An analysis of the Gentlemen ransomware-as-a-service (RaaS) operation has revealed a sophisticated, centralized approach to neutralizing endpoint detection and response (EDR) solutions. This unified defense evasion framework sets the group apart in an increasingly crowded ransomware landscape, significantly lowering the…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
AutoJack Exploit Chain Hits Microsoft AutoGen Studio With Zero-Click RCE Attack
A critical exploit chain dubbed AutoJack that allows a single malicious web page to hijack Microsoft’s AutoGen Studio browsing agent and silently execute arbitrary code on the host machine, requiring no user interaction beyond submitting a URL. AutoJack targets AutoGen Studio, Microsoft Research’s…
Critical Chrome Extension Vulnerabilities Let Attackers Easily Compromise Browsers
A critical security flaws in widely used Chrome extensions, exposing millions of users to the risk of full browser compromise. The vulnerabilities, named “MaXSS” and “Spyder,” affect popular AI-powered extensions SiderAI and MaxAI, which together have more than 10 million…
Critical WordPress Plugin Bug Could Allow File Deletion Attacks on 1 Million Sites
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attackers to delete arbitrary files and potentially compromise entire websites across more than one million installations. Identified as CVE-2026-8713…
UEFI DBX Update Guidance Targets Vulnerable Vendor-Signed Boot Applications
A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Forbidden Signature Database (DBX). This issue, tracked as VU#457458 and published by CERT/CC on June 18, 2026, reveals a…
SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack
A supply-chain style compromise in the Okendo Reviews widget that enabled the SmartApeSG threat actor to deliver staged JavaScript loaders across a wide e-commerce surface. Okendo’s client-facing review widget is deployed by more than 18,000 brands and commonly appears on…
CISA Issues Alert on Critical Splunk Enterprise Bug Under Active Exploitation
CISA has issued an urgent alert regarding a critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, which is now listed in the Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation. The flaw, categorized under CWE-306 (Missing Authentication for…
HazyBeacon Abuses AWS Lambda Function URLs for Stealthy Command-and-Control Operations
HazyBeacon is a stealthy cloud-native malware campaign identified as CL-STA-1020. It is exploiting Amazon Web Services (AWS) Lambda Function URLs to create covert command-and-control (C2) channels, marking a significant evolution in attacker tactics. According to recent Qualys research, the campaign…
Node.js Releases Security Updates for 12 Vulnerabilities, Two Rated High Severity
Node.js has announced critical security updates that address 12 vulnerabilities across its supported release lines. Among these, two high-severity flaws could lead to denial-of-service (DoS) conditions and authentication bypass. These updates, released on June 18, 2026, affect Node.js versions 22.x,…
INC Ransomware Uses Double Extortion and Printer Ransom Notes to Pressure Victims
INC has matured from an emerging RaaS operation into one of 2026’s most active ransomware families, claiming more than 800 victims since 2023 and capitalizing on disruption among competitors to expand its affiliate base. The group’s recent campaigns demonstrate both…
Showboat Malware Uses Pastebin-Hosted C Code to Enable Linux Process Hiding
A previously undocumented, modular Linux post‑exploitation framework that demonstrates sophisticated stealth techniques most notably fetching and compiling C code hosted on Pastebin to hide processes at runtime. Active since mid‑2022 and aimed at AMD x86‑64 Linux hosts, Showboat remained undetected…
New Crypto Clipper Uses Windows Script Host and ActiveXObject for Remote Code Execution
A novel Windows-based cryptocurrency clipper that has been active since February 2026 and leverages Windows Script Host (WScript) and ActiveXObject calls to achieve remote code execution and persistent, high-frequency data theft. The campaign stands out because it avoids traditional installers…
iPhone BootROM Vulnerability Opens Door to Full Apple SoC Trust Chain Compromise
A recently disclosed iPhone BootROM vulnerability, dubbed “usbliter8,” highlights a significant flaw in Apple’s SecureROM implementation. This vulnerability allows attackers to compromise the entire trust chain of the Application Processor (AP) on affected devices. Research published by Paradigm Shift on…
Hackers Exploit Klue Integration to Steal Salesforce CRM Data Using OAuth Tokens
Hackers are actively exploiting a compromised Klue Battlecards integration to extract sensitive Salesforce CRM data by abusing OAuth tokens, according to new research published by ReliaQuest on June 17, 2026. This campaign highlights a growing trend in which attackers use…
Authorities Seize 106 Servers and 101 Domains in Major SocGholish Malware Takedown
International law enforcement agencies have successfully seized 106 servers and 101 domains as part of a coordinated global effort against the SocGholish malware infrastructure, marking a major milestone in Operation Endgame. Announced on June 18, 2026, from The Hague, this…
State Digital Surveillance Puts Foreign Travelers and Businesses at Risk Across 31 Countries
A new state-surveillance assessment finds that foreign travelers and business staff face high or very high digital risk in 31 countries, where governments increasingly use telecom interception, spyware, AI-enabled monitoring, and data aggregation with little meaningful oversight. The concern is…
F5 Patches NGINX Vulnerability Enabling Code Execution and DoS Attacks
F5 has released an out-of-band security notification addressing multiple high‑severity vulnerabilities in NGINX components that can enable remote code execution (RCE) and denial‑of‑service (DoS) attacks in certain configurations, urging customers to patch or upgrade affected deployments immediately. On June 17,…
Dropping Elephant Hackers Use China-Themed Loader Chain to Deploy In-Memory RAT
A sophisticated malvertising and social-engineering campaign that pivoted from weaponized GitLab Pages to abusing claude.ai’s shared chat feature, enabling operators to deliver an in-memory remote-access trojan (RAT) via a China-themed loader chain. Across seven weeks (April 8–June 14, 2026) investigators…
AWS Launches Continuum to Detect and Fix Code Vulnerabilities at Machine Speed
AWS has introduced “Continuum,” a new security capability designed to detect, validate, and remediate code vulnerabilities at machine speed, signaling a shift away from traditional telemetry-heavy security models toward automated, context-driven remediation. Announced on June 17, 2026, in a gated…
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data
Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, including API keys and authentication tokens. The vulnerability, tracked as CVE-2026-4020 with a CVSS score of 5.3, affects…