In March 2025, the Ricochet Chollima APT group, widely recognized as APT37 and linked to North Korean state-sponsored operations, launched a targeted spear-phishing campaign against activists focused on North Korean affairs. The threat actors initiated the attack chain via spear-phishing…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
New “Punishing Owl” Hacker Group Targets Networks Linked to Russian Security Agency
A previously unknown threat actor calling itself Punishing Owl has claimed responsibility for breaching a Russian government security agency, marking the emergence of what cybersecurity researchers believe is a new politically motivated hacktivist collective. The attack demonstrated sophisticated operational security…
Russian Hacker Alliance Launches Large-Scale Cyberattack Targeting Denmark
A pro-Russian hacker alliance calling itself “Russian Legion” has issued direct threats against Denmark, warning of large-scale cyberattacks linked to the country’s planned military support to Ukraine. The campaign appears designed to combine disruptive cyber activity with psychological pressure on…
Over 21,000 OpenClaw AI Instances Leak Personal Configuration Data
The open-source AI assistant OpenClaw experienced explosive growth, expanding from approximately 1,000 active instances to over 21,000 in just seven days. Created by Austrian developer Peter Steinberger, the personal AI assistant integrates with email, calendars, smart-home systems, and food-delivery services,…
DynoWiper Malware Targets Energy Firms in Destructive Data-Wiping Attacks
A new data-wiping malware dubbed DynoWiper, deployed against an energy company in Poland in late December 2025. The malware’s tactics, techniques, and procedures closely mirror those observed in earlier ZOV wiper incidents in Ukraine, prompting ESET to attribute DynoWiper to…
Coordinated Cyberattacks Hit 30 Wind and Solar Farms Across Poland
On December 29, 2025, Poland experienced a significant escalation in coordinated cyberattacks targeting critical energy infrastructure. More than 30 wind and photovoltaic farms, a manufacturing company, and a large combined heat and power plant supplying heating to approximately 500,000 customers…
Windows 11 Introduces New Feature to Block Unauthorized Access to System Files
Microsoft has released KB5074105, a critical preview update for Windows 11 versions 25H2 and 24H2 (OS Builds 26200.7705 and 26100.7705), introducing enhanced security mechanisms to prevent unauthorised access to sensitive system files. This non-security update significantly improves the operating system’s…
ShadowHS: New Stealthy Fileless Linux Malware Spreads Automatically
A sophisticated fileless Linux malware framework, ShadowHS, that represents a significant evolution in post-exploitation tooling. Unlike traditional malware binaries, ShadowHS operates entirely in memory and demonstrates advanced operator-driven capabilities designed specifically for long-term persistence in defended enterprise environments. ShadowHS is…
Notepad++ Users Targeted After State-Backed Attackers Hijack Update Servers
Notepad++ fell victim to a sophisticated supply chain attack orchestrated by state-sponsored threat actors who compromised its update infrastructure over a six-month campaign. Security experts have attributed the attack to a Chinese state-backed group based on the highly selective targeting…
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and…
Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes
A widespread ransomware campaign targeting misconfigured MongoDB databases continues to compromise thousands of servers worldwide, with attackers exploiting internet-exposed instances that lack basic authentication controls. Recent research reveals that opportunistic threat actors are leveraging automated scripts to wipe databases and…
Best E-Signature Solutions For Secure Digital Signing In 2026
As digital transactions become the backbone of modern business, secure electronic signatures are no longer optional. In 2026, organizations face increasing risks related to document fraud, identity theft, and regulatory violations. Choosing the right e-signature solution is now a cybersecurity…
Top 10 Best DNS Filtering Solutions 2026
In 2026, the perimeter is gone. Your users are everywhere, and the “castle and moat” security model is obsolete. The most effective way to secure a hybrid workforce is through DNS filtering and Secure Access Service Edge (SASE). These tools…
Metasploit Update Introduces 7 Exploit Modules Affecting Popular Enterprise Platforms
A significant Metasploit Framework update (version 6.4.111) featuring seven new exploit modules that target critical vulnerabilities across widely deployed enterprise systems. This release demonstrates the increasing sophistication of attack chains leveraging authentication bypass vulnerabilities chained with subsequent code execution techniques.…
SCADA Flaw Enables DoS Condition, Impacting Availability of Affected Systems
A vulnerability affecting the Mitsubishi Electric Iconics Suite, a widely deployed supervisory control and data acquisition (SCADA) system used across industrial sectors, including automotive, energy, and manufacturing. The flaw, tracked as CVE-2025-0921, carries a CVSS score of 6.5 (Medium severity)…
Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure
A sophisticated traffic distribution system (TDS) hiding behind education-themed domains. The operation uses bulletproof hosting to deliver phishing pages, scams, and malware files. Analysts triaged a first-stage JavaScript loader from hxxps[:]//toxicsnake-wifes[.]com/promise/script.js. This revealed a commodity cybercrime farm routing victims to…
GhostChat Spyware Targets Android Users Through WhatsApp, Steals Sensitive Data
A sneaky Android spyware called GhostChat, which tricks Pakistan-based users with romance scams via WhatsApp. The malware grabs sensitive data like contacts, photos, and files from victims’ devices. Threat actors pose as dating apps to hook targets. GhostChat mimics a…
Hugging Face Repositories Hijacked For Android RAT Delivery, Bypassing Traditional Defenses
A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads. Attackers combine social engineering, legitimate infrastructure abuse, and Accessibility Services exploitation to gain deep device control, evading hash-based detection through rapid…
Over 200 Magento Stores Compromised In Rootkit Rampage via Zero-Day Exploit
A dangerous wave of attacks exploiting CVE-2025-54236, dubbed “SessionReaper,” in Magento e-commerce platforms. This vulnerability lets attackers bypass authentication by reusing invalid session tokens, paving the way for session hijacking and full server takeovers. Researchers uncovered multiple intrusion campaigns hitting…
TAMECAT PowerShell Backdoor Targets Edge and Chrome: Login Credentials At Risk
TAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers while evading detection. Security researchers from Israel’s National Digital Agency detailed its modular design in recent…