Day Two of Pwn2Own Automotive 2026 kicked off with high intensity, as security researchers targeted automotive infotainment systems, EV chargers, and gateways. Building on Day One’s momentum, teams demonstrated 37 unique zero-day vulnerabilities, earning over $516,500 in bounties. The Zero Day Initiative (ZDI) event highlights critical flaws in vehicle tech, from command injections to buffer […]

The post Pwn2Own Automotive 2026: Researchers Score $516,500 For 37 Unique Zero-Days appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Akamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets remote attackers inject and run arbitrary code as root without authentication. Researchers used AI-driven reverse engineering to find it, confirming impact on dozens of older camera models. This boosts botnet […]

The post Critical Vivotek Flaw Enables Remote Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on January 20, 2026, the update addresses four flaws in Nsight Systems and related tools, all tied to the CUDA Toolkit ecosystem. Attackers could exploit these via malicious inputs during manual […]

The post NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that malformed BRID or HHIT records in DNS queries can trigger an unexpected termination of the named process. Attackers need no authentication to exploit this, making it a high-risk issue for […]

The post BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to its Known Exploited Vulnerabilities (KEV) catalog. Added on January 21, 2026, this flaw affects multiple Cisco Unified Communications products, including Unified CM, Unified CM Session Management Edition (SME), Unified CM IM & Presence Service, Cisco […]

The post Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across industries, averaging 700,000 PyPI downloads monthly. The flaws CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (SSRF) enable attackers to steal API keys, sensitive files, and cloud credentials without user interaction. Zafran […]

The post Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20, 2026, assigning it CVE-2026-1245. The flaw affects versions before 2.3.0 and stems from unsafe dynamic code generation. Developers using untrusted input for parser definitions face severe risks, including full process […]

The post Node.js binary-parser Library Flaw Enables Malicious Code Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors actively exploit critical Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO authentication on firewalls and proxies. These flaws allow unauthenticated attackers to craft malicious SAML messages, gaining admin access on internet-exposed devices. Fortinet disclosed them on December 9, 2025, with CVSS scores of 9.8, and CISA added CVE-2025-59718 to its Known Exploited […]

The post Active Exploitation Of Fortinet SSO Flaw Targets Firewalls For Admin Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cisco has warned customers of a critical zero-day vulnerability affecting several of its Unified Communications products, including Cisco Unified Communications Manager (Unified CM), Unified Communications Manager Session Management Edition (Unified CM SME), Unified Communications Manager IM & Presence Service (IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance. Tracked as CVE-2026-20045, the vulnerability carries […]

The post Cisco Unified Communications Zero-Day RCE Flaw Actively Exploited For Root Shell Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Promptware Kill Chain is a new five-step model that explains how attacks against AI systems powered by large language models (LLMs) behave more like full malware campaigns than one-off “prompt injection” tricks. It treats malicious prompts and poisoned content as a distinct type of malware, called promptware, and maps how these attacks move from initial access […]

The post Promptware Kill Chain – Five-step Kill Chain Model For Analyzing Cyberthreats appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed critical vulnerability in Cal.com, an open-source scheduling and booking platform, could allow attackers to bypass authentication and gain full access to any user account. The flaw, identified by GitHub researcher pedroccastro and tracked as GHSA-7hg4-x4pr-3hrg, affects Cal.com versions 3.1.6 through 6.0.6. The issue has been patched in version 6.0.7, with hosted Cal.com instances reportedly secured immediately after discovery. Authentication […]

The post Critical Cal.com Vulnerability Let Attackers Bypass Authentication and Hijack Any User Account appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has published details of CVE-2026-20824 as a security feature bypass vulnerability in Windows Remote Assistance, assigning it an “Important” severity rating with a CVSS v3.1 base score of 5.5 (temporal 4.8). The issue is categorized under CWE-693 (Protection Mechanism Failure), meaning core defensive checks do not work as intended under specific conditions.​ The flaw is local […]

The post Windows Remote Assistance Vulnerability Allow attacker To bypass Security Features appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft, in collaboration with U.S. and U.K. authorities, has announced a major international operation that dismantled RedVDS, a cybercrime‑as‑a‑service platform linked to large‑scale business email compromise (BEC) and AI‑powered fraud schemes. The joint action supported by German authorities and Europol has seized key domains and servers running the RedVDS marketplace, cutting off criminals’ access to […]

The post Microsoft and Authorities Dismatles BEC Attack Chain Powered By RedVDS Fraud Engine appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Palo Alto Networks has released security updates to address a high‑severity denial-of-service (DoS) vulnerability in PAN-OS that could allow unauthenticated attackers to repeatedly crash firewalls configured with GlobalProtect, forcing them into maintenance mode and disrupting network availability. The flaw, tracked as CVE-2026-0227, carries a CVSS Base score of 8.7 and affects both on‑premises PAN-OS next-generation […]

The post Palo Alto Networks Firewall Vulnerability Allows Attackers To Trigger Denial Of Service appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

HPE has released security patches for multiple high-severity vulnerabilities in HPE Networking Instant On devices that could expose internal VLAN configuration data and allow remote attackers to disrupt wireless networks or gain unauthorized insight into sensitive network information. The flaws affect Instant On access points and 1930 switches running software version 3.3.1.0 and below, with […]

The post HPE Aruba Vulnerabilities Enables Unauthorized Access To Sensitive Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chinese infrastructure is currently hosting more than 18,000 active command‑and‑control (C2) servers across 48 providers, with activity heavily concentrated on a handful of major telecom and cloud networks in China. This dense clustering of malware, phishing, and APT tooling on shared infrastructure shows why host‑centric telemetry is becoming critical for threat hunting, as indicator‑based approaches […]

The post Chinese Hackers Control 18,000 Active Servers Across 48 Hosting Providers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.