Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Qualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industrial Internet of Things devices…

Read more →

Google has released the Android Security Bulletin for May 2026, addressing a highly critical vulnerability that allows attackers to execute code remotely without any user interaction. Published on May 4, 2026, the latest security update focuses heavily on a severe…

Read more →

A new attribution framework is reshaping how cybersecurity analysts connect advanced persistent threat (APT) activity, moving beyond static group labels toward a dynamic, multi-layered model that reflects how modern adversaries actually operate. These profiles are built from observed tactics, techniques,…

Read more →

A deceptive website is circulating online that claims to offer an official “Notepad++ for Mac” download, and it has already misled some users and even tech media outlets into believing that Notepad++ has finally launched a native macOS version. The…

Read more →

The Apache Software Foundation has released an urgent security update for the Apache HTTP Server to patch a severe vulnerability. Tracked as CVE-2026-23918, this flaw could allow attackers to execute malicious code remotely on affected web servers, putting millions of…

Read more →

A new security finding reveals that Microsoft Edge loads every saved password into its process memory as cleartext the moment the browser launches. Even more surprising to security professionals is Microsoft’s official response to the disclosure, which states that this…

Read more →

DigiCert, a major Certificate Authority, recently suffered a significant security breach where hackers used a malicious screensaver file to steal 60 Extended Validation (EV) Code Signing certificates. These highly trusted certificates were subsequently used to sign the “Zhong Stealer” malware,…

Read more →

pnpm 11 has been released with a strong focus on reducing software supply chain risk, introducing security-first defaults that directly address modern package ecosystem threats. The most significant change in pnpm 11 is the introduction of a default Minimum Release…

Read more →

Artificial intelligence models are integrated into countless enterprise applications, but knowing exactly where these models come from remains a major security hurdle. Cisco recently launched the Model Provenance Kit, an open-source tool for tracing the exact lineage of AI models.…

Read more →

A newly discovered phishing kit called “Bluekit” is reshaping how cybercriminals run phishing campaigns by combining multiple attack stages into a single, centralized platform. Instead, Bluekit integrates these capabilities into one operator panel, streamlining the entire attack lifecycle from setup…

Read more →

Instructure, the educational technology company behind the widely used Canvas Learning Management System (LMS), has officially confirmed a major data breach. This confirmation directly follows recent claims made by the notorious threat actor group known as ShinyHunters. Canvas is a…

Read more →

A malicious npm package named “tanstack” has been discovered deploying a stealthy data exfiltration campaign, targeting developers through a deceptive naming strategy and a hidden postinstall script. The package, impersonating the well-known TanStack ecosystem, was weaponized to steal sensitive environment files immediately…

Read more →

New research has uncovered a Mirai-derived botnet called xlabs_v1 that turns Android devices with exposed Android Debug Bridge (ADB) into a distributed attack platform for knocking Minecraft servers and other game hosts offline. By abusing TCP port 5555 on poorly secured Android-based…

Read more →

In an unprecedented international law enforcement operation, authorities have dismantled at least nine overseas cryptocurrency scam centers, resulting in the arrest of 276 individuals. The coordinated effort, led by the FBI, Dubai Police, and the Chinese Ministry of Public Security,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-31431, this flaw is currently being exploited in the wild by threat actors. This active exploitation…

Read more →

The U.S. Department of Justice (DOJ) has sentenced two American cybersecurity professionals to prison for their involvement in ALPHV BlackCat ransomware attacks that targeted multiple U.S. organizations in 2023. The case highlights the growing threat of insider expertise being misused…

Read more →

The Apache MINA project has issued urgent security updates to address two severe vulnerabilities. These security flaws could allow malicious actors to execute unauthorized code remotely. The development team has successfully patched these issues in the newly released Apache MINA…

Read more →

A critical authentication bypass vulnerability in cPanel and Web Host Manager, officially tracked as CVE-2026-41940, is currently being exploited by unidentified threat actors. Security researchers at Ctrl-Alt-Intel recently uncovered an alarming campaign leveraging this vulnerability to compromise government and military…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) has raised the alarm over a critical security vulnerability affecting WebPros cPanel & WebHost Manager (WHM) and WP2 (WordPress Squared). On April 30, 2026, CISA officially added this flaw to its Known…

Read more →

A sophisticated supply chain attack hit the SAP developer ecosystem on April 29, 2026, compromising four widely-used npm packages with credential-stealing malware. The attackers modified package installation scripts to download the Bun JavaScript runtime a legitimate alternative to Node.js during…

Read more →