GitHub has released Enterprise Server (GHES) version 3.20.3, addressing multiple critical and high-severity vulnerabilities that could allow attackers to access internal services, escalate privileges, and extract sensitive data. The update, published on May 26, 2026, also introduces an important security…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters
A critical Windows kernel vulnerability, CVE-2026-40369, allows any unprivileged process, including a browser renderer sandbox, to increment arbitrary kernel memory and reliably escalate to SYSTEM on Windows 11 24H2–25H2. The bug sits in ntoskrnl.exe inside ExpGetProcessInformation, reachable via a single NtQuerySystemInformation call with information class…
New Zero-Click WhatsApp Account Takeover Attack Targets iOS 16 Users
A newly uncovered zero-click attack targets iPhone users running iOS 16, allowing threat actors to hijack WhatsApp accounts without any user interaction, visible prompts, or warnings about linked devices. The campaign was first documented by Italian digital forensics firm Forenser,…
Hackers Exploit Shared CDN Edge IPs to Evade Protective DNS Filtering
Hackers are exploiting shared CDN edge infrastructure to bypass DNS-based security controls, according to new research from ADAMnetworks, which details a stealthy evasion technique dubbed “Underminr.” The core issue lies in how content delivery networks (CDNs) route traffic across shared…
Anthropic Launches Free Claude Code Terminal Plugin to Detect Security Vulnerabilities
Anthropic has launched a free Claude Code terminal plugin, “security-guidance,” that continuously reviews AI‑generated code in-session to detect and remediate security vulnerabilities before they ever reach a pull request or CI pipeline. Designed as a lightweight yet powerful layer within…
Microsoft Defender Gains Auto-Isolation Feature to Block Ransomware Spread
Microsoft Defender XDR has introduced automatic attack disruption capabilities that autonomously contain ransomware and sophisticated cyberattacks in real-time by isolating compromised assets. This advanced feature correlates millions of security signals to identify active threat campaigns with high confidence. It automatically…
Microsoft SharePoint Server Flaw Enables Remote Code Execution Attacks
Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow attackers to execute arbitrary code remotely, raising significant concerns for enterprise environments that depend on on-premises collaboration platforms. The flaw, tracked as CVE-2026-45659, was initially published on…
CERT-In Mandates 12-Hour Patch Deadline for Internet-Facing Vulnerabilities
India’s national cyber security agency CERT-In has issued a new blueprint that tells organizations to fix critical vulnerabilities in internet‑facing and “crown‑jewel” systems within 12 hours of discovery, as AI‑driven attackers slash exploitation timelines. The guidance marks one of India’s…
EU Regulators Prepare Landmark Fine Against Google Under Digital Markets Act
The European Union is preparing to issue a landmark penalty against Google under its Digital Markets Act (DMA), marking a significant escalation in regulatory enforcement against major technology platforms. According to multiple reports, EU regulators have formally accused Alphabet’s Google…
Quasar RAT Hits Developers With Fileless Linux Attacks
Quasar Linux (QLNX) is a new, stealthy Linux Remote Access Trojan that quietly turns developer and DevOps workstations into high‑value beachheads for software supply‑chain attacks, using fileless execution, an eBPF rootkit, PAM backdoors, and a P2P C2 mesh to evade…
Angular Language Service Extension Flaws Allow Remote Code Execution
Multiple high-severity vulnerabilities have been discovered in the Angular Language Service VS Code extension (Angular.ng-template), exposing developers to remote code execution (RCE) attacks through malicious project files and dependencies. The issues, tracked under GitHub advisory GHSA-ccq4-xmxr-8hcq, affect all versions before…
Memcached SASL Flaw Exposes Usernames to Enumeration Attacks
A newly identified vulnerability in Memcached has raised concerns among security professionals after researchers confirmed a timing side-channel flaw that allows attackers to enumerate valid usernames. Tracked as CVE-2026-47783, the issue affects Memcached versions before 1.6.42 and specifically impacts SASL…
China-Linked Hackers Hit SEA Edge Routers With Custom Linux Implant
China-linked hackers are conducting a stealthy infrastructure-centric espionage campaign across Southeast Asia by compromising Linux-based edge routers with a custom ELF implant and pairing it with a cracked Cobalt Strike Beacon on Windows systems for unified command-and-control over entire networks.…
NightSpire Ransomware Abuses RDP for Stealthy Persistence
NightSpire has quickly emerged as a significant ransomware threat since its discovery in early 2025, combining classic double-extortion tactics with stealthy intrusion techniques. The malware not only encrypts victim data but also exfiltrates sensitive files, threatening to publish them on…
Ghost CMS Vulnerability Exploited to Infect 700 Sites With ClickFix Malware
Hackers are actively exploiting a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) to compromise websites and distribute ClickFix malware through large-scale page-poisoning attacks. The vulnerability allows attackers to extract sensitive database contents without authentication, including the Ghost Admin API…
ConnectWise Automate Flaw Allows Hackers to Evade Security Controls
ConnectWise has released a security update to address a high-severity vulnerability in its ConnectWise Automate remote monitoring and management (RMM) platform, a widely used tool for managed service providers (MSPs). The flaw, tracked as CVE-2026-9089, carries a CVSS score of…
Hackers Use SEO Poisoning to Fake Gemini CLI and Claude Code Installers
Hackers are increasingly abusing search engine optimization (SEO) techniques to distribute malware by impersonating popular AI developer tools, including Gemini CLI and Claude Code. The activity, first observed in early March 2026, shows attackers creating malicious domains that rank above…
Apache CXF Flaw Exposes Systems to LDAP Injection Attacks
Apache CXF users are facing a significant security risk following the disclosure of a new vulnerability that exposes systems to LDAP injection attacks, potentially allowing unauthorized access to sensitive certificate data. The issue, tracked as CVE-2026-44930, has been classified as…
PuTTY 0.84 Update Patches SSH Key Exchange Crash Issues and Telnet Prompt Spoofing Flaw
PuTTY 0.84 has been released with three minor security fixes that address issues that could allow remote attackers to crash the client or trick users during insecure sessions. Although the vulnerabilities are classified as low severity, they affect core components…
Phishing Campaigns Exploit RCS and iMessage to Evade SMS Security Filters
Phishing campaigns are entering a new phase as attackers abandon traditional SMS delivery and static credential theft in favor of encrypted messaging channels and real-time account takeover techniques. Unlike conventional SMS phishing, RCS and iMessage operate over data networks with…