The Python-based remote access trojan ModeloRAT and a newly observed stealth backdoor, dubbed Backdoor.Mistic, to activity consistent with an initial access broker (IAB) operation that facilitates ransomware deployments. Mistic first seen in April 2026 and publicized by Zscaler as MLTBackdoor…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Android Malware Campaign Uses Fake Document Reader App with 100K Google Play Downloads
Android Malware Campaign Uses Fake Document Reader App with 100K Google Play Downloads tracks a fresh Anatsa campaign that abused trust in a seemingly useful document-reader app to reach a large install base before its payload was activated. The malicious…
Grafana Confirms TanStack npm Supply Chain Attack Led to GitHub Repository Cloning
Grafana Labs has confirmed that a recent supply chain attack involving the TanStack npm ecosystem resulted in the cloning of its internal GitHub repositories. However, it did not compromise customer production systems or the Grafana Cloud platform. This disclosure follows…
Hackers Use Microsoft Teams-Themed Lures to Deploy Legitimate Remote Access Software
An active phishing campaign that impersonates Microsoft Teams to trick victims into downloading a legitimately signed remote access tool (RAT) preconfigured for unauthorized access. Attackers deliver Teams-themed lures notifications about meeting transcripts, missed recordings, or “download transcript” prompts linking to…
Payouts King Initial Access Broker Deploys Edgecution Malware Through Malicious Edge Extension
A concerted campaign by an initial access broker with ties to the Payouts King ransomware ecosystem that leverages a novel browser-based delivery technique to establish persistent host-level control. The actor deploys a malicious Microsoft Edge extension dubbed “Edgecution” which abuses…
PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability
A proof-of-concept exploit has been released for CVE-2026-45502, a server-side request forgery (SSRF) vulnerability in the Microsoft Exchange Server’s Exchange Web Services (EWS) InstallApp operation. This vulnerability poses risks to organisations that have not yet deployed the security updates from…
Fable 5 AI Model Builds Bootable Windows Kernel in Rust in Just 38 Minutes
A newly released AI model, Claude Fable 5, has made a significant advancement in autonomous systems programming by generating a bootable Windows NT-style kernel in Rust in just 38 minutes. The project, titled ntoskrnl-rs, began as an empty repository and…
Webmin Stored XSS Vulnerability Lets Attackers Exploit Root Users
A newly disclosed stored cross-site scripting (XSS) vulnerability in Webmin has raised significant security concerns, as it allows attackers with limited privileges to target and potentially compromise root users. This vulnerability, tracked as CVE-2026-22678, affects Webmin versions before 2.641 and…
Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access
Cisco has disclosed a critical server-side request forgery (SSRF) vulnerability affecting its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). This vulnerability could enable unauthenticated remote attackers to write files to the underlying…
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload
A targeted malware distribution campaign that abuses a counterfeit Indian Income Tax Department assessment notice to deliver a multi-stage Remote Access Trojan (RAT)-style payload. The threat actors hosted a fake tax-assessment portal on harivo[.]vip and used social-engineering lures official branding,…
Hackers Abuse UI Spoofing and Hidden iFrames to Push Malicious Installer Downloads
A sophisticated Browser-in-the-Browser (BitB) campaign that combines UI spoofing, concealed iframes and multiple anti-analysis checks to coerce victims into manually installing malware. The operation uses highly convincing fake browser windows layered over legitimate pages to simulate stalled document loads and…
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID…
Samsung KNOX Kernel Flaw Exposes Galaxy Devices to Memory Corruption Attacks
Samsung has addressed a critical kernel vulnerability in its KNOX security framework that puts millions of Galaxy devices at risk of memory-corruption attacks, potentially allowing full device compromise. This issue, tracked as CVE-2026-20971, was discovered by LucidBit Labs and affects…
GTA 6 Early Access Scam Uses Fake VIP Pages to Steal Cryptocurrency Payments
A fresh wave of scam websites is exploiting the fevered anticipation for Grand Theft Auto VI, offering “VIP early access” in exchange for cryptocurrency payments and delivering nothing in return. These pages are carefully designed to look legitimate neon Vice…
Bajaj Auto Discloses Ransomware Cyberattack Impacting Company and Technology Unit
Bajaj Auto has reported a ransomware attack that affected its internal systems and those of its wholly owned subsidiary, Bajaj Auto Technology Ltd (BATL). This incident highlights the growing threat of cyberattacks targeting major manufacturing and automotive organizations. The attack…
CISA Adds Ubiquiti UniFi OS Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities affecting Ubiquiti UniFi OS to its Known Exploited Vulnerabilities (KEV) catalog. This highlights the increasing risk to both enterprise and small-office network environments that rely on this…
Anthropic Launches Claude Tag AI Agent for Slack to Automate Enterprise Team Workflows
Anthropic has launched “Claude Tag,” a new AI agent capability designed to integrate seamlessly into Slack and automate workflows for enterprise teams. This announcement, made on June 23, 2026, signifies a growing synergy between collaborative platforms and autonomous AI systems.…
Dropping Elephant Hackers Use China-Themed Loader Chain to Deploy In-Memory RAT
A sophisticated campaign by the actor tracked as “Dropping Elephant” that uses a China-themed decoy document and a heavily reworked, in-memory remote access trojan (RAT). The intrusion chain combines classic living-off-the-land techniques with modern in-memory execution: an LNK shortcut spawns…
Five Eyes Agencies Warn AI Is Accelerating Cyber Threats and Zero-Day Exploitation
The Five Eyes cyber security agencies have issued a joint warning that artificial intelligence is rapidly accelerating cyber threats, including the exploitation of zero day vulnerabilities, and urged organizations to act immediately. In a statement released on June 22, 2026,…
LastPass Customer Data Exposed in Klue Supply Chain Attack Using Stolen OAuth Tokens
A security incident involving the third-party platform Klue has resulted in unauthorized access to limited customer data in LastPass. The breach occurred after attackers compromised OAuth tokens associated with enterprise integrations. This incident, disclosed by LastPass, underscores the ongoing risks…