OWASP has released a new edition of its AI security report, “State of Agentic AI Security and Governance v2.01,” giving security teams a concrete playbook for defending autonomous AI agents and the expanding ecosystem of tools they rely on. Positioned…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE
Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems that no longer use Internet Explorer as a standalone browser. Although Microsoft officially ended support for IE,…
China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework
A suspected China-linked espionage cluster dubbed OP-512 after rapidly correlating many low-fidelity events into a single high-priority incident that human analysts then validated. OP-512 compromised an Internet Information Services (IIS) server and deployed a custom web shell framework built to…
Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens
A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-linked underground channels, is not a simple packed executable but a Lucid-branded information stealer and RAT wrapped inside a legitimate…
Instagram Patches Account Recovery Flaw Leaking User Contact Information
A critical logic flaw in Instagram’s web-based account recovery workflow exposed unredacted user contact information, including full email addresses and phone numbers, before Meta rapidly patched it on June 6, 2026. The vulnerability, which affected the platform’s password reset interface,…
Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers
A critical vulnerability in Redis, tracked as CVE-2026-23631 and dubbed “DarkReplica,” exposes authenticated deployments to remote code execution (RCE) through a complex use-after-free (UAF) condition in the replication subsystem. Discovered by security researcher Yoni Sherez during the ZeroDay. In the…
Critical UniFi OS RCE Chain Grants Root Access Without Credentials
Security Advisory Bulletin 064 describing a critical chain of vulnerabilities in UniFi OS Server that allows unauthenticated remote code execution and full root takeover. The issue combines an authentication-gateway bypass, a path-traversal mismatch, and a command-injection sink in the package-update…
Hackers Exploit Claude Code MCP Traffic to Hijack OAuth Authentication Tokens
Threat researchers have uncovered a novel man-in-the-middle (MitM) attack chain targeting Anthropic’s Claude Code ecosystem, where adversaries hijack Model Context Protocol (MCP) traffic to steal OAuth authentication tokens and persist access to enterprise SaaS platforms. The technique, detailed by Mitiga,…
Microsoft Warns Claude Code GitHub Action May Expose CI/CD Secrets
Anthropic’s Claude Code GitHub Action could unintentionally expose CI/CD workflow secrets when AI agents process untrusted GitHub content. The risk arises because certain tools the agent uses to read files were not sandboxed like subprocess execution paths such as Bash.…
EDRChoker Tool Abuses Windows QoS Policies to Disrupt Endpoint Security Tools
A newly disclosed red-team tool dubbed “EDRChoker” is drawing attention across the cybersecurity community for its novel approach to disrupting Endpoint Detection and Response (EDR) visibility by abusing Windows Policy-based Quality of Service (quality of service). Unlike traditional EDR evasion…
Hackers Exploit 2026 FIFA World Cup With Phishing and Ticket Scams
Cybercriminals are already turning the 2026 FIFA World Cup into a fraud opportunity, using phishing pages, fake online stores, and ticket scams to steal money and personal data. The risk is rising because the tournament will attract huge global demand,…
Free Samsung and LG Smart TV Apps Reportedly Exploit Devices for AI Proxy Traffic
Free apps available on Samsung, LG, Roku, and other connected TV (CTV) platforms are quietly enrolling users’ smart televisions into a commercial residential proxy network operated by Bright Data, according to a technical investigation published June 5, 2026, by Include…
New ChatGPT Lockdown Mode Aims to Block Prompt Injection and Data Exfiltration Attacks
OpenAI this week introduced Lockdown Mode, a security-focused setting for ChatGPT designed to reduce the risk of data exfiltration from prompt-injection attacks. The feature is rolling out to eligible personal accounts (Free, Go, Plus, Pro) and self-serve ChatGPT Business workspaces,…
Top 10 Best Software Composition Analysis (SCA) Tools for Security Teams in 2026
The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought. With modern applications consisting of over 80% open-source components, the attack surface has shifted drastically. Whether you are…
China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS
A previously disclosed China-linked threat cluster, tracked as OP-512, has been observed deploying a purpose-built web shell framework to compromise Internet Information Services (IIS) servers. Identified by ReliaQuest, the espionage operation targeted a Windows Server 2016 environment running an end-of-life…
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE
Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with root privileges. Disclosed on May 21, 2026, via Security Advisory Bulletin 064 (SAB-064), the flaws are…
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader
A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the attack utilizes highly personalized dynamic lures to initiate a complex, five-stage infection chain that actively dismantles…
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-28318, this flaw allows unauthenticated threat actors to remotely crash the file transfer service.…
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins
Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United States. According to Mandiant’s Google Threat Intelligence Group (GTIG), this financially motivated campaign leverages a highly effective…
Hackers Weaponize Trusted Tools to Deploy Notorious Malware
Attackers are leaning harder on legitimate, preinstalled, or widely used system tools to deliver and operate notorious malware families, creating a stealthy, high-velocity threat that outpaces many traditional defenses. The operational logic for attackers is straightforward. Native utilities such as…