Tag: gbhackers

Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems A new cyber-espionage threat group dubbed Amaranth-Dragon. Active throughout 2025, this group has launched highly targeted attacks against government and law enforcement agencies across Southeast… Go to gbhackers.com

APT28 Hackers Exploit Microsoft Office Vulnerability to Target Government Agencies Russian state-sponsored hackers, known as APT28 or Fancy Bear, have launched a new wave of cyberattacks targeting government and military organizations across Europe. This… Go to gbhackers.com

Weaponized Voicemail Hack Allows Remote Access to Systems, Experts Warn A sophisticated social engineering campaign that weaponizes fake voicemail notifications to trick victims into installing remote access tools. The attack begins when victims receive… Go to gbhackers.com

Go 1.25.7 and Go 1.24.13 Released With Patches for Multiple Security Vulnerabilities The Go team has officially released versions 1.25.7 and 1.24.13. These minor point releases address two distinct security vulnerabilities affecting the cmd/cgo command and the crypto/tls library. The updates are recommended… Go to gbhackers.com

Interlock Ransomware Exploits Zero-Day in Gaming Anti-Cheat Driver to Disable EDR, AV Interlock ransomware operators have been observed using a new process‑killing tool that abuses a zero‑day flaw in a gaming anti‑cheat kernel driver to try… Go to gbhackers.com

Threat Actors Conduct Widespread Scanning for Exposed Citrix NetScaler Login Pages A coordinated reconnaissance campaign targeting Citrix ADC (NetScaler) Gateway infrastructure worldwide. The operation used over 63,000 residential proxy IPs and AWS cloud infrastructure to… Go to gbhackers.com

Hackers Exfiltrate NTDS.dit File, Gain Full Control of Active Directory Environments Active Directory serves as the central repository for an organization’s authentication infrastructure, making it a prime target for sophisticated threat actors. The NTDS.dit database,… Go to gbhackers.com

CISA Warns of Exploited GitLab Community and Enterprise SSRF Vulnerability The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical server-side request forgery (SSRF) vulnerability affecting GitLab Community and Enterprise Editions to its… Go to gbhackers.com

Supply Chain Attack Exploits Notepad++ Update Mechanism to Push Targeted Malware Notepad++, a widely used text editor among developers, became the target of a sophisticated supply chain attack that compromised its update infrastructure for nearly… Go to gbhackers.com

Abuse of OpenClaw AI Capabilities Enables Stealthy Malware Campaigns Hundreds of malicious skills are distributed through OpenClaw’s marketplace, transforming the popular AI agent ecosystem into a new supply chain attack vector. Threat actors… Go to gbhackers.com

GhostChat Malware Locks Victims’ Devices, Demands Passcodes for Restoration A new Android spyware campaign that uses romance scams and fake chat profiles to spy on users in Pakistan. The malicious app, named GhostChat… Go to gbhackers.com

Mozilla Introduces Global Kill Switch for Firefox AI Capabilities Mozilla has rolled out comprehensive AI controls in Firefox 148, launching February 24, 2026, allowing users to globally disable all generative AI features across… Go to gbhackers.com

Chollima APT Hackers Weaponize LNK Files to Deploy Sophisticated Malware In March 2025, the Ricochet Chollima APT group, widely recognized as APT37 and linked to North Korean state-sponsored operations, launched a targeted spear-phishing campaign… Go to gbhackers.com

Malicious Google Play App With 50K+ Downloads Spreads Anatsa Banking Trojan A malicious application on the Google Play Store masquerading as a legitimate document reader. The deceptive application, which has accumulated over 50,000 downloads, functions… Go to gbhackers.com

Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes A widespread ransomware campaign targeting misconfigured MongoDB databases continues to compromise thousands of servers worldwide, with attackers exploiting internet-exposed instances that lack basic authentication… Go to gbhackers.com

PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been… Go to gbhackers.com

Notepad++ Users Targeted After State-Backed Attackers Hijack Update Servers Notepad++ fell victim to a sophisticated supply chain attack orchestrated by state-sponsored threat actors who compromised its update infrastructure over a six-month campaign. Security… Go to gbhackers.com

ShadowHS: New Stealthy Fileless Linux Malware Spreads Automatically A sophisticated fileless Linux malware framework, ShadowHS, that represents a significant evolution in post-exploitation tooling. Unlike traditional malware binaries, ShadowHS operates entirely in memory… Go to gbhackers.com

Windows 11 Introduces New Feature to Block Unauthorized Access to System Files Microsoft has released KB5074105, a critical preview update for Windows 11 versions 25H2 and 24H2 (OS Builds 26200.7705 and 26100.7705), introducing enhanced security mechanisms… Go to gbhackers.com

Top 10 Best DNS Filtering Solutions 2026 In 2026, the perimeter is gone. Your users are everywhere, and the “castle and moat” security model is obsolete. The most effective way to… Go to gbhackers.com

SCADA Flaw Enables DoS Condition, Impacting Availability of Affected Systems A vulnerability affecting the Mitsubishi Electric Iconics Suite, a widely deployed supervisory control and data acquisition (SCADA) system used across industrial sectors, including automotive,… Go to gbhackers.com

Metasploit Update Introduces 7 Exploit Modules Affecting Popular Enterprise Platforms A significant Metasploit Framework update (version 6.4.111) featuring seven new exploit modules that target critical vulnerabilities across widely deployed enterprise systems. This release demonstrates… Go to gbhackers.com

TAMECAT PowerShell Backdoor Targets Edge and Chrome: Login Credentials At Risk TAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers… Go to gbhackers.com

Over 200 Magento Stores Compromised In Rootkit Rampage via Zero-Day Exploit A dangerous wave of attacks exploiting CVE-2025-54236, dubbed “SessionReaper,” in Magento e-commerce platforms. This vulnerability lets attackers bypass authentication by reusing invalid session tokens, paving… Go to gbhackers.com

Hugging Face Repositories Hijacked For Android RAT Delivery, Bypassing Traditional Defenses A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads. Attackers combine social engineering, legitimate infrastructure… Go to gbhackers.com

GhostChat Spyware Targets Android Users Through WhatsApp, Steals Sensitive Data A sneaky Android spyware called GhostChat, which tricks Pakistan-based users with romance scams via WhatsApp. The malware grabs sensitive data like contacts, photos, and files… Go to gbhackers.com

Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure A sophisticated traffic distribution system (TDS) hiding behind education-themed domains. The operation uses bulletproof hosting to deliver phishing pages, scams, and malware files. Analysts triaged… Go to gbhackers.com

Open Directory Exposure Leaks BYOB Framework Across Windows, Linux, and macOS An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and… Go to gbhackers.com

BlackIce Introduced as Container-Based Red Teaming Toolkit for AI Security Testing Databricks introduced BlackIce at CAMLIS Red 2025, an open-source containerized toolkit that consolidates 14 widely-used AI security tools into a single, reproducible environment. This… Go to gbhackers.com

Swarmer Tool Abuses Windows Registry to Evade Detection and Persist on Systems Swarmer, a sophisticated tool designed to manipulate Windows registry hives while bypassing endpoint detection systems. The tool exploits legacy Windows infrastructure to achieve persistent… Go to gbhackers.com

Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently… Go to gbhackers.com

eScan Antivirus Update Server Breached to Deliver Malicious Software Updates MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure… Go to gbhackers.com

Cal.com Broken Access Controls Lead to Account Takeover and Data Exposure Cal.com, an open-source scheduling platform and developer-friendly alternative to Calendly, recently patched a set of critical vulnerabilities that exposed user accounts and sensitive booking… Go to gbhackers.com

eSkimming Attacks Surge with Evolving Tactics and Ongoing Recovery Challenges A new longitudinal study of Magecart-style eSkimming attacks overturns the assumption that discovery equals recovery. Instead of being a one-time incident that ends with… Go to gbhackers.com

Gemini MCP Tool 0-Day Vulnerability Exposes Systems to Remote Code Execution A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code on vulnerable installations without… Go to gbhackers.com

Cybercriminals Leverage AI-Generated Malicious Job Offers to Spread PureRAT Malware A Vietnamese threat actor is using AI-authored code to power a phishing campaign that delivers the PureRAT malware and related payloads, leveraging realistic job-themed… Go to gbhackers.com

Critical IDIS IP Camera Vulnerability Allows Full Computer Compromise with One-Click Exploit A critical vulnerability in IDIS Cloud Manager (ICM) Viewer exposes organizations using IDIS IP cameras to one-click remote code execution (RCE), potentially allowing attackers… Go to gbhackers.com

Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack… Go to gbhackers.com

G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally… Go to gbhackers.com

CISA Urges Public to Stay Alert Against Rising Natural Disaster Scams The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster… Go to gbhackers.com

ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A… Go to gbhackers.com

Critical vm2 Flaw Lets Attackers Bypass Sandbox and Execute Arbitrary Code in Node.js A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full… Go to gbhackers.com

Lazarus Hackers Target European Drone Manufacturers in Active Campaign The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The… Go to gbhackers.com

PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over… Go to gbhackers.com

Instagram Investigates Reported Vulnerability Allowing Access to Private Content A server-side vulnerability in Instagram that allegedly allowed completely unauthenticated access to private account posts. This raises concerns about Meta’s vulnerability disclosure handling and… Go to gbhackers.com

New Malware Toolkit Redirects Victims to Malicious Sites Without Changing the URL A dangerous new malware toolkit is being sold on Russian cybercrime forums that can redirect victims to fake websites while keeping the real domain… Go to gbhackers.com

New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware A dangerous new iteration of the “Contagious Interview” campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers…. Go to gbhackers.com

Microsoft Teams to Begin Sharing Employee Location with Employers Based on Wi-Fi Networks Microsoft has confirmed a controversial new feature coming to Teams that will automatically reveal employee work locations by detecting which Wi-Fi networks they connect… Go to gbhackers.com

Microsoft Open-Sources winapp, a New CLI Tool for Streamlined Windows App Development Microsoft has announced the public preview of the Windows App Development CLI (winapp), a new open-source command-line tool designed to simplify Windows application development… Go to gbhackers.com

Microsoft Shared BitLocker Recovery Keys with the FBI to Unlock Encrypted Laptop Data Microsoft has confirmed that it provided BitLocker encryption recovery keys to the FBI following a valid search warrant, marking the first publicly known case… Go to gbhackers.com

Researchers Uncover Multi-Stage AiTM Attack Using SharePoint to Bypass Security Controls Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations, leveraging SharePoint file-sharing services to bypass traditional email security… Go to gbhackers.com

Attackers Leveraging telnetd Exploit for Root Privileges After PoC Goes Public The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The… Go to gbhackers.com

Top 10 World’s Best Data Security Companies in 2026 In 2026, data has become the most valuable asset for businesses and the most targeted. With rising ransomware attacks, insider threats, AI-driven breaches, and… Go to gbhackers.com

Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two… Go to gbhackers.com

TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21,… Go to gbhackers.com

Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate… Go to gbhackers.com

20,000 WordPress Sites Compromised by Backdoor Vulnerability Enabling Malicious Admin Access A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations…. Go to gbhackers.com

Pwn2Own Automotive 2026: Researchers Score $516,500 For 37 Unique Zero-Days Day Two of Pwn2Own Automotive 2026 kicked off with high intensity, as security researchers targeted automotive infotainment systems, EV chargers, and gateways. Building on… Go to gbhackers.com

New Osiris Ransomware Leverages Living Off the Land and Dual-Use Tools in Attacks A newly discovered ransomware family, Osiris, targeted a major foodservice franchisee in Southeast Asia in November 2025. Despite sharing a name with a 2016… Go to gbhackers.com

Critical Vivotek Flaw Enables Remote Arbitrary Code Execution Akamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw… Go to gbhackers.com

NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released… Go to gbhackers.com

BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning… Go to gbhackers.com

Cisco Unified Communications Zero-Day RCE Flaw Actively Exploited For Root Shell Access Cisco has warned customers of a critical zero-day vulnerability affecting several of its Unified Communications products, including Cisco Unified Communications Manager (Unified CM), Unified… Go to gbhackers.com

New ClickFix Campaign Exploits Fake Verification Pages to Hijack Facebook Sessions A sophisticated ClickFix campaign targeting Facebook users has been identified, leveraging social engineering to extract live session credentials directly from victims’ browsers. Unlike traditional… Go to gbhackers.com

Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most… Go to gbhackers.com

New Multi-Stage Windows Malware Disables Microsoft Defender, Deploys Malicious Payloads A sophisticated multi-stage malware campaign targeting Russian users, leveraging social engineering, legitimate cloud services, and native Windows functionality to achieve full system compromise without… Go to gbhackers.com

New AI-Powered Android Malware Automatically Clicks Ads on Infected Devices A sophisticated new Android malware family dubbed “Android.Phantom” that leverages artificial intelligence to automate ad-clicking fraud while establishing a persistent command-and-control infrastructure through dual-mode… Go to gbhackers.com

Hackers Exploit Visual Studio Code to Deploy Malicious Payloads on Victim Systems The attack arsenal by extensively abusing Microsoft Visual Studio Code configuration files to deliver and execute malicious payloads on compromised systems. This evolution in… Go to gbhackers.com

Chrome 144 Released to Fix High-Severity V8 JavaScript Engine Flaw Google has released Chrome version 144.0.7559.96/.97 to the stable channel across Windows, Mac, and Linux platforms, addressing a critical race condition vulnerability in the… Go to gbhackers.com

Azure Private Endpoint Deployments Expose Cloud Resources to DoS Attacks A critical architectural weakness in Azure’s Private Endpoint deployments could allow both accidental and intentional denial of service (DoS) attacks against cloud resources. The… Go to gbhackers.com

Everest Ransomware Group Allegedly Claims Breach of McDonald’s India Systems The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive corporate and customer data…. Go to gbhackers.com

Threat Actors Exploit LinkedIn for RAT Delivery in Enterprise Networks A sophisticated phishing campaign exploiting LinkedIn private messages has been identified, delivering remote access trojans (RATs) through a combination of DLL sideloading techniques and… Go to gbhackers.com

Spear-Phishing Campaign Leverages Google Ads to Distribute EndRAT Malware Genians Security Center has published an in-depth analysis of Operation Poseidon, a sophisticated APT campaign attributed to the Konni threat group that exploits legitimate… Go to gbhackers.com

Redmi Buds Vulnerability Could Allow Call Data Theft and Firmware Instability Xiaomi’s Redmi Buds series faces critical security flaws that enable attackers to steal sensitive call data and crash devices without authentication. Two newly disclosed… Go to gbhackers.com

Five Chrome Extensions Used to Hijack Enterprise HR and ERP Systems Socket’s Threat Research Team has uncovered a coordinated Chrome extension campaign targeting enterprise HR and ERP platforms, including Workday, NetSuite, and SAP SuccessFactors. Five… Go to gbhackers.com

PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses Security researchers have identified a sophisticated backdoor malware variant, PDFSIDER, that leverages DLL side-loading to evade endpoint detection and response (EDR) systems. The threat… Go to gbhackers.com

Mandiant Publishes Rainbow Tables That Crack NTLMv1 Admin Passwords  Mandiant has publicly released comprehensive rainbow tables designed to crack Net-NTLMv1 authentication hashes, addressing a critical security gap that has persisted for over two decades, despite… Go to gbhackers.com

Google Vertex AI Flaw Lets Low-Privilege Users Escalate to Service Agent Roles Security researchers have discovered critical privilege escalation vulnerabilities in Google’s Vertex AI platform that allow attackers with minimal permissions to hijack high-privileged Service Agent… Go to gbhackers.com

Critical XSS Vulnerabilities in Meta Conversion API Enable Zero-Click Account Takeover Security researchers have uncovered two critical cross-site scripting (XSS) vulnerabilities in Meta’s Conversions API Gateway that could enable attackers to hijack Facebook accounts on… Go to gbhackers.com

Researchers Breach StealC Infrastructure, Access Malware Control Panels Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. Security researchers recently demonstrated this vulnerability by… Go to gbhackers.com

Windows 11 January Update Sparks Widespread Shutdown Complaints Microsoft’s latest security update for Windows 11 has triggered an unexpected problem affecting enterprise users: PCs equipped with Secure Launch are unable to shut… Go to gbhackers.com

AWS Console Supply Chain Breach Enables GitHub Repository Hijacking  A newly reported supply chain attack targeting the Amazon Web Services (AWS) management console has raised alarms across the developer community.   Cybersecurity researchers have discovered… Go to gbhackers.com

Zero-Click Exploit Chain Discovered Targeting Google Pixel 9 Devices Security researchers at Google Project Zero have disclosed a complete zero-click exploit chain affecting Google Pixel 9 smartphones, chaining vulnerabilities in the Dolby audio… Go to gbhackers.com

Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches Cymulate Research Labs discovered a high-severity authentication bypass vulnerability in Microsoft Windows Admin Centre’s Azure AD Single Sign-On implementation that enables attackers with local… Go to gbhackers.com

Promptware Kill Chain – Five-step Kill Chain Model For Analyzing Cyberthreats Promptware Kill Chain is a new five-step model that explains how attacks against AI systems powered by large language models (LLMs) behave more like… Go to gbhackers.com

Critical Cal.com Vulnerability Let Attackers Bypass Authentication and Hijack Any User Account A newly disclosed critical vulnerability in Cal.com, an open-source scheduling and booking platform, could allow attackers to bypass authentication and gain full access to any user… Go to gbhackers.com

DragonForce Ransomware Breakdown and Decryptor for ESXi & Windows Security researchers have published an in‑depth technical analysis of the DragonForce ransomware operation, along with details of working decryptors for both Windows and ESXi… Go to gbhackers.com

North Korean Hackers Exploit Code Repositories in “Contagious Interview” Campaign A newly documented campaign dubbed “Contagious Interview” shows North Korean threat actors weaponising developer tooling and code-repository workflows to steal credentials, cryptocurrency wallets and… Go to gbhackers.com

Betterment Confirms Unauthorised Access to Its Internal Systems  Digital investment advisor Betterment has confirmed that unauthorized individuals gained access to its internal systems in a recent security breach.   The compromise allowed attackers to… Go to gbhackers.com

Android Users Hit by Volume Button Bug Linked to Select to Speak Google has confirmed a critical bug affecting Android devices where volume buttons malfunction when the Select to Speak accessibility feature is enabled. The issue… Go to gbhackers.com

Spring CLI Vulnerability Allows Attackers to Execute Commands on User Systems  A command-injection vulnerability in the Spring CLI VSCode extension allows attackers to execute arbitrary commands on affected user machines.   The vulnerability, tracked as CVE-2026-22718, affects all versions of the extension through… Go to gbhackers.com

LLMs Supercharge Ransomware Speed, Scale, and Global Reach Large language models are not fundamentally transforming ransomware operations. However, they are dramatically accelerating the threat landscape through measurable gains in speed, volume, and… Go to gbhackers.com

CastleLoader Malware Targets U.S. Government Agencies Security researchers are sounding the alarm over CastleLoader, a stealthy first-stage malware loader now implicated in campaigns targeting US-based government entities and multiple high-value… Go to gbhackers.com

Google Releases Chrome 144, Fixing 10 V8 Engine Vulnerabilities Google has launched Chrome 144 for desktop platforms, addressing ten security vulnerabilities including multiple high-severity flaws in the V8 JavaScript engine. The stable channel… Go to gbhackers.com

VVS Stealer Targeting Discord Users for Credential Theft Discord users face an emerging threat from VVS stealer. This Python-based malware campaign demonstrates the sophistication malware authors achieve when combining obfuscation frameworks with… Go to gbhackers.com

Charity-Themed Malware Used by Threat Actors to Target Ukraine’s Defense Forces Ukrainian cybersecurity authorities have uncovered a sustained, targeted campaign against Ukraine’s defense forces, orchestrated by Russian-affiliated threat actors that disguise malware distribution as charitable… Go to gbhackers.com

Cybercriminal Crypto Transactions Surge to 2025 High Illicit cryptocurrency transactions reached unprecedented levels in 2025 as nation-states weaponized digital assets to evade sanctions, transforming the cybercrime landscape into a geopolitical battleground… Go to gbhackers.com

Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive Data A newly disclosed vulnerability in Apache Struts 2’s XWork component could expose sensitive data and open the door to denial‑of‑service and server‑side request forgery… Go to gbhackers.com

ValleyRAT_S2: Stealth Intrusions Aimed at Financial Data Exfiltration A sophisticated second-stage malware payload known as ValleyRAT_S2 has emerged as a critical threat to organizations across Chinese-speaking regions, including mainland China, Hong Kong,… Go to gbhackers.com

Critical React Router Flaws Could Let Attackers Access or Modify Server Files A critical vulnerability has been discovered in React Router and Remix that could allow attackers to access or modify sensitive files on web servers. The flaw… Go to gbhackers.com