A severe vulnerability in nginx-ui, a widely used open-source web interface for managing Nginx servers, is currently being actively exploited in the wild. Tracked as CVE-2026-33032 with a maximum CVSS base score of 9.8, this critical flaw allows remote attackers…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Russian Hosting Tied to 1,250+ C2 Servers Across 165 Providers
More than 1,250 C2 servers were identified across 165 Russian infrastructure providers within the past 3 months. Infrastructure analytics and ISP mapping are exposing the hidden backbone of cyber threats operating inside Russian networks. By looking beyond single IPs or…
Critical Chrome Flaws Allow Arbitrary Code Execution – Patch Immediately
Google has released an urgent security update for its Chrome web browser to address 31 vulnerabilities, including five rated as critical. The stable channel has been updated to version 147.0.7727.101/102 for Windows and Mac, and 147.0.7727.101 for Linux. This update…
AI Content Hijacks Google Discover to Deliver Malicious Alerts
A new large-scale cyber operation is exploiting Google’s Discovery feed to spread malicious notifications and scams through AI-generated content. Pushpaganda begins with threat actors creating around 113 fake domains filled with AI-written articles and clickbait headlines. These posts are crafted…
Splunk Enterprise and Cloud Platform Exposed to Dangerous RCE Vulnerability
Splunk has disclosed a high-severity vulnerability affecting both its Enterprise and Cloud Platform environments. Tracked as CVE-2026-20204, this flaw allows attackers to execute arbitrary code remotely. With a CVSS score of 7.1, the vulnerability requires immediate attention from system administrators…
MuddyWater-Style Hackers Probe 12,000+ Systems Ahead of Middle East
A threat group resembling MuddyWater has conducted a large-scale reconnaissance and intrusion operation targeting critical sectors in the Middle East, including aviation, energy, and government entities. The attackers reportedly scanned over 12,000 internet-facing systems before launching selective exploitation attempts that led to the confirmed theft…
Google, Microsoft, Meta Accused of Tracking Users Even After Privacy Opt-Out
A recent independent audit conducted by privacy technology firm webXray has revealed that major technology companies, including Google, Microsoft, and Meta, are actively tracking users who have explicitly opted out of data sharing. The findings suggest widespread, industrial-scale non-compliance with…
Top 10 Best Application Security Testing Companies in 2026
In the rapidly evolving digital landscape of 2026, applications are the backbone of every enterprise. From customer-facing web portals and mobile apps to intricate internal systems and APIs, software drives business operations, innovation, and customer engagement. However, this ubiquity also…
Top 10 Best API Security Providers Protecting Web Apps in 2026
In the intricate tapestry of the modern digital world, Application Programming Interfaces (APIs) are the invisible threads that connect everything. They power mobile applications, enable seamless third-party integrations, facilitate microservices communication, and drive the functionality of countless web applications. From…
Google Uses Rust-Based Firmware in Pixel 10 Modem to Improve Memory Safety
Google has officially integrated the memory-safe Rust programming language into the cellular baseband firmware of its Pixel 10 smartphones. According to a detailed technical breakdown published on the Google Online Security Blog on April 10, 2026, the engineering team has…
Hackers Abuse Google Cloud Storage to Slip Remcos RAT Past Email Filters
Hackers are exploiting Google Cloud Storage to bypass email and web filters and deliver Remcos RAT through convincing Google Drive–themed phishing campaigns that blend social engineering with fileless, multi‑stage execution chains. Phishing emails link to Google Cloud Storage buckets named…
Trusted WordPress Plugins Hijacked in 8-Month Stealth Backdoor Campaign
Hackers secretly planted a remote code-execution backdoor in more than 30 popular WordPress plugins, leaving it dormant for about 8 months before activating malware that rewrote wp-config.php and injected cloaked SEO spam at scale. The incident centers on “Essential Plugin,”…
Windows Active Directory Flaw Opens Door to Malicious Code Execution
Microsoft disclosed a critical security vulnerability within Windows Active Directory that exposes enterprise networks to severe risks. Tracked officially as CVE-2026-33826, this vulnerability allows authenticated attackers to execute malicious code remotely over an adjacent network. Given its critical classification, network…
Hackers Exploit Hidden Microsoft 365 Mailbox Rules to Steal Sensitive Business Emails
Attackers are quietly abusing Microsoft 365 mailbox rules to steal emails, hide alerts, and maintain long-term access without installing malware. These stealthy tactics are increasingly common in business email compromise (BEC) campaigns targeting enterprise users worldwide. After gaining initial access…
Microsoft Rolls Out KB5083769 Update for Windows 11 24H2 and 25H2
Microsoft has released KB5083769, the April 14, 2026 cumulative security update for Windows 11 versions 24H2 and 25H2, moving the operating system to builds 26100.8246 and 26200.8246 respectively. The update bundles the latest security fixes with quality improvements that were…
Agentic LLM Browsers Open New Front in Prompt Injection, Data Theft
Agentic LLM browsers are turning everyday browsing into automated, AI-driven workflows but they also expose a powerful new attack surface for prompt injection and data theft. By letting an AI “drive” the browser with your full session, cookies, and permissions,…
FUNNULL Scam Network Resurfaces With 175+ Rotating Domains Worldwide
FUNNULL-Linked Triad Nexus has quietly rebuilt its scam infrastructure, now rotating through more than 175 CNAME domains to keep a sprawling global fraud and brand‑impersonation network online. Following U.S. Treasury sanctions in May 2025 against FUNNULL Technology Inc., a core…
Microsoft Warns of Actively Exploited SharePoint Server Zero-Day
Microsoft issued an urgent security update addressing an actively exploited zero-day vulnerability in its SharePoint Server platform. The flaw, officially tracked as CVE-2026-32201, allows unauthenticated attackers to conduct network-based spoofing attacks. Because threat actors are already exploiting this weakness in…
Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions
Ivanti has issued a security advisory detailing two medium-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) platform. If left unpatched, these security flaws could allow remote authenticated attackers to compromise user sessions and maintain unauthorized access to corporate…
OpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware Analysis
OpenAI has officially launched GPT-5.4-Cyber, a specialized variant of its latest artificial intelligence model explicitly fine-tuned for defensive cybersecurity. Alongside this release, the organization is significantly scaling its Trusted Access for Cyber (TAC) program, providing verified security professionals with advanced…