Hackers are weaponizing malicious Minecraft Fabric mods to deliver LoaderClient. This stage-one malware loader steals session data and hands it off to the WeedHack stealer through a fileless, blockchain-backed execution chain. The campaign stands out for its use of EtherHiding,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Mini Shai-Hulud Worm Poisons LeoPlatform npm Packages to Steal Developer and CI/CD Secrets
A fresh supply-chain wave tied to the Mini Shai-Hulud, Miasma, and Hades malware families is actively poisoning npm packages in the LeoPlatform and RStreams ecosystems and expanding into source-repository compromises. The intrusion blends registry poisoning, install-time execution via binding.gyp, Bun-staged…
Agentic AI Pentesting Platforms Comparison
Agentic AI transforms Penetration Testing from a periodic consulting practice to a continuous validation discipline. While traditional pentests remain relevant, particularly for complex business logic or regulated environments, the rapid evolution of cloud-native systems necessitates more frequent evaluations. Between formal…
LokiBot Malware Uses API Hashing and 3DES-Encrypted C2 to Hide Infostealer Activity
LokiBot, a long-lived infostealer first advertised in May 2015, continues to evolve. Recent samples demonstrate deliberate attempts to evade static detection and frustrate analysis by combining API hashing with 3DES-encrypted command-and-control (C2) configuration stored inside the binary. The result is…
ManageEngine AD360 Integrated Products Hit by Account Takeover Vulnerability
ManageEngine has disclosed a critical account takeover vulnerability, tracked as CVE-2026-11374, affecting various integrated products within its AD360 identity and access management suite. The flaw affects ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus when used with AD360…
Curl 8.21.0 Released With 18 Security Fixes
The curl project has announced the release of version 8.21.0, marking its 275th release and including a significant security update. This version addresses 18 newly disclosed vulnerabilities, reflecting an unusually high volume of security reports. Project maintainer Daniel Stenberg announced…
Langflow RCE Flaw Lets Attackers Execute Arbitrary Python Code Without Authentication
A critical unauthenticated remote code execution (RCE) vulnerability in Langflow, tracked as CVE-2026-33017, is being actively exploited in the wild within hours of its disclosure. This vulnerability allows attackers to execute arbitrary Python code on exposed instances without any authentication.…
Shai-Hulud Hades Payload Hits 20 Leo/RStreams npm Packages in Fresh Supply Chain Attack
A fresh supply-chain wave by the Shai-Hulud/Hades family that infected 20 npm packages in the Leo/RStreams ecosystem, an AWS-native event streaming SDK widely used for Kinesis, Firehose, Lambda and S3-based pipelines. The malicious releases were detected shortly after publication and,…
Gemini 3.5 Flash Now Supports Agentic Computer Use for Enterprise Automation Tasks
Google has announced a significant enhancement to its AI platform with the release of Gemini 3.5 Flash, which now includes native support for agentic computer use. This new feature enables advanced enterprise automation across web, desktop, and mobile environments. Introduced…
Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins
A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) credential theft. Each domain served an almost identical clone of the AWS console sign-in page and implemented a server-driven flow that…
DPRK-Linked macOS Implant Uses LaunchAgent Persistence and Python Stealer Module
The binary tracked as macOS.Gaslight as a Rust-based macOS implant and infostealer whose most novel features are analyst-directed prompt injection and a hardened Telegram-based command-and-control (C2) channel. We assess with high confidence that macOS.Gaslight aligns with DPRK-linked macOS activity clustered…
Google Chrome Update Patches 18 Security Flaws, Including Critical WebGL and Autofill Vulnerabilities
Google has released Chrome version 149.0.7827.196/197 for Windows and macOS, and version 149.0.7827.196 for Linux. This update addresses 18 security vulnerabilities, including several critical memory safety flaws in the WebGL and Autofill components. The announcement was made on June 23,…
Hackers Use Malicious Chrome Extension to Break Out of Browser Sandbox
A sophisticated malware campaign that combined a phishing lure, an obfuscated Windows JavaScript dropper, a malicious Google Chrome extension and a Native Messaging Host to effectively break the browser sandbox and execute arbitrary PowerShell commands on infected Windows machines. The…
Microsoft WinRE Vulnerability Allows Hackers to Bypass UEFI/BIOS Password Enforcement
A newly disclosed vulnerability in the Microsoft Windows Recovery Environment (WinRE) could allow attackers to bypass UEFI and BIOS password protections, exposing systems to unauthorized access even when firmware-level security controls are active. This issue, tracked under CERT/CC VU#226679 and…
Alibaba Accused of Illicitly Accessing Claude AI Models Using 25,000 Fraudulent Accounts
Anthropic has accused the Chinese technology conglomerate Alibaba of orchestrating a large-scale, coordinated operation to extract capabilities from its Claude AI models illegally. The company describes this incident as the largest adversarial distillation attack recorded to date. The allegations, outlined…
OpenClaw Supply Chain Risk Lets Attackers Abuse AI Agent Authority for Unauthorized Actions
OpenClaw’s agentic marketplace, ClawHub, was designed to accelerate AI-driven workflows by letting third-party “skills” extend an AI agent’s capabilities. Those skills are markdown-driven packages with broad local access, and that design choice made ClawHub a critical and sensitive link in…
Cisco Catalyst SD-WAN Manager Zero-Day Exploited to Gain Root Access via Malicious CSV Upload
Cisco Catalyst SD-WAN Manager instances are currently being targeted in a zero-day exploitation campaign that allows attackers to escalate their privileges to root through a malicious CSV upload mechanism. Mandiant reported this information on June 24, 2026. The vulnerability, identified…
Europol Disrupts Cybercrime-as-a-Service Networks Used for Ransomware and Financial Fraud
Europol, in collaboration with global law enforcement agencies and private sector partners, has successfully disrupted a significant cybercrime-as-a-service (CaaS) infrastructure used for ransomware deployment and financial fraud. This effort, part of Operation Endgame, was announced on June 24, 2026, and…
StrikeShark Campaign Uses New SharkLoader Malware to Deploy Cobalt Strike Beacon
During a recent investigation into activity affecting a diplomatic mission in Indonesia, researchers uncovered a previously undocumented loader family they named SharkLoader. What began as an isolated incident rapidly expanded into a multi-country campaign tracked as StrikeShark where SharkLoader consistently…
Agentic Red-Team Tools Flaws Let Hackers Steal API Keys, Escape Sandboxes, and Compromise Hosts
Agentic red-team tools designed for autonomous offensive security operations are themselves vulnerable, allowing attackers to steal API keys, weaponize the agents, escape sandboxes, and fully compromise the hosts that run them. A new academic study by Arxiv presents the first…