A newly observed Linux backdoor technique, dubbed Pam, is exploiting the flexibility of Pluggable Authentication Modules (PAM) to capture SSH credentials and maintain persistence on compromised systems stealthily. Since its introduction in 1991 by Linus Torvalds, Linux has been designed for simplicity, modularity, and flexibility. This modular architecture allows administrators to customize nearly every component, from […]

The post Pam Backdoor Targets Linux Systems to Steal SSH Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated spear-phishing campaign, dubbed Operation GriefLure, targeting senior executives in Vietnam and the Philippines with a stealthy modular remote access trojan (RAT). The campaign focuses on high-value organizations, including Viettel Group Vietnam’s largest military-backed telecom provider and St. Luke’s Medical Center (SLMC) in the Philippines, demonstrating a calculated approach to regional cyber-espionage. What sets Operation […]

The post Modular RAT Campaign Steals Credentials and Captures Screenshots appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers are abusing a fake OpenClaw installer to deploy a modular Rust-based infostealer framework dubbed Hologram, aimed at harvesting credentials from more than 250 crypto wallet and password manager browser extensions while hiding behind trusted cloud and messaging services. The site delivers an archive named OpenClaw_x64.7z containing a 130MB Rust-compiled executable, OpenClaw_x64.exe, padded with fake documentation […]

The post Fake OpenClaw Installer Targets Crypto Wallets and Password Managers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new cross‑platform malware family, dubbed ZiChatBot, that abuses the trusted Python Package Index (PyPI) ecosystem and the Zulip team chat platform to run a stealthy command‑and‑control (C2) channel. During routine threat hunting, analysts observed a series of malicious wheel packages being uploaded to PyPI, initially appearing as legitimate utilities. The three fraudulent projects – uuid32-utils, colorinal, and termncolor – […]

The post ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical gaps in age verification systems introduced under the Online Safety Act, with children easily bypassing safeguards using simple tricks including drawing fake facial hair to appear older on camera. The Online Safety Act, which came into force in July 2025, was designed to strengthen protections for children online by enforcing stricter age checks, […]

The post Fake Moustache Fools Age Checks, Sparks Online Safety Act Fears appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers are abusing a signed Logitech installer to stealthily deploy a new Brazilian banking trojan known as TCLBANKER, giving threat actors a powerful tool to steal financial data and self‑propagate through popular communication platforms. The malware specifically targets Brazilian users and focuses on 59 banking, fintech, and cryptocurrency websites, activating only when victims browse to […]

The post Signed Logitech Installer Abused to Drop TCLBANKER Banking Trojan appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers have abused commercial Claude AI models to help compromise a Mexican water and drainage utility’s IT network and probe systems connected to critical infrastructure. The attackers used Claude as an operational “copilot” to discover industrial systems, build custom tools, and plan attacks against an internal SCADA/IIoT platform managing water and drainage processes. The investigation […]

The post Hackers Weaponize Claude AI in Attacks on Water and Drainage Utilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers are abusing fake Claude AI installer pages promoted through Google Ads to trick users into running malware in a campaign. The operation combines highly realistic install guides with a stealthy, multi‑stage infection chain that abuses trusted Windows components, fileless execution, and advanced evasion techniques to stay under the radar. Victims who click these ads […]

The post Fake Claude AI Installers Used to Spread Malware in New Cyber Scam appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD) remains a dominant phishing technique, in which victims are lured to call attacker-controlled numbers rather than clicking malicious […]

The post Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDraft and CloudSorcerer with aggressive network reconnaissance and credential theft. Researchers assess with high confidence […]

The post UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying victims’ logins in real time via an adversary‑in‑the‑middle (AiTM) setup. The attackers purchase a sponsored Google ads that imitates ManageWP branding and appears as the top result, while the legitimate domain is […]

The post Hackers Exploit Google Ads to Steal GoDaddy ManageWP Logins appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A large-scale fraud and malware operation called FEMITBOT that abuses Telegram Mini Apps to steal cryptocurrency and infect Android devices. The campaign shows how trusted in-app web experiences can be turned into powerful tools for social engineering and credential theft. Telegram Mini Apps are lightweight web applications that run inside Telegram, offering seamless login, payments, […]

The post FEMITBOT Network Exploits Telegram Mini Apps to Spread Crypto Scams and Android Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly identified dark web platform, Darkhub, is advertising a wide range of hacking-for-hire services, including account compromise, surveillance, and financial manipulation. The service, accessible via the Tor network, presents itself as a centralized hub for offensive cyber capabilities targeting both individuals and organizations. Many similar services historically function as advance-fee scams rather than delivering […]

The post Darkhub Hacking-for-Hire Portal Promotes Crypto Fraud and Spyware Services appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CloudZ is a new modular remote access trojan that abuses Microsoft’s built‑in Phone Link feature to steal SMS one‑time passwords (OTPs) and other mobile notifications directly from Windows PCs, without infecting the phone itself. Microsoft Phone Link (formerly “Your Phone”) is integrated into Windows 10 and 11 to mirror smartphone SMS messages, application notifications, call […]

The post CloudZ RAT Exploits Microsoft Phone Link to Steal SMS OTPs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Salesforce Marketing Cloud (SFMC) recently patched a cluster of high‑impact vulnerabilities that could have allowed attackers to read and enumerate marketing emails and subscriber data across tenants, including Fortune 500 organizations. Modern enterprises rely on centralised marketing clouds to deliver branded, trackable campaigns at massive scale. SFMC (formerly ExactTarget) is one of the dominant platforms, powering dynamic […]

The post Salesforce Marketing Cloud Vulnerability Exposes Email Data Risk appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

QLNX is a newly documented Linux remote access trojan (RAT) that targets the theft on developers’ and DevOps credentials to hijack software supply chains. Recent attacks against popular projects like LiteLLM on PyPI and the Axios npm package have shown how a single compromised maintainer account can be used to push backdoored releases to millions […]

The post QLNX Targets Developers in Supply Chain Credential Theft Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Iran-linked operators have mounted a broad espionage operation against multiple Omani ministries, abusing exposed webshells, SQL escalation scripts, and a poorly secured C2 server to steal judicial and identity data at scale. Attacker’s own open directory strongly suggests a Ministry of Intelligence and Security (MOIS) nexus compromised a mailbox , but there are not enough unique […]

The post Iran-Linked Hackers Target Oman Ministries in Webshell and Data Theft Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Silver Fox is running a tax‑themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, using a customized RustSL loader to evade detection and enforce strict geofencing controls. The campaign shows how the group is steadily evolving from commodity RAT delivery to […]

The post Silver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cerberus Anti-theft, a long-running Android “security” app, is operating as full-featured stalkerware on Google Play, abusing accessibility services and Google Firebase to give abusers near-total remote control over victims’ phones. Once installed, Cerberus lets an abuser push a custom lock‑screen notification to the victim’s device from a web dashboard at cerberusapp.com or a paired smartwatch. […]

The post Cerberus Stalkerware Hits Google Play, Abuses Accessibility and Firebase for Remote Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Educational institutions are now facing a coordinated mix of state espionage, spear‑phishing, and supply chain intrusions, even as classic ransomware and vulnerability volumes show signs of easing. Every attributed campaign was linked to state actors, with no financially motivated groups observed. China-aligned clusters led by MISSION2074 dominate, with additional activity from Stone Panda, Hafnium, Lotus […]

The post Education Sector Hit by Espionage, Phishing, and Supply Chain Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.