Hackers are actively exploiting a critical vulnerability in TBK digital video recorder (DVR) devices to deploy a new Mirai-based botnet called Nexcorium. The campaign leverages CVE-2024-3721, an OS command injection vulnerability, highlighting how poorly secured IoT devices continue to fuel…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
iTerm2 Flaw Turns SSH Escape Sequences Into Arbitrary Code Execution
In the cybersecurity community, we often assume that simply reading a text file using a command like cat is a perfectly safe operation. However, security researchers have recently demonstrated that doing so inside the popular iTerm2 macOS terminal emulator can cross the…
Microsoft-Signed Malware Built With FUD Crypt Packs Persistence and C2
Hackers are abusing a service called FUD Crypt to generate fully undetected, Microsoft‑signed malware that installs persistence and connects to a dedicated command‑and‑control (C2) platform with zero effort on the buyer’s part. This Malware‑as‑a‑Service (MaaS) offering turns ordinary payloads into…
MiningDropper Spreads Infostealers, RATs, Banking Malware on Android
Hackers are abusing a modular Android framework called MiningDropper to mine cryptocurrency and silently install infostealers, remote access trojans (RATs), and banking malware on infected devices. MiningDropper is a multi-stage Android dropper that combines crypto-mining with the delivery of additional malware payloads,…
Windows 11 Dev Build Introduces Improved Secure Boot Oversight and Storage Security
Microsoft has rolled out Windows 11 Insider Preview Build 26300.8170 to the Dev Channel, bringing crucial updates for system security and storage management. Announced by the Windows Insider Program Team on April 10, 2026, this release delivers enhanced oversight for…
JanaWare Ransomware Hits Turkish Users via Tailored Adwind RAT
A newly analyzed ransomware campaign dubbed “JanaWare” is targeting users in Turkey by leveraging a customized version of the Adwind Remote Access Trojan (RAT). The campaign combines stealthy delivery techniques, geographic restrictions, and polymorphic malware to evade detection while maintaining…
NSA Confirms Use of Anthropic’s Mythos Despite Pentagon Blacklist
The National Security Agency (NSA) is actively using Anthropic’s highly restricted “Mythos” artificial intelligence model, despite the developer currently being on the Department of Defense (DoD) blacklist. According to recent intelligence reports highlighted by the International Cyber Digest, the NSA…
ZionSiphon Hits Israeli Water Systems With OT Sabotage Malware
ZionSiphon is a newly analyzed Operational Technology (OT) malware strain designed to target Israeli water treatment and desalination facilities, with a clear emphasis on sabotage rather than simple IT disruption. Darktrace’s investigation found that ZionSiphon restricts itself to hardcoded IPv4…
British Hacker Admits Stealing Millions in Virtual Currency From Targeted Companies
A 24-year-old British national, Tyler Robert Buchanan, has pleaded guilty to orchestrating a massive cyberattack campaign that compromised over a dozen U.S. companies and resulted in the theft of at least $8 million in cryptocurrency. According to a Friday announcement…
QEMU Hijacked as Stealth Backdoor for Credential Theft, Ransomware
Attackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulator and virtualizer that allows running full operating systems…
Public Notion Pages Expose Editors’ Profile Photos and Email Addresses
A significant data exposure issue has been brought to light regarding Notion, a highly popular productivity and note-taking application. This exposure happens without requiring any authentication, cookies, or access tokens, leaving thousands of indexable company wikis and personal pages vulnerable…
Critical Gardyn Flaws Open Smart Garden Devices to Remote Hijacking
A recently updated advisory from the Cybersecurity and Infrastructure Security Agency (CISA) has revealed severe vulnerabilities in Gardyn Home Kit systems. These critical flaws carry a maximum CVSS score of 9.3 and could allow malicious actors to hijack smart gardening…
Vercel Reports Data Breach Amid Claims of Compromised Internal Infrastructure
According to a recent security bulletin published by Vercel, the cloud platform company has suffered a data breach involving unauthorized access to its internal infrastructure. The incident, which was updated on April 20, 2026, highlights the growing risks associated with…
NIST Adopts Risk-Based NVD Model as CVE Submissions Jump 263% Since 2020
According to a recent announcement from the National Institute of Standards and Technology (NIST), the agency is fundamentally restructuring how it manages the National Vulnerability Database (NVD). Driven by a massive 263% increase in Common Vulnerabilities and Exposures (CVE) submissions…
Fake Helpdesk Attack Uses Teams and Quick Assist to Breach Targets
Attackers are increasingly abusing Microsoft Teams and Windows Quick Assist to run a helpdesk‑themed social engineering attack chain that leads to full enterprise compromise and stealthy data theft. By impersonating IT support and relying on legitimate tools and protocols, adversaries can move…
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by…
Nexcorium Mirai Variant Weaponises TBK DVR Vulnerability in Fresh IoT Botnet Push
A newly discovered Mirai malware variant named Nexcorium is actively targeting unpatched Internet of Things (IoT) devices. According to recent threat research from FortiGuard Labs, attackers are exploiting a severe vulnerability in TBK DVR systems to build a massive botnet…
TP-Link Routers Hit by Mirai in CVE-2023-33538 Attacks
Hackers are actively scanning for vulnerable TP-Link home routers to push Mirai-style malware, abusing CVE-2023-33538 in a new wave of automated attacks. While the current exploit attempts are technically flawed, researchers warn that the underlying bug is real and dangerous…
SEO Poisoning Attack Uses Microsoft Binary to Install RMM Tool
New research has exposed a search engine poisoning campaign that delivers a trojanized TestDisk installer, abuses a Microsoft-signed binary for DLL sideloading, and silently deploys the ScreenConnect remote monitoring and management (RMM) client for hands-on keyboard access. The rogue domain…
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor…