Recent Posts
News•Feb 27, 2026
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer Environments
Security researchers discovered a malicious Go module, github.com/xinfeisoft/crypto, that masquerades as the legitimate golang.org/x/crypto library. The backdoored ReadPassword function captures plaintext credentials, writes them to /usr/share/nano/.lock, and exfiltrates them via a dynamically supplied GitHub Raw URL. After exfiltration, the module pulls and runs a shell script that adds an attacker‑controlled SSH key, relaxes iptables, and installs the Rekoobe Linux backdoor. Although Go proxies now block the package, any environments that previously vendored or cached it remain exposed.
By GBHackers On Security
News•Feb 27, 2026
Infostealers Drive Massive Brute-Force Attacks on Corporate SSO Gateways with Stolen Credentials
Defused Cyber uncovered a credential‑stuffing campaign that uses passwords harvested by Infostealers to brute‑force corporate SSO gateways, notably targeting F5 BIG‑IP devices. Analysis of 70 credential pairs showed 77 % originated from known Infostealer infections, confirming a direct supply chain from malware‑infected employee...
By GBHackers On Security
News•Feb 26, 2026
Phishing‑Led Agent Tesla Campaign Uses Process Hollowing and Anti‑Analysis to Evade Detection
Agent Tesla’s newest campaign leverages a multi‑stage, fileless delivery chain that begins with a phishing email containing a RAR‑packed JSE loader. The loader fetches an AES‑encrypted PowerShell script, which executes entirely in memory and uses process hollowing to inject malicious...
By GBHackers On Security
News•Feb 26, 2026
ResidentBat Android Malware Grants Belarusian KGB Ongoing Mobile Access
ResidentBat is a custom Android spyware implant deployed by the Belarusian KGB to turn seized smartphones into persistent surveillance tools. The malware is sideloaded via Android Debug Bridge after physical access, granting extensive data collection and remote‑wipe capabilities. First disclosed...
By GBHackers On Security
News•Feb 25, 2026
Threat Actors Exploit Apache ActiveMQ Vulnerability to Gain RDP Access, Deploy LockBit Ransomware
Threat actors leveraged the critical Apache ActiveMQ flaw CVE‑2023‑46604 to achieve remote code execution, download a Metasploit stager via CertUtil, and gain SYSTEM privileges on a Windows host. After dumping LSASS credentials, they moved laterally using a harvested domain‑admin account,...
By GBHackers On Security
News•Feb 25, 2026
OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
Security researchers have identified a new OAuth consent attack vector in Microsoft Entra ID where a legitimate service principal such as ChatGPT is granted high‑risk Graph permissions like Mail.Read. By tricking users into approving a consent screen, attackers obtain persistent...
By GBHackers On Security
News•Feb 25, 2026
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft Defender has identified a coordinated campaign that weaponizes seemingly legitimate Next.js repositories to compromise developers. The malicious projects, often presented as interview assessments, exploit Visual Studio Code workspace automation, build‑time scripts, and server startup routines to fetch and execute...
By GBHackers On Security
.webp?ssl=1)
News•Feb 24, 2026
Malicious NuGet Packages Target ASP.NET Developers to Steal Login Credentials
A coordinated supply‑chain campaign published four malicious NuGet packages between August 2024, amassing over 4,500 downloads before removal. The lead package, NCryptYo, typosquats the legitimate NCrypto library and installs JIT hooks that drop a hidden payload establishing a localhost proxy....
By GBHackers On Security
News•Feb 24, 2026
ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft
ZeroDayRAT, a Malware‑as‑a‑Service kit, now targets both Android and iOS devices, merging real‑time surveillance with direct financial theft through a browser‑based control panel. The service is marketed on Telegram, with subscriptions ranging from $250 per day to $3,500 per month,...
By GBHackers On Security
News•Feb 24, 2026
Deserialization Flaw in Ruby Workers That Could Enable Full Compromise
A critical remote code execution vulnerability has been discovered in RubitMQ job workers due to unsafe JSON deserialization with the Ruby Oj library. The flaw allows attackers to craft malicious JSON that triggers object injection, instantiating a Node class whose...
By GBHackers On Security
News•Feb 24, 2026
LUKS Encryption Compromised on Linux ICS Devices via TPM Bus Sniffing Exploit
Security researchers have disclosed CVE‑2026‑0714, a high‑severity flaw in Moxa’s UC‑1222A Secure Edition industrial computer. The vulnerability allows an attacker with physical access to the SPI bus to sniff the TPM2_NV_Read command and capture the LUKS full‑disk encryption key in...
By GBHackers On Security
News•Feb 22, 2026
Cache Deception Flaw in SvelteKit And Vercel Stack Exposes User Data
A cache‑deception flaw was found in SvelteKit applications deployed on Vercel, where the `__pathname` query parameter can override request paths and cause private API responses to be cached as public assets. The vulnerability affects any route under `/_app/immutable/`, which Vercel...
By GBHackers On Security
News•Feb 21, 2026
Anthropic Debuts Claude Code Security – AI Now Scan Vulnerabilities in Your Entire Codebase
Anthropic launched Claude Code Security, an AI‑driven tool that scans entire codebases for vulnerabilities and suggests patches. Powered by Claude Opus 4.6, it uses frontier reasoning to map data flows and identify complex bugs that traditional SAST tools miss. Internal tests...
By GBHackers On Security
News•Feb 20, 2026
CharlieKirk Grabber Malware Targets Windows Systems to Steal Login Credentials
CharlieKirk Grabber is a new Python‑based Windows infostealer first seen in February 2026. It rapidly harvests credentials from Chromium and Firefox browsers, Wi‑Fi profiles, Discord tokens, and gaming sessions, then packages the data into a ZIP archive for exfiltration via...
By GBHackers On Security