Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Okta Under Attack as Hackers Skip Phishing for Identity Systems

Hackers are shifting away from email phishing and are directly targeting Okta and other identity providers using voice‑based social engineering, or “Okta vishing.” This trend turns what used to be a single account compromise into an immediate, organization‑wide cloud data…

APT41 Targets Linux Cloud Servers With New Winnti Backdoor

A previously undocumented Linux backdoor attributed to China-linked threat group APT41 (Winnti) has been uncovered, targeting cloud workloads across AWS, GCP, Azure, and Alibaba Cloud. The ELF-based implant, currently showing zero detections on VirusTotal, transforms Linux servers into stealthy credential theft nodes using a…

Fake Proxifier GitHub Installer Spreads ClipBanker Crypto Malware

Hackers are abusing a fake Proxifier installer hosted on GitHub to deliver a multi‑stage ClipBanker malware that silently hijacks cryptocurrency transactions from infected systems. The campaign combines search‑engine poisoning, trojanized installers, and fileless techniques to stay under the radar while…

Top 10 Best Single Sign-On (SSO) Vendors For Enterprises in 2026

In the fast-evolving digital landscape of 2026, enterprises grapple with an ever-growing number of applications and services. Employees, partners, and customers interact with a multitude of platforms daily, often leading to “password fatigue” a phenomenon where users juggle countless credentials,…

GitHub and Jira Alerts Hijacked for Trusted-SaaS Phishing

Hackers are abusing GitHub and Jira’s built‑in notification systems to send phishing emails that appear completely legitimate. Because these emails are sent from the platforms’ own mail servers, they pass standard checks like SPF, DKIM, and DMARC, making them very…

Iran-Linked CyberAv3ngers Target Water Utilities, Industrial Controllers

Iran-linked threat group CyberAv3ngers is intensifying attacks on U.S. water utilities and industrial control systems, shifting from noisy hacktivism to sustained disruption of operational technology (OT) environments. CyberAv3ngers operates as a state-directed persona for Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC),…

VIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader Chain

Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi‑stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Lib\. This special Python module…

Apache Tomcat Flaws Enable EncryptInterceptor Bypass

The Apache Software Foundation has released critical security updates for Apache Tomcat to address three newly disclosed vulnerabilities. Because Apache Tomcat is a widely deployed open-source web server, these flaws pose a significant risk to many enterprise environments. The newly…

WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass

A newly disclosed vulnerability, tracked as CVE-2026-1492, has been identified in the User Registration & Membership plugin for WordPress, exposing websites to critical authentication bypass and privilege escalation risks. Affecting versions up to 5.1.2, the vulnerability allows remote attackers to gain full administrative…

EDR Killers Broaden Ransomware Tactics, ESET Warns

Ransomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts, anti‑rootkits, and driverless techniques. The company’s latest telemetry-backed study tracks almost 90 distinct EDR killers actively used in the wild. It…

Adobe Fixes Actively Exploited Zero-Day in Acrobat Reader

Adobe has released an emergency security update to address a critical zero-day vulnerability in Acrobat and Reader for Windows and macOS. According to Adobe’s APSB26-43 bulletin, the flaw is currently being exploited in the wild, prompting a Priority 1 rating…