitive…

Read more →

Microsoft has rolled out a critical Setup Dynamic Update, designated as KB5081494, for Windows 11 versions 24H2 and 25H2. Released on March 26, 2026, this patch introduces essential improvements to Windows setup binaries. The core objective of this release is…

Read more →

A financially motivated cybercrime group known as TeamPCP is actively exploiting poorly secured cloud environments using a self-propagating malware called “CanisterWorm.” The campaign targets exposed Docker APIs, Kubernetes clusters, Redis servers, and known vulnerabilities like React2Shell to gain unauthorized access,…

Read more →

Cybersecurity researchers are warning organizations about imminent cyberattacks targeting a newly disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances. Threat intelligence firms watchTowr and Defused Cyber have uncovered active reconnaissance campaigns targeting CVE-2026-3055, a severe flaw that allows…

Read more →

Major cybersecurity stocks took a steep dive on Friday after news broke that Anthropic is testing a highly capable new artificial intelligence model. Codenamed “Mythos” under the broader “Capybara” testing tier, this new AI possesses advanced capabilities for discovering complex…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited flaw in F5 BIG-IP systems. The vulnerability has been officially added to the Known Exploited Vulnerabilities (KEV) catalog, signaling that threat actors are successfully…

Read more →

VoidLink shows that AI-assisted malware is now a mature, operational tool rather than a lab experiment, compressing what once required a full team into days of work by a single developer. At the same time, threat actors are cautiously testing…

Read more →

A new wave of malicious browser extensions is quietly harvesting sensitive user interactions with AI tools, in a growing threat now dubbed “prompt poaching.” The rise of AI assistants in everyday browsing has created a usability gap. Most users interact…

Read more →

BlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi‑stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built‑in tools such as certutil.exe, heavily…

Read more →

Open VSX, the extension marketplace used by VS Code forks such as Cursor and Windsurf, recently fixed a critical vulnerability in its newly introduced pre-publish scanning pipeline that could allow malicious extensions to bypass security checks and go live undetected.…

Read more →

The European Commission has confirmed a cybersecurity incident affecting its cloud-based infrastructure after attackers gained access to an Amazon Web Services (AWS) account hosting parts of the Europa.eu platform. According to an official statement, the compromised infrastructure supported the Commission’s…

Read more →

The Internet Systems Consortium (ISC) has released critical security advisories addressing three new vulnerabilities in the widely used BIND 9 Domain Name System (DNS) software suite. If left unpatched, remote attackers could exploit these weaknesses to bypass access control lists,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targets continuous integration and continuous…

Read more →

A threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to coincide with the country’s busy tax-filing and corporate restructuring season. The campaign focuses heavily on manufacturers and enterprises that are…

Read more →

The FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers successfully compromised two widely used developer tools, creating a cascading security incident for organizations building artificial…

Read more →

Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility. Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentially grant threat actors unauthorised remote access to…

Read more →

A South Asian financial institution has been hit by a custom malware toolkit combining a modular backdoor, dubbed BRUSHWORM, and a DLL side‑loaded keylogger known as BRUSHLOGGER.  The attackers relied on a backdoor initially named paint.exe and a keylogger masquerading as libcurl.dll,…

Read more →

A multi-cluster cyberespionage operation in which attackers used USB-propagated malware, multiple RATs, loaders, and a custom stealer to target a Southeast Asian government organization between June and August 2025. Analysts initially observed USB-borne malware dubbed USBFect (also known as HIUPAN), which spreads…

Read more →

Microsoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as CVE-2026-20817. This flaw allows a local attacker with standard user rights to escalate to SYSTEM privileges by exploiting improper permission…

Read more →

A sharp rise in PXA Stealer campaigns targeting global financial institutions during the first quarter of 2026. The activity marks a notable shift in the infostealer landscape, with PXA Stealer filling the gap left by the takedowns of major malware…

Read more →