Two concurrent espionage campaigns by Mustang Panda targeting Indian government and energy-sector organisations, deploying a novel malware suite that includes SHARDLOADER, MINIRECON and ZOHOMURK. The intrusions, observed in June 2026, focused on hydropower entities and government offices engaged in MOUs…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Malicious Chromium Extension Spoofs Perplexity AI to Hijack Browser Searches
A malicious Chromium extension that impersonated the Perplexity AI brand to intercept browser searches and capture keystrokes before delivering users to legitimate search results. The extension, listed as “Search for perplexity ai” (ID flkebkiofojicogddingbdmcmkpbplcd, version 2.2), used Manifest V3 capabilities,…
Mistic Malware Blends Into Microsoft Endpoint Components Using Malicious EndpointDlp.dll
A newly identified Windows backdoor, dubbed Mistic, that has been observed in intrusions since April 2026 and appears designed for stealthy, long-term access. The malware uses DLL sideloading, in-memory execution, and self-deletion to blend into enterprise environments and minimize forensic…
Splunk Secure Gateway RCE Vulnerability Lets Low-Privileged Attackers Execute Arbitrary Code
A newly disclosed high-severity vulnerability in Splunk Secure Gateway (SSG) allows low-privileged authenticated users to achieve remote code execution (RCE) on affected systems, significantly increasing the attack surface for enterprise Splunk deployments. This vulnerability, tracked as CVE-2026-20251, has been assigned…
STOCKSTAY Malware Uses WebSocket C2, RSA Encryption, and Environmental Keying for Stealth
Analysis of a .NET backdoor tracked as STOCKSTAY exposes a mature, modular espionage implant actively developed and deployed by the Russia-linked Turla cluster since at least December 2022. STOCKSTAY demonstrates several operational techniques designed to maximize stealth and survivability: secure…
ClawHavoc Attack Hits ClawHub With 1,184 Malicious Skills and 247,000 Installations
The AI-agent ecosystem experienced its largest supply-chain compromise to date when ClawHavoc detonated across ClawHub, the official skill marketplace for OpenClaw. Our full AIG-powered scan of nearly 50,000 ClawHub Skills found 1,184 clearly malicious packages tied to 12 compromised publisher…
Critical Hoppscotch Vulnerability Lets Attackers Overwrite JWT_SECRET and Forge Admin Tokens
A critical security vulnerability, identified as CVE-2026-50160, has been discovered in the self-hosted Hoppscotch backend. This vulnerability allows unauthenticated attackers to overwrite sensitive configuration values, including the JWT signing secret, which can ultimately lead to a complete administrative takeover of…
Critical Dell Wyse Management Suite Vulnerabilities Let Attackers Execute Remote Code
Dell Technologies has disclosed several critical vulnerabilities in its Wyse Management Suite (WMS) that could enable remote attackers to execute arbitrary code and fully compromise affected systems. Identified under advisory DSA-2026-225, these flaws affect WMS versions prior to 5.5 HF1…
New Windows Injection Technique Hijacks Win32k Callback Dispatch to Execute Shellcode
A newly documented injection technique abuses the kernel-to-user callback dispatch path used by the Windows graphical subsystem (win32k.sys) to achieve remote code execution while leaving the KernelCallbackTable structurally intact. Rather than replacing a KernelCallbackTable entry with a shellcode pointer, the…
Langflow RCE Vulnerability Exploited to Deploy Monero Cryptominer on Exposed AI Servers
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow, to compromise internet-exposed AI application servers and silently deploy a customized Monero (XMR) cryptominer. Tracked and documented by Trend Micro researchers Simon Dulude and…
AI-Generated Mythic Agents Challenge Static Signatures and Traditional Implant Detection
The emergence of LLM-driven “disposable tooling” is reshaping offensive tradecraft and forcing defenders to rethink detection models that rely on static signatures and known implant behaviors. Recent experiments demonstrating the automated generation of Mythic agents from prompt to deployment reveal…
FBI and CISA Warn Russian Hackers Stealing Verification Codes and Account PINs From Signal Users
U.S. cybersecurity authorities have issued a new warning about Russian intelligence-linked threat actors targeting secure messaging platforms, specifically highlighting the increased risk for Signal users. These threat actors are employing sophisticated phishing campaigns designed to steal verification codes and account…
Microsoft 365 Apps RCE Vulnerability Lets Attackers Execute Code via Malicious Excel Files
A newly disclosed remote code execution (RCE) vulnerability in Microsoft 365 Apps is raising concerns in enterprise environments. Attackers can exploit malicious Excel documents to execute arbitrary code on target systems. This vulnerability, tracked as CVE-2025-60727, arises from an out-of-bounds…
Critical Google Gemini CLI Flaw Lets Attackers Execute Code on Headless CI Platforms
A critical vulnerability has been identified in Google’s Gemini CLI and the associated run-gemini-cli GitHub Action. This flaw exposes headless continuous integration (CI) platforms to potential host-level code execution when processing untrusted workspaces. It is tracked as CVE-2026-12537, with the…
Ghostwriter Hackers Use Real-Time WebSocket Relay to Bypass SMS and OTP MFA
UNC1151 tracked by many as Ghostwriter or FrostyNeighbor has advanced a credential-phishing technique that uses a real-time WebSocket relay to defeat SMS and OTP-based multi-factor authentication (MFA). The method was observed in a recent campaign that targeted Belarusian politician Yury…
DOJ Seizes Nearly 400 Domains Used for Illegal World Cup Streaming and Malware Threats
The U.S. Department of Justice (DOJ) has announced the seizure of nearly 400 internet domains used to stream FIFA World Cup 2026 matches illegally. This operation represents one of the largest coordinated anti-piracy enforcement actions related to a global sporting…
Millenium RAT Uses Base64 and XOR Configuration to Hide Telegram C2 Settings
Millenium RAT version 4.* exposes a compact but potent evolution: the malware has migrated from .NET to native C++, while retaining a stealthy Telegram-based command-and-control (C2) model that requires no bespoke server infrastructure. The sample set and telemetry analyzed by…
China’s Zhipu AI Model GLM-5.2 Detects Software Vulnerabilities Like Claude Mythos
Zhipu AI’s newly released GLM-5.2 model is attracting significant attention from the cybersecurity community due to its vulnerability detection capabilities, which are comparable to those of Anthropic’s restricted Claude Mythos system. This development raises new concerns about the effectiveness of…
DCloud Uni-App Framework Powers 236,000+ Scam Domains Across Global Fraud Economy
DCloud Uni-App has become a mass-production layer for fraud, with more than 236,000 distinct scam domains tied to a sprawling ecosystem of fake exchanges, wallet drainers, phishing portals, and investment schemes. The scale matters because it shows scam operations are…
Rokarolla Uses Fake Google Play Protect App to Target Banking and Cryptocurrency Users
Rokarolla, a sophisticated Android banking trojan distributed via malicious websites that masquerade as trusted applications such as TikTok, Google Chrome and even Google Play Protect. Unlike simple credential stealers, Rokarolla is a multi-functional fraud platform that targets at least 217…