The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities through industrial espionage. The targeted organizations include a metal engineering firm, an aircraft component manufacturer, […]

The post Lazarus Hackers Target European Drone Manufacturers in Active Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dangerous new malware toolkit is being sold on Russian cybercrime forums that can redirect victims to fake websites while keeping the real domain name visible in their browser’s address bar. The toolkit, called Stanley, costs between $2,000 and $6,000 and comes with a guarantee that it will pass Google’s Chrome Web Store review process. […]

The post New Malware Toolkit Redirects Victims to Malicious Sites Without Changing the URL appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dangerous new iteration of the “Contagious Interview” campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants.  North Korean threat actors linked to […]

The post New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Two critical 0-day vulnerabilities in NetSupport Manager that, when chained, allow unauthenticated remote code execution (RCE). The vulnerabilities were discovered during routine security assessments of operational technology (OT) environments and affect version 14.10.4.0 and earlier, with fixes implemented in version 14.12.0000 released on July 29th, 2025. The two vulnerabilities tracked as CVE-2025-34164 and CVE-2025-34165 reside […]

The post NetSupport Manager 0-Day Vulnerabilities Enable Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the “SyncFuture Espionage Campaign,” weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems.​ The campaign begins with targeted […]

The post SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick is “inherited trust.” Attackers send short phishing emails with financial or business themes such as unpaid invoices, payment statements, or document reviews. The real hook is not the text, but […]

The post New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities CVE-2025-59718 and CVE-2025-59719 discovered during internal code audits in December 2025, with exploitation attempts now documented in customer environments. The vulnerabilities stem from improper verification of cryptographic signatures in FortiCloud […]

The post Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security checks or browser validation steps. What appears to be a routine security interstitial something millions […]

The post Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations. The vulnerability, tracked as CVE-2026-0920 with a CVSS severity rating of 9.8 (Critical), enables unauthenticated attackers to create administrator accounts and achieve complete site compromise. The function fails to properly restrict […]

The post 20,000 WordPress Sites Compromised by Backdoor Vulnerability Enabling Malicious Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack begins with a deceptive LNK file named “실전 트레이딩 핵심 비법서.pdf.lnk” (translating to “Practical Trading Core Secret Book”), specifically crafted to target South Korean investors seeking financial guidance. This social engineering approach exploits users’ trust […]

The post Threat Actors Exploit LNK Files to Deploy MoonPeak Malware on Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency users. The attack chain begins with phishing redirects and culminates in persistent access through trojanized hardware wallet applications. The campaign initiates with credential harvesters impersonating Microsoft login pages. Analysis of crosoftonline[.]com/login[.]srf a domain spoofing official Microsoft […]

The post MacSync macOS Infostealer Exploits ClickFix-style Attack to Trick Users with Single Terminal Command appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly discovered ransomware family, Osiris, targeted a major foodservice franchisee in Southeast Asia in November 2025. Despite sharing a name with a 2016 Locky ransomware variant, security researchers confirm this represents an entirely new threat with no connection to its predecessor. However, evidence suggests potential links to threat actors previously associated with Inc ransomware […]

The post New Osiris Ransomware Leverages Living Off the Land and Dual-Use Tools in Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential harvesting. Attackers exploit customer trust in the brand while leveraging free hosting services and Telegram bots to exfiltrate data in real time. […]

The post PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers. This represents a fundamental erosion of trust signals that Linux users previously […]

The post Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

JA3 fingerprinting, long dismissed as outdated technology, is experiencing a resurgence as security teams discover its practical value in identifying and tracking malicious infrastructure with surprising precision. Despite widespread skepticism about JA3’s relevance fueled by frozen public databases and inconsistent threat intelligence updates the indicator remains a powerful asset for SOC and threat hunting teams. […]

The post JA3 Fingerprinting Tool Exposes Attackers’ Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated ClickFix campaign targeting Facebook users has been identified, leveraging social engineering to extract live session credentials directly from victims’ browsers. Unlike traditional phishing exploits that rely on software vulnerabilities, this campaign guides victims through a guided credential-harvesting process disguised as account verification. Researchers identified 115 webpages across the attack chain and eight distinct […]

The post New ClickFix Campaign Exploits Fake Verification Pages to Hijack Facebook Sessions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries. The fraudulent package employs sophisticated typosquatting tactics and multi-stage execution to deliver cryptomining malware while avoiding detection. The malicious sympy-dev package directly copies SymPy’s official project […]

The post Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated multi-stage malware campaign targeting Russian users, leveraging social engineering, legitimate cloud services, and native Windows functionality to achieve full system compromise without exploiting vulnerabilities. The campaign begins with deceptively crafted business-themed documents delivered via compressed archives. Victims receive Russian-language files that appear to be routine accounting tasks, but the archive contains a malicious […]

The post New Multi-Stage Windows Malware Disables Microsoft Defender, Deploys Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated new Android malware family dubbed “Android.Phantom” that leverages artificial intelligence to automate ad-clicking fraud while establishing a persistent command-and-control infrastructure through dual-mode operation. The malware operates through two distinct modes “phantom” and “signaling” controlled from the hxxps://dllpgd[.]click command server. The ML model downloads from hxxps://app-download[.]cn-wlcb[.]ufileos[.]com and analyzes screenshots of virtual screens to identify and automatically click ad […]

The post New AI-Powered Android Malware Automatically Clicks Ads on Infected Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated evolution of the ClearFake malware campaign has emerged, deploying advanced evasion techniques that abuse legitimate Windows components to bypass endpoint detection systems. The operation, which has compromised hundreds of websites since August 2025, now leverages a command injection vulnerability in a trusted Windows script to silently execute malicious PowerShell code, while hosting its […]

The post ClearFake malware Exploits Proxy Execution to Run Malicious PowerShell Commands via Trusted Windows Feature appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.