Apache ActiveMQ users are being urged to apply immediate patches following the disclosure of a critical vulnerability, CVE-2026-42253, that enables HTTP response header injection via improperly handled JMS message properties. The flaw affects both Apache ActiveMQ and ActiveMQ Web components.…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
38% of GitHub Actions Workflows Exposed to Script Injection Risks
Analysis has revealed that 38% of organizations are running GitHub Actions workflows vulnerable to script injection or unsafe trigger configurations, highlighting a growing risk in modern software supply chains. GitHub plays a central role in development pipelines by automating build,…
Ivanti ITSM Flaw Could Allow Attackers to Escalate to Admin Access
Ivanti has patched a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow authenticated attackers to escalate privileges and gain full administrative access to affected systems. Tracked as CVE-2026-9614, the flaw is classified as an improper access…
Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise
A threat campaign in which attackers leveraged AI-powered tools to streamline Active Directory (AD) compromise and accelerate endpoint detection and response (EDR) evasion testing. The activity, observed on June 2, 2026, was triggered by suspicious files originating from the path C:\Users\User\Documents\test.…
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications
A newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels that are difficult for defenders to detect. The campaign primarily targets government networks in Southeast Asia…
HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy, and Cloudflare Pingora
A newly disclosed “HTTP/2 Bomb” attack is raising serious concerns across the web infrastructure ecosystem, enabling remote denial-of-service (DoS) conditions against widely deployed servers including nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. Overview of the HTTP/2 Bomb Attack…
Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers
Windows systems are once again exposed to NTLM credential leakage through a newly observed abuse of the search, URI handler, a vulnerability class closely mirroring the previously patched CVE-2026-33829 in the Snipping Tool. Windows Search URI Handler Vulnerability Security researchers from…
CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems
The Cybersecurity and Infrastructure Security Agency (CISA), alongside the FBI, NSA, Department of Energy, EPA, TSA, Department of Transportation, and USDA, has issued a joint warning about ongoing cyberattacks targeting automatic tank gauge (ATG) systems across the United States. These…
Fake Purchase Orders Spread JS.MonoGlyphRAT in U.S. Enterprise Attacks
Hackers are using highly convincing fake purchase orders and sales documents to sneak a new JavaScript backdoor, JS.MonoGlyphRAT, into US enterprises, where it quietly establishes persistence and enables full remote control of infected systems. The malware arrives as a .js…
Laravel CRLF Injection Flaw Could Disrupt Outbound Email Handling
A high-severity vulnerability in the Laravel framework could allow attackers to manipulate outbound email processing, potentially leading to unauthorized message delivery, data exposure, or the abuse of mail relays. The issue, tracked as CVE-2026-48019, stems from improper neutralization of CRLF…
50+ Malicious Chrome Extensions Hit 30K Users
50+ malicious Chrome extensions posing as “live wallpaper” utilities have been caught running an adware operation that hijacks browser behavior and quietly pushes remote HTML content to around 30,000 users. These extensions were distributed through at least three publisher accounts…
1-Click GitHub Vulnerability Enables OAuth Token Theft
A newly disclosed vulnerability in GitHub’s browser-based editor, GitHub.dev, allows attackers to steal powerful OAuth tokens with just a single click, giving them read and write access to private repositories. The flaw exploits how Visual Studio Code (VSCode) webviews handle…
Hackers Spread WeedHack Malware via YouTube and SEO Poisoning
Hackers are increasingly abusing trusted platforms like YouTube and search engines to distribute malware, and a newly uncovered campaign targeting Minecraft players highlights how effective this tactic has become. Minecraft, originally released in 2011 by Mojang Studios, remains the best-selling…
Red Hat Confirms Supply Chain Breach Impacting @redhat-cloud-services npm Packages
Red Hat has confirmed a supply chain security breach impacting multiple npm packages under the @redhat-cloud-services namespace, as detailed in security bulletin RHSB-2026-006 released on June 2, 2026. The incident was publicly disclosed a day earlier and stems from a…
North Korean APT Targets macOS to Steal Crypto Wallets and SSH Keys
A newly uncovered macOS intrusion campaign attributed to the North Korean state-sponsored threat group Sapphire Sleet, also known as BlueNoroff or UNC1069, is targeting high-value organizations in the financial and cryptocurrency sectors. The operation focuses on venture capital firms, Web3…
Project Glasswing Grows as Anthropic Extends Claude Mythos Preview Program
Anthropic has expanded its Project Glasswing initiative, significantly scaling access to its Claude Mythos Preview model as part of a broader effort to strengthen global software security. The program, first launched in April 2026 with around 50 organizations, has now…
Microsoft MSRC Allegedly Declines Action on Dependency Confusion Vulnerability
Microsoft is facing scrutiny after reportedly declining to treat a critical dependency confusion vulnerability affecting Azure Portal assets as a security issue, despite a proof-of-concept exploit demonstrating remote code execution (RCE). Security researcher Wahid Fayad identified the issue while analyzing…
Stolen Gemini API Keys Fuel Automated Telegram Influence Campaign
A long-running Telegram influence and fraud campaign where a solo threat actor leveraged stolen Google Gemini API keys and jailbroken AI to automate content generation, credential theft, and infrastructure operations at scale. Tracked as “bandcampro,” the Russian-speaking operator maintained a…
Claude Code GitHub Actions Flaw Exposes Repositories to Full Compromise
A critical supply chain vulnerability in Anthropic’s Claude Code GitHub Actions workflow has been disclosed, exposing thousands of repositories to potential full compromise through a single malicious GitHub issue. Security researcher Ryota K from GMO Flat Security identified multiple flaws…
Mustang Panda Uses LNK, PowerShell Chain to Deploy PlugX RAT
Mustang Panda is using a fake “Browser Updater” and a multi‑stage LNK–PowerShell loader to sideload PlugX through a legitimate G DATA antivirus binary, ultimately beaconing over HTTPS to a hard‑coded C2 while hiding configuration and strings behind layered encryption and…