Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The “ClickFix” tactic, which typically tricks users into copying and pasting malicious scripts to “fix” a fake browser error, has undergone significant evolution.…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Hide Malware in Emoji-Based Code to Bypass Security Defenses
Hackers are increasingly abusing emoji and other Unicode tricks to hide malicious code, bypass filters, and evade modern security controls, including AI-powered defenses. This emerging technique, known as emoji or Unicode smuggling, turns harmless-looking characters into stealth carriers for commands, data, and…
Stealthy Crypto-Mining Malware Jumps Air-Gaps, Spreads via External Drives
Cryptojacking, the unauthorized use of a victim’s computing resources to mine cryptocurrency, has transitioned from a browser-based nuisance (typified by Coinhive scripts) to a system-level threat utilizing advanced malware techniques. The infection chain starts with a familiar lure: cracked “premium”…
OpenAI Launches EVMbench: A New Framework to Detect and Exploit Blockchain Vulnerabilities
OpenAI has collaborated with crypto investment firm Paradigm to release EVMbench, a new benchmark designed to evaluate how artificial intelligence agents interact with smart contract security. As smart contracts currently secure over $100 billion in open-source crypto assets, the ability…
New Threat Emerges as Attackers Leverage Grok and Copilot to Evade Security Monitoring
Researchers at Check Point Research (CPR) have uncovered a novel technique where cybercriminals utilize popular AI platforms like Grok and Microsoft Copilot to orchestrate covert attacks. This method transforms benign AI web services into proxies for Command and Control (C2)…
Researchers Expose DigitStealer C2 Infrastructure Targeting macOS Users
DigitStealer’s expanding command-and-control (C2) footprint is exposing more of its backend than its operators likely intended, giving defenders fresh opportunities to track and block new infrastructure linked to the macOS‑targeting infostealer. Unlike many popular stealers, it does not expose a…
Microsoft 365 Copilot Vulnerability Exposes Sensitive Emails Through AI Summaries
A security flaw in Microsoft 365 Copilot is currently causing the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, essentially bypassing configured Data Loss Prevention (DLP) policies. This vulnerability exposes potentially sensitive organizational data to unauthorized…
Critical MCP Server Enables Arbitrary Code Execution and Sensitive Data Exfiltration
MCP servers can silently turn AI assistants into powerful attack platforms, enabling arbitrary code execution, large‑scale data exfiltration, and stealthy user manipulation across both local machines and cloud environments. New research and recent real‑world incidents show that this emerging ecosystem…
OpenClaw AI Framework v2026.2.17 Adds Anthropic Model Support Amid Credential Theft Bug Concerns
OpenClaw, the open-source autonomous AI assistant that has gained widespread adoption in early 2026, released version v2026.2.17 on February 17, 2026, introducing support for Anthropic’s latest Claude Sonnet 4.6 model. The release comes amid growing security concerns after researchers documented…
Cryptocurrency Scams in Asia Combine Malvertising and Pig Butchering, Causing Losses Up to ¥10 Million
A rising wave of cryptocurrency scams sweeping across Asia is blending two major fraud techniques malvertising and pig butchering to create a more deceptive and scalable attack model. The scams begin with malvertising, where attackers run ads impersonating well‑known financial experts or promoting…
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in the Wild, Targeting Corporate Networks
Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, are being actively exploited to compromise enterprise mobile fleets and corporate networks. Both are remote code execution (RCE) vulnerabilities that allow unauthenticated attackers to run…
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations
Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise‑wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side‑loading, and dual malware families…
ClawHavoc Infects OpenClaw’s ClawHub with 1,184 Malicious Skills, Exposing Data Theft Risks
A large-scale supply chain poisoning campaign dubbed ClawHavoc has hit OpenClaw’s official skill marketplace, ClawHub, with at least 1,184 malicious “Skills” historically published on the platform. The incident highlights how fast-growing AI agent ecosystems can become high-value malware distribution channels when plugins…
ClickFix Exploits Homebrew Workflow to Deploy Cuckoo Stealer for macOS Credential Theft
ClickFix is being weaponized against macOS developers by turning a trusted Homebrew workflow into a stealthy delivery channel for a new infostealer dubbed Cuckoo Stealer. The campaign shows how attackers can skip exploit chains entirely and instead rely on users…
Palo Alto Networks to Acquire Koi Security for Enhanced Agentic Endpoint Security
Palo Alto Networks announced on February 17, 2026, that it has entered a definitive agreement to acquire Koi Security, a pioneer in Agentic Endpoint Security. The acquisition aims to address a critical security gap created by AI agents and tools…
Malware Campaign Targets Crypto Users with Fake MetaMask Wallet and Remote Access Backdoor
An aggressive malware campaign targeting IT professionals in cryptocurrency, Web3, and AI to steal sensitive data and live crypto funds from victim wallets. The attackers pose as recruiters and use trojanized coding tasks to deliver two core malware families, BeaverTail…
CISA Flags Actively Exploited Windows Video ActiveX Control RCE in KEV List
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This specific security flaw, identified as CVE-2008-0015, impacts the Windows Video ActiveX Control and allows for remote…
New SysUpdate Variant Malware Discovered, Decryption Tool for Linux C2 Traffic Released
A new Linux malware sample that strongly aligns with the SysUpdate malware family used by APT27/Iron Tiger. Initially detected on a client’s system, the binary behaved like a system service and executed the GNU/Linux id command when run without specific arguments, returning…
MetaMask Users Targeted by Phishing Emails with Fake Security Report to Bypass Detection
A new phishing campaign is targeting MetaMask users with cleverly crafted emails designed to trick recipients into enabling a fake Two-Factor Authentication (2FA) setup. The lure includes a forged “security report” PDF meant to mimic a legitimate notification about unusual…
Foxveil Malware Loader Uses Cloudflare, Netlify, and Discord to Bypass Detection
A new malware loader, dubbed Foxveil, that abuses trusted platforms such as Cloudflare Pages, Netlify, and Discord to stage and deliver malicious payloads while evading traditional detection methods. Active since at least August 2025, the loader is used as an…