Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities CVE-2025-59718 and CVE-2025-59719 discovered during internal code audits in December 2025, with exploitation attempts now documented in customer environments. The vulnerabilities stem from improper verification of cryptographic signatures in FortiCloud […]

The post Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security checks or browser validation steps. What appears to be a routine security interstitial something millions […]

The post Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations. The vulnerability, tracked as CVE-2026-0920 with a CVSS severity rating of 9.8 (Critical), enables unauthenticated attackers to create administrator accounts and achieve complete site compromise. The function fails to properly restrict […]

The post 20,000 WordPress Sites Compromised by Backdoor Vulnerability Enabling Malicious Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack begins with a deceptive LNK file named “실전 트레이딩 핵심 비법서.pdf.lnk” (translating to “Practical Trading Core Secret Book”), specifically crafted to target South Korean investors seeking financial guidance. This social engineering approach exploits users’ trust […]

The post Threat Actors Exploit LNK Files to Deploy MoonPeak Malware on Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency users. The attack chain begins with phishing redirects and culminates in persistent access through trojanized hardware wallet applications. The campaign initiates with credential harvesters impersonating Microsoft login pages. Analysis of crosoftonline[.]com/login[.]srf a domain spoofing official Microsoft […]

The post MacSync macOS Infostealer Exploits ClickFix-style Attack to Trick Users with Single Terminal Command appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly discovered ransomware family, Osiris, targeted a major foodservice franchisee in Southeast Asia in November 2025. Despite sharing a name with a 2016 Locky ransomware variant, security researchers confirm this represents an entirely new threat with no connection to its predecessor. However, evidence suggests potential links to threat actors previously associated with Inc ransomware […]

The post New Osiris Ransomware Leverages Living Off the Land and Dual-Use Tools in Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential harvesting. Attackers exploit customer trust in the brand while leveraging free hosting services and Telegram bots to exfiltrate data in real time. […]

The post PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers. This represents a fundamental erosion of trust signals that Linux users previously […]

The post Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

JA3 fingerprinting, long dismissed as outdated technology, is experiencing a resurgence as security teams discover its practical value in identifying and tracking malicious infrastructure with surprising precision. Despite widespread skepticism about JA3’s relevance fueled by frozen public databases and inconsistent threat intelligence updates the indicator remains a powerful asset for SOC and threat hunting teams. […]

The post JA3 Fingerprinting Tool Exposes Attackers’ Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated ClickFix campaign targeting Facebook users has been identified, leveraging social engineering to extract live session credentials directly from victims’ browsers. Unlike traditional phishing exploits that rely on software vulnerabilities, this campaign guides victims through a guided credential-harvesting process disguised as account verification. Researchers identified 115 webpages across the attack chain and eight distinct […]

The post New ClickFix Campaign Exploits Fake Verification Pages to Hijack Facebook Sessions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries. The fraudulent package employs sophisticated typosquatting tactics and multi-stage execution to deliver cryptomining malware while avoiding detection. The malicious sympy-dev package directly copies SymPy’s official project […]

The post Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated multi-stage malware campaign targeting Russian users, leveraging social engineering, legitimate cloud services, and native Windows functionality to achieve full system compromise without exploiting vulnerabilities. The campaign begins with deceptively crafted business-themed documents delivered via compressed archives. Victims receive Russian-language files that appear to be routine accounting tasks, but the archive contains a malicious […]

The post New Multi-Stage Windows Malware Disables Microsoft Defender, Deploys Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated new Android malware family dubbed “Android.Phantom” that leverages artificial intelligence to automate ad-clicking fraud while establishing a persistent command-and-control infrastructure through dual-mode operation. The malware operates through two distinct modes “phantom” and “signaling” controlled from the hxxps://dllpgd[.]click command server. The ML model downloads from hxxps://app-download[.]cn-wlcb[.]ufileos[.]com and analyzes screenshots of virtual screens to identify and automatically click ad […]

The post New AI-Powered Android Malware Automatically Clicks Ads on Infected Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated evolution of the ClearFake malware campaign has emerged, deploying advanced evasion techniques that abuse legitimate Windows components to bypass endpoint detection systems. The operation, which has compromised hundreds of websites since August 2025, now leverages a command injection vulnerability in a trusted Windows script to silently execute malicious PowerShell code, while hosting its […]

The post ClearFake malware Exploits Proxy Execution to Run Malicious PowerShell Commands via Trusted Windows Feature appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

LockBit 5.0 affiliate panel provide unprecedented visibility into the infrastructure of one of the world’s most notorious ransomware-as-a-service (RaaS) operations. Following the high-profile Operation Cronos disruption, security researchers have confirmed that LockBit has largely maintained its core operational procedures. However, cosmetic updates including holiday-themed interface elements suggest active development and continued operations. The leaked materials […]

The post Researchers Expose LockBit 5.0 Affiliate Panel and New Encryption Variants appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers are abusing truesight.sys, a kernel-mode driver from Adlice Software’s RogueKiller antivirus suite. The legacy version 2.0.2 contains a critical vulnerability allowing arbitrary process termination via IOCTL command 0x22E044. This enables […]

The post Hackers Weaponize 2,500+ Security Tools to Disable Endpoint Defenses Before Ransomware Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated Linux malware framework developed almost entirely through artificial intelligence, marking the beginning of a new era in AI-powered threats. Unlike previous AI-generated malware linked to inexperienced threat actors, VoidLink represents the first documented case of high-complexity, production-grade malware authored by AI under the direction of a skilled developer. Development artifacts exposed through operational […]

The post VoidLink Emerges: First Fully AI-Driven Malware Signals a New Era of Cyber Threats appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ErrTraffic is a Traffic Distribution System (TDS) designed to power ClickFix social engineering attacks. Unlike traditional fake update prompts, ErrTraffic deliberately breaks website visuals creating garbled text, distorted CSS, and cursor jitter to convince victims their device is actually broken. Visual chaos technique, called “GlitchFix,” has become highly effective at tricking users into “fixing” their systems by running malware. […]

The post ErrTraffic Exploits Visual Page Breaks to Fuel ClickFix Attacks, Rebranding Exploits as “GlitchFix” appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new Magecart-style campaign is actively targeting e-commerce websites by injecting malicious JavaScript that intercepts and exfiltrates payment card data during checkout. The malicious script was hosted at cc-analytics[.]com/app.js and discovered on compromised e-commerce sites through script injection. The code employs heavy obfuscation using hex encoding and base conversion functions to evade detection. Security researchers […]

The post Magecart Hack Injects JavaScript to Steal Online Payment Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated PURELOGS infostealer campaign that weaponizes PNG image files to evade detection.The attack begins with a phishing email disguised as a pharmaceutical invoice containing a ZIP archive with a JScript (.js) file. Unlike browser-based JavaScript, this Windows Script Host file executes with full operating system privileges through the Windows scripting engine, granting direct access […]

The post PURELOGS Payload Hidden in Weaponized PNG Images Used in Stealth Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.