GBHackers On Security

A sophisticated way to bypass email security by weaponizing legitimate messages from trusted companies like Apple and PayPal. These attacks, known as DKIM replay attacks, exploit email authentication systems to deliver scams that appear completely authentic. The technique is deceptively simple. Attackers create accounts on platforms like Apple’s App Store or PayPal and manipulate user-controlled The post Hackers Abuse Apple & PayPal Invoice Emails in DKIM Replay Attack Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The European Commission successfully contained a cyberattack targeting its mobile device management infrastructure on January 30, 2026. The incident, which potentially exposed staff names and mobile numbers, was neutralized within nine hours of detection, demonstrating the organization’s robust cybersecurity protocols. European Commission Mitigates Cyberattack The Commission’s central system managing mobile devices detected suspicious activity that The post European Commission Mitigates Cyberattack Aimed at Employee Mobile Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new, sophisticated malware campaign dubbed “LTX Stealer.” This malware represents a shift in attacker techniques, utilizing legitimate software frameworks and cloud services to hide its activities and steal sensitive user data. By mimicking standard Windows processes, LTX Stealer is designed to operate quietly, making it difficult for traditional antivirus systems to detect. The malware The post Node.js LTX Stealer Emerges as New Threat to Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors are actively exploiting critical vulnerabilities in SolarWinds Web Help Desk (WHD) to deploy custom malware and establish persistent remote control. Security researchers observed these attacks starting on February 7, 2026, targeting organizations that had not yet applied the latest security patches. SolarWinds Web Help Desk RCE The intrusion leverages recently disclosed Remote Code The post Active Exploitation of SolarWinds Web Help Desk RCE Used to Drop Custom Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The North Korean-backed advanced persistent threat (APT) group known as ScarCruft has significantly evolved its attack techniques. In a departure from their established methods, the group is now using a sophisticated OLE-based dropper to distribute its signature malware, ROKRAT. This new campaign highlights the group’s ability to abuse legitimate cloud services like pCloud and Yandex The post ScarCruft Exploits Trusted Cloud Services and OLE Documents to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new evolution in ClawHub skill-based attacks that effectively sidesteps recent security measures. Rather than embedding base64-encoded payloads directly in SKILL.md files, threat actors have now shifted to a simpler approach: hosting malware on convincing lookalike websites and using skills purely as lures. A new iteration of an ongoing ClawHub malicious skills campaign is using The post Hackers Abuse ClawHub Skills to Evade VirusTotal via Social Engineering appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new offensive security tool named “RecoverIt” has been released, offering red teamers a stealthy method for lateral movement and persistence by abusing the Windows Service recovery mechanism. The tool circumvents traditional detection methods that focus on monitoring service creation and binary paths. For years, attackers have moved laterally across networks by creating or modifying The post New RecoverIt Tool Abuses Windows Service Failure Recovery to Execute Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

APT activity across APAC is rising rapidly as geopolitical tensions continue to grow, and defenders are seeing more advanced tradecraft aimed at long-term access. Taiwan stood out as the most targeted environment, with 173 tracked attacks far higher than any other regional target highlighting its role as a focal point for espionage and strategic access. The post APT Hackers Abuse Trusted Edge Services to Stealthily Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A threat cluster tracked as “Vortex Werewolf” (also known as SkyCloak) has been observed targeting Russian government and defense organizations. The attack begins not with a typical malicious attachment, but with a highly credible phishing link. Vortex Werewolf distributes URLs that masquerade as legitimate Telegram file-sharing resources. These links, often hosted on domains designed to The post Vortex Werewolf Targets Organizations With Tor-Enabled RDP, SMB, SFTP, and SSH Backdoors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered in Fortinet’s FortiClient EMS (Endpoint Management Server), potentially exposing organizations to remote code execution attacks. The flaw, tracked as CVE-2026-21643, was disclosed on February 6, 2026, and carries a severe CVSS score of 9.1 out of 10. FortiClient EMS Vulnerability The vulnerability stems from an SQL injection flaw The post Critical Fortinet FortiClient EMS Vulnerability Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.