Microsoft has disclosed two new zero-day vulnerabilities in Microsoft Defender that are actively being exploited in the wild, raising concerns among security professionals and enterprise users. The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, were officially released on May 19, 2026,…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Google Chrome Security Flaws Could Let Attackers Execute Code Remotely
Google has released a critical security update for its Chrome browser, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 148.0.7778.178/179 for Windows…
Fake Microsoft Teams Downloads Spread ValleyRAT Malware
Hackers are actively distributing a sophisticated ValleyRAT malware variant through fake Microsoft Teams download pages, leveraging social engineering and multi-stage execution techniques to evade detection. The campaign, first observed in mid-April on the X platform, uses fraudulent domains such as…
TamperedChef Malware Hides in Signed Apps to Drop Stealers and RATs
A large-scale malware campaign dubbed “TamperedChef” is leveraging trojanized productivity applications such as PDF editors, calendar tools, and file converters to silently deploy information stealers and remote access trojans (RATs), according to recent threat intelligence findings. Security researchers have identified…
Fake Invitation Phishing Campaign Steals Credentials From U.S. Organizations
A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception, and remote access tool abuse into a single attack chain. The campaign stands out due to its repeatable phishing framework, which allows…
Critical Vulnerability in Cisco Secure Workload Threatens Enterprise API Security
Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain high-level administrative access to sensitive enterprise environments. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.0 and is…
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, the latest stable…
Indian Student Data Weaponized in Phishing and Financial Fraud Campaigns
A growing trend in India where student data is increasingly being exploited for cybercrime activities, including phishing, impersonation, social engineering, and financial fraud. As educational institutions rapidly adopt digital platforms for admissions, fee payments, examinations, and communication, the volume of…
Critical Drupal Vulnerability Could Leave Sites Open to Cyberattack
The Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers…
Nine-Year-Old Kernel Flaw Puts Linux SSH Private Keys at Risk
A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, poses a serious risk to SSH private keys and other sensitive credentials. The flaw, present in the kernel since 2016, allows a local attacker to escalate from a basic shell account…
Mini Shai-Hulud Hits @antv npm Packages, Targets CI/CD Secrets
An Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonstrates how…
P2PInfect Botnet Targets Kubernetes via Exposed Redis
A persistent P2Pinfect botnet campaign targeting Google Kubernetes Engine (GKE) clusters through exposed Redis instances, highlighting how a single cloud misconfiguration can enable long-term compromise. In several investigated environments, attackers maintained access for up to six months, with consistent botnet…
PoC Released for PinTheft Linux Flaw Enabling Root Privilege Escalation
A public proof-of-concept (PoC) exploit called “PinTheft” has been released for a newly disclosed Linux kernel flaw that allows local attackers to escalate privileges to root on certain systems. PinTheft is a Linux local privilege escalation (LPE) exploit that targets…
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.pdb” strings,…
Two U.S. Executives Plead Guilty in India-Based Tech Support Fraud Schemes
Two U.S.-based business executives have pleaded guilty to their roles in enabling large-scale tech-support fraud operations linked to call centers in India, according to the U.S. Department of Justice. Adam Young, 42, former CEO of a telecommunications services company based…
WantToCry Ransomware Exploits SMB to Encrypt Remote Files
A new ransomware campaign named “WantToCry” that leverages exposed Server Message Block (SMB) services to gain access and encrypt victim data without deploying traditional malware on compromised systems. This approach significantly reduces the detection surface, making it harder for conventional…
Claude Code Sandbox Flaw May Compromise User Secrets
A newly disclosed security flaw in Anthropic’s Claude Code platform has exposed a critical weakness in its network sandbox, potentially allowing attackers to bypass restrictions and exfiltrate sensitive data. The issue, identified by security researcher Aonan Guan, marks the second…
New GhostTree Attack Causes EDR Tools to Hang, Leaving Files Unscanned
A newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detection and response (EDR) tools and bypass file scanning mechanisms on Windows systems. The technique, discovered by Varonis Threat Labs, abuses NTFS…
Grafana GitHub Security Incident Reportedly Connected to TanStack npm Ransomware
Grafana Labs has disclosed a targeted GitHub security incident linked to the ongoing TanStack npm supply chain ransomware campaign, raising concerns about software development pipeline security and token management practices. The company confirmed that attackers gained unauthorized access to its…
Critical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious Images
A newly disclosed vulnerability in ExifTool, tracked as CVE-2026-3102, exposes macOS systems to command execution attacks through malicious image metadata, highlighting ongoing risks in widely used file processing tools. ExifTool is a popular utility used across media workflows to read…