GBHackers On Security

The Internet Systems Consortium (ISC) has released critical security advisories addressing three new vulnerabilities in the widely used BIND 9 Domain Name System (DNS) software suite. If left unpatched, remote attackers could exploit these weaknesses to bypass access control lists, consume excessive system resources, or crash DNS servers entirely. Network administrators must apply the provided The post BIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targets continuous integration and continuous deployment (CI/CD) environments. Because Trivy is a widely adopted open-source vulnerability scanner used natively within The post CISA Adds Critical Aquasecurity Trivy Scanner Vulnerability to KEV Catalog appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to coincide with the country’s busy tax-filing and corporate restructuring season. The campaign focuses heavily on manufacturers and enterprises that are currently dealing with high volumes of financial and HR-related communications. This seasonal timing is deliberate. The post Silver Fox Cyberattack Targets Japanese Businesses with Tax-Themed Phishing Scams appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers successfully compromised two widely used developer tools, creating a cascading security incident for organizations building artificial intelligence software. By exploiting weak credential management and leveraging AI-assisted coding, the group distributed malicious The post TeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt Projects appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A South Asian financial institution has been hit by a custom malware toolkit combining a modular backdoor, dubbed BRUSHWORM, and a DLL side‑loaded keylogger known as BRUSHLOGGER.  The attackers relied on a backdoor initially named paint.exe and a keylogger masquerading as libcurl.dll, both of which lacked advanced packing or obfuscation. BRUSHWORM acts as the primary implant, handling The post Hackers Target South Asian Financial Firm with BRUSHWORM and BRUSHLOGGER Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility. Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentially grant threat actors unauthorised remote access to affected Linux systems. Technical Analysis of the Exploit The xz utility is a fundamental data compression format The post Red Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthorized Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A multi-cluster cyberespionage operation in which attackers used USB-propagated malware, multiple RATs, loaders, and a custom stealer to target a Southeast Asian government organization between June and August 2025. Analysts initially observed USB-borne malware dubbed USBFect (also known as HIUPAN), which spreads through removable drives and deploys the PUBLOAD backdoor for lateral movement. Further telemetry revealed two The post Hackers Deploy USB Malware, RATs, and Stealers in Southeast Asian Government Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as CVE-2026-20817. This flaw allows a local attacker with standard user rights to escalate to SYSTEM privileges by exploiting improper permission handling. The vulnerability was so significant that Microsoft chose to remove the affected feature entirely The post Windows Error Reporting Vulnerability Exposes Systems to Privilege Escalation, Allowing SYSTEM Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sharp rise in PXA Stealer campaigns targeting global financial institutions during the first quarter of 2026. The activity marks a notable shift in the infostealer landscape, with PXA Stealer filling the gap left by the takedowns of major malware families such as Lumma, Rhadamanthys, and RedLine in 2025. Researchers estimate that PXA Stealer activity The post Phishing ZIP Files Used to Deploy PXA Stealer Targeting Financial Firms appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investigation by Rapid7 Labs, this long-term espionage campaign utilises a highly evasive Linux kernel malware called BPFdoor.  Instead of launching noisy, disruptive attacks, these hackers are building dormant sleeper cells in the telecom backbone. The post Hackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.