The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities through industrial espionage. The targeted organizations include a metal engineering firm, an aircraft component manufacturer, […]

The post Lazarus Hackers Target European Drone Manufacturers in Active Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the internet. The vulnerability allows unauthenticated attackers to execute arbitrary commands on affected systems running vulnerable versions of the telnetd service. Vulnerability Overview CVE-2026-24061 […]

The post PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A server-side vulnerability in Instagram that allegedly allowed completely unauthenticated access to private account posts. This raises concerns about Meta’s vulnerability disclosure handling and the effectiveness of compensatory controls protecting user privacy. Technical Overview According to the disclosure, the vulnerability existed in Instagram’s mobile web interface and required no authentication or follower relationship to exploit. […]

The post Instagram Investigates Reported Vulnerability Allowing Access to Private Content appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dangerous new malware toolkit is being sold on Russian cybercrime forums that can redirect victims to fake websites while keeping the real domain name visible in their browser’s address bar. The toolkit, called Stanley, costs between $2,000 and $6,000 and comes with a guarantee that it will pass Google’s Chrome Web Store review process. […]

The post New Malware Toolkit Redirects Victims to Malicious Sites Without Changing the URL appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dangerous new iteration of the “Contagious Interview” campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants.  North Korean threat actors linked to […]

The post New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Two critical 0-day vulnerabilities in NetSupport Manager that, when chained, allow unauthenticated remote code execution (RCE). The vulnerabilities were discovered during routine security assessments of operational technology (OT) environments and affect version 14.10.4.0 and earlier, with fixes implemented in version 14.12.0000 released on July 29th, 2025. The two vulnerabilities tracked as CVE-2025-34164 and CVE-2025-34165 reside […]

The post NetSupport Manager 0-Day Vulnerabilities Enable Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has released two critical out-of-band (OOB) security patches targeting widespread issues affecting Windows 11 users following January’s monthly security updates. The emergency patches, KB5078127 and KB5078132, address severe file system failures and application crashes that emerged after the January 13 security release. The primary culprit behind these issues is unexpected complications introduced by KB5073455 […]

The post Microsoft Issues KB5078127 OOB Patch After Reports of Outlook Freezing and File System Instability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the “SyncFuture Espionage Campaign,” weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems.​ The campaign begins with targeted […]

The post SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A moderate out-of-bounds write vulnerability in Apache Hadoop’s HDFS native client that could allow attackers to trigger system crashes or cause data corruption in production environments.  The flaw, identified as CVE-2025-27821, affects the native HDFS client’s URI parser and has been assigned moderate severity by Apache. The vulnerability was discovered and reported by security researcher […]

The post Apache Hadoop Flaw Could Trigger System Crashes or Data Corruption appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick is “inherited trust.” Attackers send short phishing emails with financial or business themes such as unpaid invoices, payment statements, or document reviews. The real hook is not the text, but […]

The post New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

As users continue to assess the Under Armour data breach, WorldLeaks, the rebranded version of the Hunters International…

Hello aspiring Cyber Forensic Investigators. In our previous blogpost, you learnt in detail about Computer Forensics. In this article, you will learn about Bulk Extractor, a fast, automated forensic carving tool. Digital forensic investigations often require extracting useful information from massive amounts of data like disk images, memory dumps, captured network traffic and more. Manually […]

The post Beginners Guide to Bulk Extractor tool appeared first on Hackercool Magazine.

Another day, another fake CAPTCHA scam, but this one abuses Microsoft’s signed tools.

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals.

If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade

Linux running inside a PDF. An actual working operating system with a terminal where you can type commands. Open a PDF in Chrome. Wait 30 seconds. You now have a working Linux terminal. No installation, no software, just a 6MB file that boots an entire operating system.

A high school student named Allen built this, the same kid who previously crammed Doom into a PDF. Before that he made tools to bypass school software restrictions and exploits to boot Linux on locked-down Chromebooks.

Say hello to Stanley, a new malicious toolkit that guarantees bypassing Google’s Chrome Web Store review process.

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, Check

BMX SolidSafe 5K power bank Follow ZDNET: Add us as a preferred source.  The BMX SolidSafe 5K is a nice, light, …

Endpoints remain primary entry for attacks. In 2026, endpoint platforms must deliver behavior context, automation, investigations, and integrations.