no alarms and no surprises please..

Weaponized DMG Files Deliver macOS Infostealer Malware A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are… Delivered by PolitePaul service Go to gbhackers.com

BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in… Delivered by PolitePaul service Go to gbhackers.com

Hackers Use Residential Proxies Networks to Evade Detection The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer… Delivered by PolitePaul service Go to gbhackers.com

Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of… Delivered by PolitePaul service Go to gbhackers.com

Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in… Delivered by PolitePaul service Go to gbhackers.com

CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw CISA has issued a new warning about an actively exploited zero-day vulnerability in Google Chromium that could allow attackers to execute arbitrary code through… Delivered by PolitePaul service Go to gbhackers.com

Tax Phishing Emails Deliver In-Memory Malware to Windows Systems Cybercriminals are leveraging tax-themed phishing emails to deploy sophisticated in-memory malware on Windows systems, bypassing traditional disk-based detection mechanisms. The attack cascade begins when… Delivered by PolitePaul service Go to gbhackers.com

Malicious npm Package ‘dbmux’ Targets Developers Malware was discovered in the npm package dbmux. Any computer with this package installed or running should be considered fully compromised. The GitHub Advisory (GHSA-62wx-5f55-w8g2)… Delivered by PolitePaul service Go to gbhackers.com

Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks Microsoft has disclosed a newly identified zero-day vulnerability in Windows BitLocker that could allow attackers to bypass one of the operating system’s core disk… Delivered by PolitePaul service Go to gbhackers.com

Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges A newly disclosed zero-day vulnerability dubbed “RoguePlanet” is affecting Microsoft Defender, allowing attackers to escalate privileges and obtain full SYSTEM-level access on vulnerable Windows… Delivered by PolitePaul service Go to gbhackers.com

Ghost-Sender Flaw Exposes Exchange Online Users to Sender Spoofing Attacks A newly disclosed “Ghost-Sender” flaw is exposing Microsoft Exchange Online environments to large-scale email spoofing attacks, allowing threat actors to bypass standard email authentication… Delivered by PolitePaul service Go to gbhackers.com

Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity Microsoft Entra Agent ID logs have exposed a subtle but consequential threat vector: assistive agents using the OAuth On-Behalf-Of (OBO) flow to act with… Delivered by PolitePaul service Go to gbhackers.com

Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges A newly disclosed Linux kernel vulnerability tracked as CVE-2026-23111 allows local attackers to escalate privileges to root by exploiting a use-after-free flaw in the… Delivered by PolitePaul service Go to gbhackers.com

Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026 In 2026, the traditional network perimeter is obsolete. With the widespread adoption of remote and hybrid work models, multi-cloud environments, and a proliferation of… Delivered by PolitePaul service Go to gbhackers.com

WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group WhatsApp has disrupted a new spyware campaign linked to the NSO Group, the controversial surveillance vendor behind Pegasus, while simultaneously seeking legal action against… Delivered by PolitePaul service Go to gbhackers.com

Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems that… Delivered by PolitePaul service Go to gbhackers.com

China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework A suspected China-linked espionage cluster dubbed OP-512 after rapidly correlating many low-fidelity events into a single high-priority incident that human analysts then validated. OP-512… Delivered by PolitePaul service Go to gbhackers.com

Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-linked underground channels, is… Delivered by PolitePaul service Go to gbhackers.com

Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers A critical vulnerability in Redis, tracked as CVE-2026-23631 and dubbed “DarkReplica,” exposes authenticated deployments to remote code execution (RCE) through a complex use-after-free (UAF)… Delivered by PolitePaul service Go to gbhackers.com

Instagram Patches Account Recovery Flaw Leaking User Contact Information A critical logic flaw in Instagram’s web-based account recovery workflow exposed unredacted user contact information, including full email addresses and phone numbers, before Meta… Delivered by PolitePaul service Go to gbhackers.com