<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:media="http://search.yahoo.com/mrss/"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>GBHackers Security | #1 Globally Trusted Cyber Security News Platform</title>
	<atom:link href="https://gbhackers.com/feed/" rel="self" type="application/rss+xml" />
	<link>https://gbhackers.com/</link>
	<description>GBhackers Offering Exclusive Cyber Security News Coverage, New Research papers &#38; Technology Updates.</description>
	<lastBuildDate>Thu, 16 Jul 2026 07:44:36 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	

<image>
	<url>https://gbhackers.com/wp-content/uploads/2024/09/cropped-gbh-32x32.png</url>
	<title>GBHackers Security | #1 Globally Trusted Cyber Security News Platform</title>
	<link>https://gbhackers.com/</link>
	<width>32</width>
	<height>32</height>
</image> 
<site xmlns="com-wordpress:feed-additions:1">236592110</site>	<item>
		<title>Malicious AI Agents Attempt Reverse Shells, Credential Theft, and Persistent SSH Access</title>
		<link>https://gbhackers.com/ai-agents-attempt-reverse-shells/</link>
					<comments>https://gbhackers.com/ai-agents-attempt-reverse-shells/#respond</comments>
		
		<dc:creator><![CDATA[Mayura Kathir]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 07:44:30 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[cyber security]]></category>
		<category><![CDATA[Cyber Security News]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192425</guid>

					<description><![CDATA[<p>AI agents are increasingly crossing the line from generating content to executing actions inside developer workstations, cloud environments, and enterprise systems. New telemetry from Gen’s H1 2026 Threat Report shows that agent runtime controls detected attempts involving reverse shells, credential-file access, API-key discovery, destructive commands, and SSH persistence mechanisms. The activity does not necessarily mean [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/ai-agents-attempt-reverse-shells/">Malicious AI Agents Attempt Reverse Shells, Credential Theft, and Persistent SSH Access</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/ai-agents-attempt-reverse-shells/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/Untitled-design-2026-07-16T131131.987.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192425</post-id>	</item>
		<item>
		<title>F5 Fixes 3 NGINX Flaws Enabling Potential Remote Code Execution, Memory Disclosure, and DoS Attacks</title>
		<link>https://gbhackers.com/f5-fixes-3-nginx-flaws/</link>
					<comments>https://gbhackers.com/f5-fixes-3-nginx-flaws/#respond</comments>
		
		<dc:creator><![CDATA[Divya]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 06:53:08 +0000</pubDate>
				<category><![CDATA[CVE/vulnerability]]></category>
		<category><![CDATA[Cyber Security News]]></category>
		<category><![CDATA[cyber security]]></category>
		<category><![CDATA[Vulnerability]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192416</guid>

					<description><![CDATA[<p>F5 has issued security advisories for three vulnerabilities affecting NGINX Plus and NGINX Open Source. These flaws could allow unauthenticated attackers to trigger crashes in worker processes, disclose limited memory contents, or potentially execute code under specific conditions. The vulnerabilities, identified as CVE-2026-56434, CVE-2026-42533, and CVE-2026-60005, impact the data-plane request processing of NGINX rather than [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/f5-fixes-3-nginx-flaws/">F5 Fixes 3 NGINX Flaws Enabling Potential Remote Code Execution, Memory Disclosure, and DoS Attacks</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/f5-fixes-3-nginx-flaws/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/F5-Fixes-3-NGINX-Flaws-Enabling-Potential-Remote-Code-Execution-Memory-Disclosure-and-DoS-Attacks-1-1.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192416</post-id>	</item>
		<item>
		<title>Kratos PhaaS Targets Microsoft 365 Users With SharePoint Links and Cloudflare Anti-Bot Checks</title>
		<link>https://gbhackers.com/kratos-phaas-targets-microsoft-365/</link>
					<comments>https://gbhackers.com/kratos-phaas-targets-microsoft-365/#respond</comments>
		
		<dc:creator><![CDATA[Mayura Kathir]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 06:36:15 +0000</pubDate>
				<category><![CDATA[cyber security]]></category>
		<category><![CDATA[Cyber Security News]]></category>
		<category><![CDATA[Microsoft]]></category>
		<category><![CDATA[Phishing]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192406</guid>

					<description><![CDATA[<p>Kratos, a subscription-based phishing-as-a-service platform, is targeting Microsoft 365 users in the United States, Europe, and other regions through campaigns designed to blend into ordinary document-sharing workflows. The operation abuses trusted services, including Microsoft SharePoint, OneDrive, Microsoft Forms, Canva, Tilda, and systeme.io, to deliver links that ultimately redirect recipients to credential-harvesting pages. Only 156 sessions [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/kratos-phaas-targets-microsoft-365/">Kratos PhaaS Targets Microsoft 365 Users With SharePoint Links and Cloudflare Anti-Bot Checks</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/kratos-phaas-targets-microsoft-365/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/Untitled-design-2026-07-16T120253.576.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192406</post-id>	</item>
		<item>
		<title>GPT-5.6 Sol Ultra Writes Complete Chrome Exploit With V8 Sandbox Escape</title>
		<link>https://gbhackers.com/gpt-5-6-sol-ultra-writes-complete-chrome-exploit/</link>
					<comments>https://gbhackers.com/gpt-5-6-sol-ultra-writes-complete-chrome-exploit/#respond</comments>
		
		<dc:creator><![CDATA[Divya]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 06:26:46 +0000</pubDate>
				<category><![CDATA[Cyber Security News]]></category>
		<category><![CDATA[cyber security]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192395</guid>

					<description><![CDATA[<p>A security researcher reported that the GPT-5.6 Sol Ultra model successfully produced a working renderer exploit for Chrome version 149.0.7827.201. This exploit utilized V8 version 14.9.207.35. The model reportedly combined multiple patched issues in the JavaScript engine and WebAssembly infrastructure, ultimately launching the macOS Calculator application from within a sandboxed Chrome renderer process. GPT-5.6 Sol [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/gpt-5-6-sol-ultra-writes-complete-chrome-exploit/">GPT-5.6 Sol Ultra Writes Complete Chrome Exploit With V8 Sandbox Escape</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/gpt-5-6-sol-ultra-writes-complete-chrome-exploit/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/GPT-5.6-Sol-Ultra-Writes-Complete-Chrome-Exploit-With-V8-Sandbox-Escape-1-1-1.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192395</post-id>	</item>
		<item>
		<title>LLM-Assisted TuxBot Botnet Targets IoT Devices Across 17 Processor Architectures</title>
		<link>https://gbhackers.com/llm-assisted-tuxbot-botnet/</link>
					<comments>https://gbhackers.com/llm-assisted-tuxbot-botnet/#respond</comments>
		
		<dc:creator><![CDATA[Mayura Kathir]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 06:11:24 +0000</pubDate>
				<category><![CDATA[cyber security]]></category>
		<category><![CDATA[Cyber Security News]]></category>
		<category><![CDATA[IoT]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192394</guid>

					<description><![CDATA[<p>TuxBot v3 Evolution, a modular IoT botnet framework capable of infecting devices running architectures ranging from ARM and MIPS to x86_64, PowerPC and RISC-V. The platform appears designed for mass compromise, persistence and distributed denial-of-service operations, with a C-based bot agent and a Go-based command-and-control server. Palo Alto Networks Unit 42 said it recovered the [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/llm-assisted-tuxbot-botnet/">LLM-Assisted TuxBot Botnet Targets IoT Devices Across 17 Processor Architectures</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/llm-assisted-tuxbot-botnet/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/Untitled-design-2026-07-16T113911.671-1.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192394</post-id>	</item>
		<item>
		<title>Hackers Use Google Ads and Claude AI Chats to Steal macOS Credentials and Crypto Wallets</title>
		<link>https://gbhackers.com/hackers-use-google-ads-and-claude-ai-chats-to-steal-macos-credentials/</link>
					<comments>https://gbhackers.com/hackers-use-google-ads-and-claude-ai-chats-to-steal-macos-credentials/#respond</comments>
		
		<dc:creator><![CDATA[Divya]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 05:45:33 +0000</pubDate>
				<category><![CDATA[cryptocurrency]]></category>
		<category><![CDATA[Cyber Security News]]></category>
		<category><![CDATA[Google]]></category>
		<category><![CDATA[cyber security]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192389</guid>

					<description><![CDATA[<p>Threat actors have exploited Google Ads and Anthropic’s Claude shared-chat feature to distribute the MacSync Stealer to macOS users. They used a social engineering technique called ClickFix, designed to steal credentials, browser data, cloud keys, sensitive files, and cryptocurrency wallets. According to Zscaler Threat Hunting, this campaign took place between June 12 and June 19, [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/hackers-use-google-ads-and-claude-ai-chats-to-steal-macos-credentials/">Hackers Use Google Ads and Claude AI Chats to Steal macOS Credentials and Crypto Wallets</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/hackers-use-google-ads-and-claude-ai-chats-to-steal-macos-credentials/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/Hackers-Use-Google-Ads-and-Claude-AI-Chats-to-Steal-macOS-Credentials-and-Crypto-Wallets-1-1.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192389</post-id>	</item>
		<item>
		<title>Cursor 0-Day Flaw Executes Malicious git.exe From Repositories Without User Interaction</title>
		<link>https://gbhackers.com/cursor-0-day-flaw-executes-malicious-git-exe/</link>
					<comments>https://gbhackers.com/cursor-0-day-flaw-executes-malicious-git-exe/#respond</comments>
		
		<dc:creator><![CDATA[Divya]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 05:12:17 +0000</pubDate>
				<category><![CDATA[CVE/vulnerability]]></category>
		<category><![CDATA[Cyber Security News]]></category>
		<category><![CDATA[Zero-Day]]></category>
		<category><![CDATA[cyber security]]></category>
		<category><![CDATA[Vulnerability]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192372</guid>

					<description><![CDATA[<p>Cursor users on Windows may be at risk of arbitrary code execution following Mindgard&#8217;s disclosure of a zero-day vulnerability. This flaw allows the AI-powered integrated development environment (IDE) to automatically execute a malicious git.exe file located at the root of an open repository. According to research published by Aaron Portnoy on July 14, 2026, this [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/cursor-0-day-flaw-executes-malicious-git-exe/">Cursor 0-Day Flaw Executes Malicious git.exe From Repositories Without User Interaction</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/cursor-0-day-flaw-executes-malicious-git-exe/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/Cursor-0-Day-Flaw-Executes-Malicious-git.exe-From-Repositories-Without-User-Interaction-1.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192372</post-id>	</item>
		<item>
		<title>China-Linked Daxin Backdoor Resurfaces in Taiwan Alongside New STUPIG SYSTEM-Level Malware</title>
		<link>https://gbhackers.com/stupig-system-level-malware/</link>
					<comments>https://gbhackers.com/stupig-system-level-malware/#respond</comments>
		
		<dc:creator><![CDATA[Mayura Kathir]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 05:10:25 +0000</pubDate>
				<category><![CDATA[cyber security]]></category>
		<category><![CDATA[Cyber Security News]]></category>
		<category><![CDATA[Malware]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192369</guid>

					<description><![CDATA[<p>The China-linked Daxin backdoor has resurfaced in an active intrusion targeting a Taiwan-based subsidiary of a multinational high-tech manufacturer, exposing the enduring reach of an espionage operation first publicly detailed in 2022. Daxin’s return is significant because the malware was already regarded as an unusually sophisticated implant built for stealthy, long-term access to hardened networks. [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/stupig-system-level-malware/">China-Linked Daxin Backdoor Resurfaces in Taiwan Alongside New STUPIG SYSTEM-Level Malware</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/stupig-system-level-malware/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/Untitled-design-2026-07-16T103926.670.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192369</post-id>	</item>
		<item>
		<title>Russian-Speaking Hacker Uses Gemini CLI to Deploy C2 Botnet in Six Minutes</title>
		<link>https://gbhackers.com/gemini-cli-to-deploy-c2-botnet/</link>
					<comments>https://gbhackers.com/gemini-cli-to-deploy-c2-botnet/#respond</comments>
		
		<dc:creator><![CDATA[Mayura Kathir]]></dc:creator>
		<pubDate>Wed, 15 Jul 2026 13:16:00 +0000</pubDate>
				<category><![CDATA[Botnet]]></category>
		<category><![CDATA[cyber security]]></category>
		<category><![CDATA[Cyber Security News]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192340</guid>

					<description><![CDATA[<p>A Russian-speaking threat actor tracked as “bandcampro” used Google Gemini CLI as an end-to-end operational assistant to migrate a command-and-control server, deploy a replacement VPS, configure Cloudflare tunnels, and restore control of compromised endpoints within six minutes. The findings are based on an analysis of Gemini CLI session logs spanning March 19 through April 21, [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/gemini-cli-to-deploy-c2-botnet/">Russian-Speaking Hacker Uses Gemini CLI to Deploy C2 Botnet in Six Minutes</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/gemini-cli-to-deploy-c2-botnet/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/Untitled-design-2026-07-15T184243.526-1.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192340</post-id>	</item>
		<item>
		<title>OkoBot Malware Uses ClickFix and SeedHunter to Steal Ledger and Trezor Seed Phrases</title>
		<link>https://gbhackers.com/okobot-malware-uses-clickfix/</link>
					<comments>https://gbhackers.com/okobot-malware-uses-clickfix/#respond</comments>
		
		<dc:creator><![CDATA[Mayura Kathir]]></dc:creator>
		<pubDate>Wed, 15 Jul 2026 12:46:03 +0000</pubDate>
				<category><![CDATA[cyber security]]></category>
		<category><![CDATA[Cyber Security News]]></category>
		<category><![CDATA[Malware]]></category>
		<guid isPermaLink="false">https://gbhackers.com/?p=192322</guid>

					<description><![CDATA[<p>A newly documented malware framework dubbed OkoBot is targeting cryptocurrency users with a multi-stage intrusion chain designed to capture Ledger and Trezor recovery phrases, browser credentials, wallet files, keystrokes, screenshots, and application video recordings. Researchers first observed the activity in January 2026, although the campaign’s TookPS downloader component has been active since March 2025. The [&#8230;]</p>
<p>The post <a href="https://gbhackers.com/okobot-malware-uses-clickfix/">OkoBot Malware Uses ClickFix and SeedHunter to Steal Ledger and Trezor Seed Phrases</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>
]]></description>
		
					<wfw:commentRss>https://gbhackers.com/okobot-malware-uses-clickfix/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<media:content url="https://gbhackers.com/wp-content/uploads/2026/07/Untitled-design-2026-07-15T175159.690-1.webp" medium="image"></media:content>
            <post-id xmlns="com-wordpress:feed-additions:1">192322</post-id>	</item>
	</channel>
</rss>
