The secure messaging platform Signal recently confirmed active, targeted phishing campaigns resulting in severe account takeovers. These sophisticated attacks have successfully compromised the accounts of high-profile individuals, specifically targeting government officials and journalists. Despite these high-profile breaches, Signal explicitly clarified…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Chinese APT Campaign Uses Middle East Lures to Target Qatar With PlugX
Chinese state-linked cyber espionage groups are actively exploiting geopolitical tensions in the Middle East to target organizations in Qatar, according to new findings. The campaign began almost immediately after the recent escalation in the region, highlighting how quickly advanced persistent…
GhostClaw Masquerades as OpenClaw in Bid to Plunder Developer Data
A malicious npm package, @openclaw-ai/openclawai, that impersonates the legitimate OpenClaw CLI while quietly deploying a full-featured infostealer and RAT against developers’ machines. Internally branded “GhostLoader,” this threat combines polished social engineering, encrypted payload delivery, and long‑term persistence to exfiltrate almost every…
Anthropic Files Lawsuit Against U.S. Government Over Claude Risk Designation
Anthropic has launched an unprecedented lawsuit against the U.S. government after being designated a “supply chain risk“. The legal action, filed in a California federal court, targets the executive office of President Donald Trump, Defense Secretary Pete Hegseth, and 16…
Hackers Use Microsoft Teams to Manipulate Employees Into Allowing Remote Access
A newly discovered malware operation is targeting employees at finance and healthcare organizations by posing as internal IT support. Once inside, the attackers deploy a stealthy new tool called the A0Backdoor. Cybersecurity researchers at BlueVoyant have identified a threat group,…
Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets
Hackers are abusing a fake CleanMyMac download page to infect macOS users with SHub Stealer. This powerful infostealer drains crypto wallets and hijacks sensitive data. Instead of offering a standard installer, the page shows an “advanced” installation step telling users to…
BoryptGrab Malware Abuses GitHub to Steal Browser and Crypto Wallet Data
A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats, and popular utilities. The malware focuses on stealing browser data, cryptocurrency wallet information, and system details, while…
Vaultwarden Vulnerabilities Enable Privilege Escalation and Data Exposure
Two high-severity vulnerabilities have been discovered in Vaultwarden, a widely used alternative Bitwarden server implementation written in Rust. These security flaws, tracked as CVE-2026-27803 and CVE-2026-27802, allow compromised Manager accounts to bypass authorization checks, escalate privileges, and expose sensitive stored…
Cyber Espionage Group CL-UNK-1068 Linked to China Targets Asian Infrastructure
A highly sophisticated cyber espionage group, designated as CL-UNK-1068, has been actively targeting critical infrastructure across South, Southeast, and East Asia since at least 2020. Originating from China, the threat actors focus on high-value sectors, including aviation, energy, government, law…
Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threats
Iran-linked threat actors are escalating cyber operations against U.S. and allied networks, with Seedworm recently deploying new backdoors against critical infrastructure and high-value organizations amid the current regional conflict. Activity associated with the Iranian APT group Seedworm (aka MuddyWater, Temp…
MaaS VIP Keylogger Campaign Uses Steganography to Steal Credentials at Scale
A large-scale spear-phishing campaign distributing a VIP Keylogger variant sold as Malware-as-a-Service (MaaS). The campaign employs steganography, in-memory execution, and modular payload design to evade defenses while harvesting credentials across browsers, email clients, and collaboration tools. Researchers observed fraudulent purchase-order emails that…
Apache ZooKeeper Flaw Exposes Sensitive Data to Attackers
Apache ZooKeeper, a centralized service used for maintaining configuration information and naming in distributed systems, has received critical security updates. The Apache Software Foundation recently addressed two “Important” severity vulnerabilities that could expose sensitive data and allow server impersonation in…
ClipXDaemon Malware Targets Crypto Users in Linux X11 Sessions
ClipXDaemon is a new Linux malware family that hijacks cryptocurrency clipboard data in X11 sessions, operating fully offline without any command‑and‑control (C2) infrastructure. It reuses a ShadowHS-style loader built with the public bincrypter framework but delivers a completely different, autonomous…
Cybercrime Group in Vietnam Enables Massive Fraudulent Signups
A wave of fraudulent account registrations to a cybercrime ecosystem operating out of Vietnam. These fake accounts are not just spam; they underpin large-scale financial fraud, phishing, and interpersonal scams that erode trust in online platforms. Attackers scripted mass “puppet”…
1-Click ZITADEL Vulnerability Could Allow Full System Takeover
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in ZITADEL, a popular open-source identity and access management platform. Tracked as CVE-2026-29191 with a Critical severity rating, this flaw resides in the platform’s login V2 interface, specifically within the /saml-post endpoint. It…
Nginx UI Vulnerabilities Let Attackers Download Full System Backups
A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups. Tracked as CVE-2026-27944, this vulnerability carries a maximum critical severity score of 9.8 out of 10. The flaw…
Hikvision Multiple Product Vulnerability Could Let Attackers Escalate Privileges
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting multiple Hikvision products to its Known Exploited Vulnerabilities (KEV) catalog. This urgent addition, made on March 5, 2026, serves as a stark warning to network…
ExifTool Vulnerability Lets Malicious Images Trigger macOS Code Execution
ExifTool is a ubiquitous open-source solution for reading, writing, and editing image metadata. It’s the go-to tool for photographers and digital archivists, and is widely used in data analytics, digital forensics, and investigative journalism. Can a computer really get infected…
Transparent Tribe’s ‘Vibeware’ Move Points to AI-Made Malware at Scale
Transparent Tribe (APT36) is moving from traditional, off‑the‑shelf tools to an AI-assisted malware model researchers now call “vibeware,” signaling how large language models are starting to industrialize mediocre but relentless attacks at scale. In its latest campaigns against Indian government…
Critical ExifTool Vulnerability Allows Malicious Images to Execute Code on macOS
Many users believe macOS is inherently resistant to malware, but a newly discovered vulnerability proves otherwise. Kaspersky’s Global Research and Analysis Team (GReAT) recently uncovered a critical flaw, tracked as CVE-2026-3102, within ExifTool. ExifTool is a widely popular open-source application…