1010.cx – Page 6 – cybersecurity / defense / intelligence

Horabot Returns in Mexico, Spreading via Phishing and Email Worm Attacks

·

cyber security, Cyber Security News, Phishing

Horabot has resurfaced in Mexico with a more complex, multi‑stage kill chain that blends fake CAPTCHA lures, living-off-the-land scripting, and an email worm‑style spreader to deliver a Latin American banking trojan. In this installment of the SOC Files series, our MDR team dissected a targeted Horabot campaign that we hunted a few months ago, after […]

The post Horabot Returns in Mexico, Spreading via Phishing and Email Worm Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

·

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit, codenamed DarkSword

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
CISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning List

·

CVE/vulnerability, cyber security, Cyber Security News, Vulnerabilities, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and organizations using the platform must apply the necessary updates by April 1, 2026, to mitigate active exploitation risks. Exploited Zimbra Collaboration Suite Flaw Tracked as CVE-2025-66376, […]

The post CISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning List appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Open VSX Extension Delivers RAT and Stealer via GitHub Downloader

·

cyber security, Cyber Security News, GitHub

An Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on open-vsx.org and tracked at over 26,000 downloads as of March 17, 2026, contained multiple malicious releases that executed a GitHub-hosted downloader and fetched a second-stage payload from […]

The post Open VSX Extension Delivers RAT and Stealer via GitHub Downloader appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network

·

Botnet, cyber security, Cyber Security News

A misconfigured open directory on an Iranian server has exposed a live censorship-bypass relay and SSH-based botnet operation, revealing how a single actor stitched together a 15-node network across Iran and Finland using commodity tools and sloppy operational security. The discovery shows how financially or personally motivated actors can reuse tradecraft seen in Iranian APT […]

The post Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Aura Confirms Data Breach Exposing 900,000 Customer Records

·

cyber security, Cyber Security News, Data Breach

Digital security provider Aura has confirmed a data breach affecting approximately 900,000 user records following a targeted social engineering attack. The incident highlights the ongoing threat of sophisticated phishing campaigns aimed at bypassing technical defenses by exploiting human elements within an organization. Aura immediately initiated its incident response protocol upon detecting the unauthorized network activity. […]

The post Aura Confirms Data Breach Exposing 900,000 Customer Records appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack

·

cyber security, Cyber Security News, Malware

A North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the Moralis or Modilus cluster. This team was previously associated with the OtterCookie malware, but since […]

The post WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
ScreenConnect Flaw Lets Hackers Steal Machine Keys and Hijack Sessions

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

ConnectWise has released a critical security update for its ScreenConnect remote desktop software to address a severe vulnerability that allows attackers to hijack user sessions. The flaw, which compromises the protection of server-level cryptographic material, prompted the company to issue a Priority 1 security bulletin, warning users of a high risk of active exploitation in […]

The post ScreenConnect Flaw Lets Hackers Steal Machine Keys and Hijack Sessions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

·

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities in question are as follows – CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion

·

cyber security, Cyber Security News

A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users. ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family. SnappyClient is written in C++ and operates as a flexible command-and-control implant, supporting capabilities such […]

The post SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶