The zLabs research team has identified a sophisticated new threat campaign targeting Spanish Android users through a malware strain called DroidLock. Unlike traditional ransomware that encrypts files, this Android-focused threat employs a more direct approach locking devices with ransomware-style overlays and demanding payment while maintaining complete control over compromised handsets. DroidLock primarily spreads through phishing […]

The post New DroidLock Malware Locks Android Devices and Demands Ransom Payment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Infostealers have become 2025’s fastest-growing cyberthreat, targeting all operating systems and regions with sophisticated social engineering tactics. In a new campaign discovered by Kaspersky experts, attackers are exploiting users’ interest in OpenAI’s Atlas browser by leveraging the official ChatGPT website itself as a hosting platform for malicious installation guides. The attack begins with paid search […]

The post New ClickFix Attacks Exploit Official ChatGPT Website to Deliver macOS Infostealer appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated malvertising campaign is exploiting ChatGPT and DeepSeek’s shared chat features to deliver credential-stealing malware to macOS users. Threat actors are purchasing sponsored Google search results and redirecting victims to legitimate-looking LLM-generated chat sessions that contain obfuscated malicious commands, effectively bypassing platform-level safety mechanisms. The attack begins when users search for common macOS troubleshooting […]

The post Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The latest materials from the Charming Kitten network access reveal three significant findings that expand our understanding of Iran’s APT35 cyber operations: complete salary records for operative teams, expanded surveillance platform capabilities, and a classified 2004 document connecting Iran’s obtained IAEA inspection materials to Department 40 assassination targeting. The leaked materials document unprecedented compensation data […]

The post Charming Kitten Leak Reveals Key Operatives, Front Firms, and Massive Global Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Check Point Research (CPR) has published a comprehensive analysis of ValleyRAT, a widely distributed backdoor also known as Winos/Winos4.0, revealing its sophisticated modular architecture and dangerous kernel-mode rootkit capabilities. The research demonstrates how the malware’s developers possess deep expertise in Windows internals and successfully bypass modern security protections on fully updated Windows 11 systems. The […]

The post ValleyRAT Malware Evades Windows 11 Security with Stealthy Driver Install appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers at Palo Alto Networks Unit 42 have identified a newly emerging ransomware family, 01flip, that represents a significant shift in malware development tactics. Discovered in June 2025, this sophisticated threat is entirely written in Rust a modern programming language that enables cross-platform compatibility and currently targets a limited set of victims across the […]

The post New 01Flip Ransomware Targets Both Windows and Linux Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ReversingLabs (RL) researchers have identified a sophisticated supply chain campaign involving 19 malicious Visual Studio Code (VS Code) extensions. The campaign, which has been active since February 2025 and was uncovered on December 2, 2025, leverages the trust inherent in the developer ecosystem by hiding malware within the dependency folders of otherwise functional extensions. The […]

The post Security Alert: 19 Fake PNG Extensions Found in VS Code Marketplace appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity landscape has reached a troubling inflection point. On December 5, 2025, Huntress identified a sophisticated campaign deploying the Atomic macOS Stealer (AMOS) through a deceptively simple vector. AI conversations on OpenAI’s ChatGPT and xAI’s Grok platforms, surfaced via SEO manipulation to appear as trusted troubleshooting guides. What makes this campaign particularly dangerous is […]

The post Threat Actors Exploit ChatGPT and Grok Conversations to Deliver AMOS Stealer appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

DomainTools Investigations has released critical findings detailing the expansion of a massive malware-delivery network targeting Chinese-speaking users worldwide. The long-running cluster, active since June 2023, has swelled to approximately 5,000 domains, with researchers identifying over 1,900 new domains between May and November 2025 alone. This latest investigation also marks a significant milestone in defensive cybersecurity, […]

The post AI-Powered Analysis Exposes Massive 5,000-Domain Chinese Malware Operation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical stored cross-site scripting (XSS) vulnerability in Ivanti Endpoint Manager (EPM) enables unauthenticated attackers to hijack administrator sessions by injecting malicious JavaScript into the management dashboard. The vulnerability, identified as CVE-2025-10573 with a CVSS score of 9.6, affects all versions below EPM 2024 SU4 SR1 and poses an immediate threat to enterprise environments managing […]

The post High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The indie gaming community faces a new and sophisticated threat. Malicious actors are exploiting itch.io and Patreon to distribute the Lumma Stealer malware disguised as legitimate game updates, targeting unsuspecting gamers through a systematic spam campaign across the platform. Newly created itch.io accounts have been flooding comment sections of legitimate games with templated messages claiming […]

The post Cybercriminals Use Fake Game Updates on Itch.io and Patreon to Push Lumma Stealer appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has published comprehensive guidance addressing the Shai-Hulud 2.0 supply chain attack, one of the most significant cloud-native ecosystem compromises observed in recent months. The campaign represents a sophisticated threat that exploits the trust inherent in modern software development workflows by targeting developer environments, CI/CD pipelines, and cloud-connected workloads to harvest sensitive credentials and configuration […]

The post Microsoft Releases New Guidance to Combat the Shai-Hulud 2.0 Supply Chain Threat appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

During a recent incident response engagement, FortiGuard IR services responded to a sophisticated ransomware attack in which threat actors deployed advanced anti-forensic techniques to eliminate their digital footprint. The attackers deleted malware, cleared logs, and obfuscated tools to prevent analysis. However, FortiGuard researchers made a critical discovery: historical evidence of the deleted malware and attacker […]

The post FortiGuard Team Uncovers Stealth Forensic Data Within Windows Telemetry appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed “PeerBlight” that leverages the BitTorrent DHT network for resilient command-and-control communications. CVE-2025-55182, publicly disclosed on December 3, 2025, is a critical-severity unauthenticated remote code execution vulnerability affecting React Server Components […]

The post PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and international partners from the European Cybercrime Centre (EC3) have released a joint cybersecurity advisory detailing the escalating activities of pro-Russia hacktivist groups. This new advisory highlights a shift in tactics, with hacktivists targeting Operational Technology (OT) and Industrial […]

The post CISA and FBI Warn of Pro-Russia Hacktivist Attacks on Critical Infrastructure Worldwide appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Makop, a ransomware strain derived from Phobos, continues to pose a significant threat by exploiting exposed Remote Desktop Protocol (RDP) systems and integrating new attack components, including antivirus-killer modules and advanced privilege-escalation exploits. Recent investigations by Acronis TRU researchers reveal that Makop operators have evolved their methodology to include multiple evasion techniques and secondary payload […]

The post Makop Ransomware Targets RDP Systems Using AV Killer and Additional Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Chinese advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has launched a sophisticated search engine optimization (SEO) poisoning campaign targeting Chinese-speaking employees at organizations worldwide. The campaign distributes a counterfeit Microsoft Teams installer laced with ValleyRAT malware, while employing Cyrillic characters and Russian-language elements as deliberate false flags to mislead […]

The post Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Between February 2024 and August 2025, security researchers uncovered a significant campaign orchestrated by the GOLD BLADE threat group, previously known as RedCurl, RedWolf, and Earth Kapre. The investigation of nearly 40 intrusions linked to STAC6565 reveals a sophisticated threat actor that has evolved from traditional cyberespionage into a hybrid operation combining data theft with […]

The post GOLD BLADE: Custom QWCrypt Locker for Data Exfiltration and Ransomware Deployment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hypervisors the invisible backbone of modern corporate IT have become the new primary battleground for ransomware groups. According to new data from Huntress, attacks targeting hypervisors to deploy ransomware have skyrocketed in late 2025. While hypervisors like VMware ESXi and Microsoft Hyper-V power virtually all enterprise virtual machines (VMs), they often lack the security protections […]

The post Akira Group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated vishing campaign has emerged that combines social engineering with legitimate Microsoft tools to establish command execution chains leading to multi-stage .NET malware deployment. Security researchers have identified an attack flow that begins with impersonated IT personnel contacting victims via Microsoft Teams and culminates in fileless malware execution through memory-based reflection techniques. The infection […]

The post New Vishing Attack Exploits Microsoft Teams and QuickAssist to Deploy .NET Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.