Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A DShield honeypot sensor recently recorded a complete compromise sequence involving a self-replicating SSH worm that exploits weak passwords to spread across Linux systems. The incident highlights how poor SSH hygiene and the use of default credentials remain among the…

Read more →

A new hardware-based threat has emerged that disguises malicious code execution capabilities inside an ordinary computer mouse. Dubbed “EvilMouse,” this covert keystroke injector demonstrates how everyday peripherals can become powerful attack tools for just $44 in parts. EvilMouse operates similarly…

Read more →

Feiniu fnOS network-attached storage (NAS) devices have been pulled into a large Netdragon botnet after attackers exploited still-unpatched vulnerabilities, turning home and small‑business storage into infrastructure for DDoS attacks.​ The malware opens an HTTP backdoor on port 57132, letting attackers…

Read more →

The cybercrime group Muddled Libra (aka Scattered Spider, UNC3944). The contents of this rogue VM and activity from the attack provide valuable insight into the operational playbook of this threat actor. This single VM acted as the attackers’ beachhead, revealing…

Read more →

HPE Aruba Networking has issued a critical security advisory addressing multiple vulnerabilities in its Private 5G Core Platform that could allow attackers to create unauthorized administrative accounts, disrupt services, and access sensitive system information. The flaws, tracked as CVE-2026-23595, CVE-2026-23596,…

Read more →

Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux systems, addressing 11 security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, announced on February 10, 2026, will roll out…

Read more →

Palo Alto Networks has disclosed a PAN-OS firewall vulnerability that can let remote attackers force repeated reboots, potentially pushing a device into a “reboot loop” that ends in maintenance mode. Tracked as CVE-2026-0229, the issue sits in the Advanced DNS…

Read more →

A critical vulnerability in the popular WPvivid Backup & Migration plugin is putting more than 800,000 WordPress websites at risk of complete takeover through remote code execution (RCE) attacks. Tracked as CVE-2026-1357 and rated 9.8 on the CVSS scale, the…

Read more →

A newly discovered malicious NPM package, dubbed duer-js , is being used to distribute an advanced information‑stealing malware that primarily targets Windows systems and Discord users. Published by the user “luizaearlyx”, the package contains a custom infostealer calling itself “bada stealer”, and…

Read more →

Lazarus Group’s latest software supply chain operation is using fake recruiter lures and popular open‑source ecosystems to deliver malware to cryptocurrency‑focused developers quietly. The campaign, dubbed graphalgo, abuses GitHub, npm, and PyPI to hide multi‑stage payloads behind seemingly legitimate coding tasks…

Read more →

A new fingerprinting technique called “Adbleed” reveals that VPN users aren’t as anonymous as they think. While VPNs hide your IP address and encrypt traffic, they can’t conceal which country-specific adblock filter lists are installed in your browser and that’s…

Read more →

Fake CAPTCHA attacks are now a key entry point for a new wave of LummaStealer infections, with CastleLoader loaders turning simple web clicks into full system compromise. Less than a year after a major law-enforcement takedown, the infostealer’s operators have…

Read more →

A dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical…

Read more →

A new era of AI vulnerability has arrived, and it is far more dangerous than simply tricking a chatbot into saying something rude. New research released this week demonstrates how attackers can weaponize everyday tools such as Google Calendar and…

Read more →

Threat actors are abusing legitimate remote monitoring tools to hide inside corporate networks and launch ransomware attacks. Net Monitor for Employees Professional is a commercial workforce monitoring tool by NetworkLookout that offers remote screen viewing, full remote control, file management,…

Read more →

Apple has released emergency security updates for iOS and iPadOS to fix a critical “zero-day” vulnerability that hackers are actively using in attacks. The flaw, tracked as CVE-2026-20700, was discovered by Google’s Threat Analysis Group and is described by Apple as…

Read more →

Microsoft released its latest security update, KB5075912, for Windows 10 on February 10, 2026, providing critical protections for users enrolled in the Extended Security Updates (ESU) program. This update addresses urgent security vulnerabilities and system issues. At the same time,…

Read more →

A newly exposed malware framework, VoidLink, is reshaping how attackers manage implants across modern cloud and enterprise environments. Cisco Talos has now linked this framework to a threat actor tracked as UAT-9921, highlighting how on-demand compilation, modular plugins, and early…

Read more →

Microsoft has disclosed a new zero-day vulnerability in the MSHTML Framework that allows attackers to bypass security features, posing significant risks to organizations worldwide. Tracked as CVE-2026-21513, this vulnerability was released on February 10, 2026, and has already been exploited…

Read more →

Microsoft has disclosed a zero-day vulnerability in Microsoft Office Word that allows attackers to bypass security protections. Identified as CVE-2026-21514, this security flaw was officially documented on February 10, 2026, and poses significant risks to users worldwide. Vulnerability Overview CVE-2026-21514 is…

Read more →