A South Asian financial institution has been hit by a custom malware toolkit combining a modular backdoor, dubbed BRUSHWORM, and a DLL side‑loaded keylogger known as BRUSHLOGGER. The attackers relied on a backdoor initially named paint.exe and a keylogger masquerading as libcurl.dll,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hackers Deploy USB Malware, RATs, and Stealers in Southeast Asian Government Attacks
A multi-cluster cyberespionage operation in which attackers used USB-propagated malware, multiple RATs, loaders, and a custom stealer to target a Southeast Asian government organization between June and August 2025. Analysts initially observed USB-borne malware dubbed USBFect (also known as HIUPAN), which spreads…
Windows Error Reporting Vulnerability Exposes Systems to Privilege Escalation, Allowing SYSTEM Access
Microsoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as CVE-2026-20817. This flaw allows a local attacker with standard user rights to escalate to SYSTEM privileges by exploiting improper permission…
Phishing ZIP Files Used to Deploy PXA Stealer Targeting Financial Firms
A sharp rise in PXA Stealer campaigns targeting global financial institutions during the first quarter of 2026. The activity marks a notable shift in the infostealer landscape, with PXA Stealer filling the gap left by the takedowns of major malware…
ISC Issues Critical Warning Over Kea DHCP Vulnerability That Could Remotely Crash Services
The Internet Systems Consortium (ISC) has released a critical security advisory addressing a high-severity vulnerability in its Kea DHCP server software. Kea is a modern, high-performance DHCP server widely used by enterprise networks and internet service providers to manage network…
Fake Cloudflare CAPTCHA Pages Deliver Infiniti Stealer Malware on macOS
A newly discovered macOS infostealer dubbed Infiniti Stealer is being actively distributed through deceptive Cloudflare-style CAPTCHA pages, marking a notable evolution in social engineering attacks targeting Apple users. Initially tracked as “NukeChain” during threat hunting efforts, the malware’s true identity was confirmed…
Hackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent Access
A China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investigation by Rapid7 Labs, this long-term espionage campaign utilises a highly evasive Linux kernel malware called BPFdoor. Instead of…
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware
Threat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. Insikt Group has tracked five distinct ClickFix activity clusters active since at least May…
Leak Bazaar Converts Stolen Corporate Data Into Organized Criminal Marketplace
A new cybercriminal service called “Leak Bazaar” has surfaced on the Russian-speaking TierOne forum, advertised on March 25, 2026, by a user known as Snow of SnowTeam. Unlike traditional data leak sites, Leak Bazaar introduces a more structured approach to…
VoidLink Rootkit Leverages eBPF and Kernel Modules to Stealthily Infiltrate Linux Systems
VoidLink is a new Linux rootkit family that combines classic kernel modules with eBPF to hide processes and network activity deep inside modern cloud environments. It targets distributions from CentOS 7 up to Ubuntu 22.04, giving attackers a stealthy way…
GhostClaw AI Malware Targets macOS Users with Credential-Stealing Payloads
GhostClaw is a multi-stage macOS infostealer that now abuses both GitHub and AI-assisted development workflows to harvest credentials and deploy secondary payloads, significantly widening its potential victim base. Jamf Threat Labs has since expanded on this work, uncovering at least…
CISA Issues Urgent Warning on Langflow Code Injection Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical code-injection vulnerability in Langflow. Tracked as CVE-2026-33017, this severe security flaw has been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog following verified evidence…
Silver Fox Tax Audit Phishing Campaign Shifts from RATs to Python Stealers
Threat intelligence teams have tracked Silver Fox (also known as Void Arachne), a China-based intrusion set that sits at the intersection of financially motivated cybercrime and APT-style espionage. Originally associated with large-scale, profit-driven campaigns, the group has steadily adopted more…
Critical NVIDIA Vulnerabilities Risk Remote Code Execution and Denial-of-Service Attacks
NVIDIA has recently published its March 2026 security bulletins, addressing a wave of newly discovered vulnerabilities across its hardware and software ecosystems. The technology giant has urged organizations to immediately evaluate their environments and apply the necessary corrective actions to…
Critical Ivanti EPMM Vulnerabilities Expose Systems to Arbitrary Code Execution Attacks
In February 2026, threat actors actively exploited two critical remote code execution (RCE) vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). A recent incident response investigation by WithSecure’s STINGR Group revealed that attackers used highly automated methods to exfiltrate sensitive data…
Torg Grabber Malware Shifts from Telegram Exfiltration to Encrypted REST API for C2
A fast-evolving information‑stealing malware dubbed “Torg Grabber” that has shifted from simple Telegram‑based exfiltration to a hardened, encrypted REST API command‑and‑control (C2) channel fronted by Cloudflare. The operation surfaced when a 747 KB 64‑bit sample initially tagged as Vidar was…
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack
Fake screenshot links are being used to quietly deploy a multi‑stage backdoor against Web3 customer support teams, in a campaign assessed to be linked to the Chinese financially motivated group APT‑Q‑27 (GoldenEyeDog). The operation abuses live chat workflows, signed .NET…
IDrive for Windows Vulnerability Allows Attackers to Escalate Privileges and Gain Unauthorized Access
A critical security flaw has been identified in the IDrive Cloud Backup Client for Windows, exposing users to local privilege escalation attacks. Tracked as CVE-2026-1995, this vulnerability allows authenticated, low-privilege attackers to execute arbitrary code with the highest system permissions,…
Preventing Account Takeovers: A Practical Guide to Detection and Response
Yesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driven by bots that replay stolen credentials and infostealer malware that sidesteps multi-factor prompts. The fallout, billions in fraud losses,…
Kiss Loader Malware Targets with Early Bird APC Injection in New Attack Campaign
A newly identified malware loader dubbed “Kiss Loader” is emerging as a potential threat, leveraging advanced process injection techniques and dynamic delivery infrastructure. The loader, still under active development at the time of discovery, demonstrates a blend of stealth, modular…