XWorm, a multi-functional .NET‑based RAT first observed in 2022, remains actively traded across cybercrime marketplaces and continues to attract both low-skilled and advanced operators thanks to its rich feature set and plugin-based architecture. Once deployed, it enables full remote control…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
CISA Alerts Users to Notepad++ Flaw Allowing Code Execution
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the popular Notepad++ text editor to its Known Exploited Vulnerabilities catalog, warning users of a flaw that could allow attackers to execute malicious code on affected systems.…
CISA Issues Urgent Warning on Microsoft Configuration Manager SQL Injection Vulnerability Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection vulnerability in Microsoft Configuration Manager to its Known Exploited Vulnerabilities (KEV) catalogue. The threat actors are actively exploiting the flaw in the wild. The addition signals immediate…
OysterLoader Evasion Tactics Exposed: Advanced Obfuscation and Rhysida Ransomware Ties Uncovered
OysterLoader, also tracked as Broomstick and CleanUp, is a multi‑stage loader malware written in C++ and actively leveraged in campaigns linked to the Rhysida ransomware group. First highlighted in mid‑2024 during malvertising and SEO‑poisoning campaigns abusing trojanized installers for popular…
next-mdx-remote Vulnerability Allows Arbitrary Code Execution in React SSR
A security vulnerability has been discovered in next-mdx-remote, a popular TypeScript library used for rendering MDX content in React applications. The flaw, tracked as CVE-2026-0969 and identified by researchers at Sejong University, enables attackers to execute arbitrary code on servers…
AI-Driven Phishing and QR Code Quishing Surge in 2025 Spam and Phishing Report
The 2025 spam and phishing landscape shows a sharp rise in AI-generated lures and QR code–based “quishing,” alongside complex malware campaigns abusing cracked games and software to deliver information stealers at scale. These trends highlight how social engineering and multi‑stage…
New ClickFix Attack Wave Targets Windows Systems to Deploy StealC Stealer
A new wave of ClickFix attacks is targeting Windows users with fake Cloudflare-style CAPTCHA verification pages that trick victims into executing malicious PowerShell commands. This campaign delivers a multi-stage, fileless infection chain that ends with StealC, a powerful information stealer…
Zimbra Issues Security Update to Address XSS, XXE, and LDAP Injection Flaws
Zimbra has officially released a critical security update, version 10.1.16, addressing multiple high-severity vulnerabilities that could compromise email infrastructure and user data. The company has classified this patch with a “High” security severity rating, urging administrators to prioritize the upgrade…
BADIIS Malware Targets Over 1,800 Windows Servers in Massive SEO Poisoning Attack
Over 1,800 Windows IIS servers worldwide have been compromised in a large-scale search engine optimization (SEO) poisoning campaign driven by the BADIIS malware, a malicious IIS module used to hijack legitimate web traffic. The operation, tracked by Elastic Security Labs…
BeyondTrust RCE Vulnerability Under Active Exploitation – Urgent Patch Released
BeyondTrust has urgently released security updates to address a critical remote code execution (RCE) vulnerability affecting its widely used Remote Support (RS) and Privileged Remote Access (PRA) products. Designated as CVE-2026-1731, this severe flaw carries a near-maximum CVSS v4 score…
287 Malicious Chrome Extensions Steal Browsing Data from 37.4 Million Users
A new security investigation has uncovered 287 Chrome extensions that appear to secretly send users’ browsing data to remote servers, impacting an estimated 37.4 million installs. That is roughly 1%1% of the global Chrome user base, based on the researchers’ estimate. The researchers built…
ORB Networks Leverages Compromised IoT Devices and SOHO Routers to Mask Cyberattacks
Operational Relay Box (ORB) networks are covert, mesh-based infrastructures used by advanced threat actors to hide the true origin of their cyberattacks. Built from compromised Internet-of-Things (IoT) devices, Small Office/Home Office (SOHO) routers, and rented Virtual Private Servers (VPS), these…
DragonForce Ransomware Group Targets 363 Companies, Expands Cartel-Like Operations Since 2023
DragonForce is a ransomware group that has rapidly evolved into a cartel-style operation, extending its reach across the cybercrime ecosystem since late 2023. Operating under a Ransomware-as-a-Service (RaaS) model, the group now positions itself not just as a single gang,…
SSH Worm Exploit Detected by DShield Sensor Using Credential Stuffing and Multi-Stage Malware
A DShield honeypot sensor recently recorded a complete compromise sequence involving a self-replicating SSH worm that exploits weak passwords to spread across Linux systems. The incident highlights how poor SSH hygiene and the use of default credentials remain among the…
$44 Evilmouse Malware Grants Attackers Full Control of Systems Upon Connection
A new hardware-based threat has emerged that disguises malicious code execution capabilities inside an ordinary computer mouse. Dubbed “EvilMouse,” this covert keystroke injector demonstrates how everyday peripherals can become powerful attack tools for just $44 in parts. EvilMouse operates similarly…
Feiniu NAS Devices Hit in Massive Netdragon Botnet Attack Exploiting Unpatched Vulnerabilities
Feiniu fnOS network-attached storage (NAS) devices have been pulled into a large Netdragon botnet after attackers exploited still-unpatched vulnerabilities, turning home and small‑business storage into infrastructure for DDoS attacks. The malware opens an HTTP backdoor on port 57132, letting attackers…
Rogue VM Linked to Muddled Libra in VMware vSphere Attack, Exposing Critical TTPs
The cybercrime group Muddled Libra (aka Scattered Spider, UNC3944). The contents of this rogue VM and activity from the attack provide valuable insight into the operational playbook of this threat actor. This single VM acted as the attackers’ beachhead, revealing…
HPE Aruba Flaw Exposes Networking Devices to Privilege Escalation and DoS Attacks
HPE Aruba Networking has issued a critical security advisory addressing multiple vulnerabilities in its Private 5G Core Platform that could allow attackers to create unauthorized administrative accounts, disrupt services, and access sensitive system information. The flaws, tracked as CVE-2026-23595, CVE-2026-23596,…
Chrome Security Update Released to Address Code Execution Vulnerabilities
Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux systems, addressing 11 security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, announced on February 10, 2026, will roll out…
Palo Alto Networks Firewall Vulnerability Lets Attackers Trigger Reboot Loops
Palo Alto Networks has disclosed a PAN-OS firewall vulnerability that can let remote attackers force repeated reboots, potentially pushing a device into a “reboot loop” that ends in maintenance mode. Tracked as CVE-2026-0229, the issue sits in the Advanced DNS…