A massive international law enforcement operation has successfully dismantled the command and control infrastructure behind four highly destructive Internet of Things (IoT) botnets. These sprawling networks were responsible for launching record-breaking Distributed Denial of Service (DDoS) attacks against global targets,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
CISA Calls on Organizations to Strengthen Microsoft Intune Security After Stryker Incident
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert calling on organizations to aggressively harden their endpoint management systems. Released on March 18, 2026, the critical warning follows a significant cyberattack against U.S.-based medical technology provider Stryker…
Fake Tools and CDNs Power New “Vibe-Coded” Malware Campaign
‘Vibe coding’ has moved from buzzword to battleground, and a new malware campaign shows how attackers are abusing AI-assisted development to scale their operations with minimal effort. Vibe coding, a term popularized in early 2025 to describe programming by prompting…
Claude Vulnerabilities Allow Data Exfiltration and Malicious Redirect Attacks
Security researchers recently uncovered a critical attack chain within Anthropic’s Claude.ai platform. Dubbed “Claudy Day,” this vulnerability sequence allows attackers to silently extract sensitive user data through prompt manipulation and malicious redirects. The exploit requires no external integrations or specialized…
Pyronut Package Backdoors Telegram Bots With RCE
Malicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both the Telegram session and the underlying host system. The malicious package , pyronut , was uploaded to PyPI as a fake alternative…
Horabot Returns in Mexico, Spreading via Phishing and Email Worm Attacks
Horabot has resurfaced in Mexico with a more complex, multi‑stage kill chain that blends fake CAPTCHA lures, living-off-the-land scripting, and an email worm‑style spreader to deliver a Latin American banking trojan. In this installment of the SOC Files series, our…
OpenWebUI Servers Targeted in Attacks Using AI Payloads to Steal Data
A recent campaign has targeted improperly secured Open WebUI systems, allowing threat actors to deploy malicious artificial intelligence payloads. Open WebUI is a highly popular self-hosted interface designed to enhance large language models. Shodan scans reveal over 17,000 active instances…
CISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning List
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and organizations using the platform must apply the necessary updates by April…
Open VSX Extension Delivers RAT and Stealer via GitHub Downloader
An Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on open-vsx.org and tracked at over 26,000 downloads as of March 17, 2026,…
Aura Confirms Data Breach Exposing 900,000 Customer Records
Digital security provider Aura has confirmed a data breach affecting approximately 900,000 user records following a targeted social engineering attack. The incident highlights the ongoing threat of sophisticated phishing campaigns aimed at bypassing technical defenses by exploiting human elements within…
Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network
A misconfigured open directory on an Iranian server has exposed a live censorship-bypass relay and SSH-based botnet operation, revealing how a single actor stitched together a 15-node network across Iran and Finland using commodity tools and sloppy operational security. The…
ScreenConnect Flaw Lets Hackers Steal Machine Keys and Hijack Sessions
ConnectWise has released a critical security update for its ScreenConnect remote desktop software to address a severe vulnerability that allows attackers to hijack user sessions. The flaw, which compromises the protection of server-level cryptographic material, prompted the company to issue…
WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack
A North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the…
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users. ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family.…
New iOS Exploit Uses Advanced iPhone Hacking Tools to Steal Personal Data
Google Threat Intelligence Group (GTIG) has uncovered a highly sophisticated iOS full-chain exploit dubbed DarkSword. Active since November 2025, this exploit leverages multiple zero-day vulnerabilities to compromise Apple devices running iOS 18.4 through 18.7 fully. DarkSword is highly unusual because…
Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware
Security research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon MadPot network, threat actors compromised enterprise environments for…
FancyBear Server Leak Exposes Stolen Credentials, 2FA Secrets, NATO Targets
FancyBear’s latest operational security failure has exposed a live Russian espionage server packed with stolen credentials, 2FA secrets, and detailed insight into the ongoing targeting of European government and military networks. The exposed infrastructure, tied to APT28/FancyBear and previously reported…
UIDAI Introduces Bug Bounty Program to Strengthen Aadhaar Defenses
The Unique Identification Authority of India (UIDAI) has officially launched its first structured bug bounty program to fortify the Aadhaar system. As the foundation of a massive national identity database, securing Aadhaar requires continuous innovation and rigorous testing. This new…
Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks
Apple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mechanism on March 17, 2026, this targeted patch…
LeakNet boosts ransomware with ClickFix lures, stealthy Deno loader
LeakNet is scaling its ransomware operation by pairing mass-market ClickFix lures with a stealthy Deno-based loader that executes almost entirely in memory, shrinking the window for defenders to intervene. Ransomware operator LeakNet is currently averaging around three victims per month. However, recent…