XLoader malware Sharpens Obfuscation, Masks C2 Traffic via Decoy Servers
XLoader’s developers have released new versions that significantly harden the malware’s code and hide its command‑and‑control (C2) traffic behind layers of e...
GBHackers
20 articles
Windows Tools Abused to Kill AV Ahead of Ransomware Attacks
Hackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, maki...
Axios NPM Packages Breached in Ongoing Supply Chain Attack
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a malicious dependency into specific A...
Dutch Finance Ministry Responds to Cyberattack by Taking Systems Offline
The Dutch Ministry of Finance is actively managing a significant cybersecurity incident after discovering unauthorized access to its internal Information and...
Telegram-Based ResokerRAT Adds Screenshot Capture and Persistence
Hackers are deploying a new Windows malware called ResokerRAT, a Telegram‑based Remote Access Trojan (RAT) that gives attackers stealthy remote control over ...
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network G...
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than t...
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to ...
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature
Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks.
Tax Filing Scams Used to Deliver Malware in New Cybercrime Campaigns
Cybercriminals are once again exploiting global tax seasons, abusing IRS and tax filing lures to deliver malware, remote monitoring and management (RMM) tool...
CareCloud Data Breach Exposes Patient Data After Hackers Access IT Systems
CareCloud, Inc., a prominent healthcare technology provider, has disclosed a material cybersecurity incident involving unauthorized access to its electronic ...
DeepLoad Malware Uses ClickFix and AI Evasion to Hit Enterprise Networks
New “DeepLoad” malware is turning a single user click into fileless, credential‑stealing persistence inside enterprise networks, leveraging the ClickFix tech...
ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information
Artificial intelligence assistants increasingly handle our most sensitive data, operating under the assumption that enclosed environments keep this informati...
RoadK1ll Malware Turns Hacked Devices Into Network Relays
Hackers are deploying a new Node. js-based implant dubbed RoadK1ll to quietly turn compromised hosts into on-demand network relays, enabling stealthy pivotin...
Claude AI Uncovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Security researchers at Calif recently demonstrated the evolving power of artificial intelligence in vulnerability research by using Claude AI to uncover zer...
GhostSocks Hijacks Devices as Proxy Network for Stealthy Cyberattacks
A newly emerging malware known as GhostSocks is quietly reshaping how attackers evade detection by converting compromised systems into residential proxy node...
Notepad++ v8.9.3 Released With Fixes for cURL Security Flaw and Crash Bugs
Notepad++ rolled out version 8.9.
Russian Hackers Deploy “CTRL” for RDP Hijacking
Russian hackers are using a new remote access toolkit called “CTRL” to silently hijack Remote Desktop Protocol (RDP) sessions via FRP-based reverse tunnels, ...
Exposed Server Leaks TheGentlemen Ransomware Toolkit, Credentials, and Ngrok Tokens
A fully operational TheGentlemen ransomware toolkit on an exposed server, revealing victim credentials, ngrok tokens, and a complete pre-encryption playbook....
North Korean IT Worker Used Stolen Identity, AI-Generated Resume in Job Scam
A recent investigation as exposed how a suspected North Korean IT worker allegedly used a stolen identity, AI-generated resume content, and scripted intervie...