The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The flaw allows remote attackers to gain root access without authentication, triggering widespread exploitation attempts across internet-exposed systems. The security flaw affects GNU InetUtils telnetd versions 1.9.3 through 2.7, with the vulnerable […]

The post Attackers Leveraging telnetd Exploit for Root Privileges After PoC Goes Public appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026, permitted the reuse of domain validation data across different ACME accounts, allowing unauthorized certificate issuance for domains that were validated by other users. The vulnerability violated the CA/Browser Forum Baseline […]

The post TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over three intense days of competition, researchers successfully identified and exploited 76 unique zero-day vulnerabilities across automotive systems, claiming a combined prize pool of $1,047,000 USD. The competition crowned Tobias Scharnowski, […]

The post 76 Zero-Day Vulnerabilities Exposed at Pwn2Own Automotive 2026 by Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Akamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets remote attackers inject and run arbitrary code as root without authentication. Researchers used AI-driven reverse engineering to find it, confirming impact on dozens of older camera models. This boosts botnet […]

The post Critical Vivotek Flaw Enables Remote Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on January 20, 2026, the update addresses four flaws in Nsight Systems and related tools, all tied to the CUDA Toolkit ecosystem. Attackers could exploit these via malicious inputs during manual […]

The post NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that malformed BRID or HHIT records in DNS queries can trigger an unexpected termination of the named process. Attackers need no authentication to exploit this, making it a high-risk issue for […]

The post BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across industries, averaging 700,000 PyPI downloads monthly. The flaws CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (SSRF) enable attackers to steal API keys, sensitive files, and cloud credentials without user interaction. Zafran […]

The post Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20, 2026, assigning it CVE-2026-1245. The flaw affects versions before 2.3.0 and stems from unsafe dynamic code generation. Developers using untrusted input for parser definitions face severe risks, including full process […]

The post Node.js binary-parser Library Flaw Enables Malicious Code Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GitLab has released critical security patches addressing multiple vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Versions 18.8.2, 18.7.2, and 18.6.4 are now available to fix flaws that enable two-factor authentication bypass and denial-of-service attacks. GitLab strongly recommends that all self-managed installations upgrade immediately, while GitLab.com has already deployed the patches. Critical Authentication […]

The post GitLab Security Flaws Could Allow Two-Factor Authentication Bypass and DoS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significant risks to development and graphics analysis workflows. Vulnerability Overview The flaw exists in NVIDIA NSIGHT Graphics across all Linux versions prior to […]

The post NVIDIA Nsight Graphics on Linux Exposed to Code Execution Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical command injection vulnerability in Zoom Node Multimedia Routers (MMRs) has been disclosed, potentially allowing meeting participants to execute arbitrary code on vulnerable systems. The flaw affects Zoom Node Meetings Hybrid and Meeting Connector deployments, requiring immediate patching across enterprise environments. Vulnerability Overview Zoom Offensive Security identified a command injection flaw in Zoom Node […]

The post Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical authentication bypass vulnerability in GNU InetUtils’ telnetd server allows remote attackers to gain root access without credentials by exploiting improper parameter sanitization. GNU InetUtils versions 1.9.3 through 2.7 contain a high-severity authentication bypass vulnerability in the telnetd server that enables unauthenticated remote attackers to achieve full system compromise. The flaw stems from insufficient […]

The post GNU InetUtils Vulnerability Exploited via “-f root” to Achieve Full System Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has released Chrome version 144.0.7559.96/.97 to the stable channel across Windows, Mac, and Linux platforms, addressing a critical race condition vulnerability in the V8 JavaScript engine. The update is rolling out gradually to users over the coming days and weeks. Security Update Details The latest stable release patches one significant security vulnerability tracked as […]

The post Chrome 144 Released to Fix High-Severity V8 JavaScript Engine Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Apache Airflow has patched two separate credential-exposure vulnerabilities in versions before 3.1.6.   The flaws could allow attackers to extract sensitive authentication data embedded in proxy configurations and templated workflow fields through log files and the web UI, potentially compromising network infrastructure and sensitive data pipelines.  The first vulnerability affects Apache Airflow versions before 3.1.6 and stems from […]

The post Apache Airflow Flaws Expose Sensitive Workflow Data to Potential Attackers  appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

An open-source Android application designed to identify and test devices vulnerable to CVE-2025-36911, a critical authentication bypass flaw in Google’s Fast Pair Bluetooth protocol. The vulnerability, commonly referred to as WhisperPair, affects millions of Bluetooth audio devices worldwide, enabling unauthorised pairing and potentially granting access to microphoneswithout user consent. CVE-2025-36911 represents a significant cryptographic weakness […]

The post WPair Scanner Released to Detect WhisperPair Flaw in Google’s Fast Pair Protocol appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TP-Link has disclosed a high-severity authentication bypass vulnerability affecting its VIGI security camera lineup, allowing attackers on local networks to reset administrator passwords without verification.   The flaw lies in the password recovery feature of the local web interface, which is exploited via client-side state manipulation.  The vulnerability (CVE-2026-0629) enables threat actors positioned on the same local area network (LAN) to gain […]

The post TP-Link Router Flaw Enables Authentication Bypass Through Password Recovery Mechanism  appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google’s Fast Pair technology has revolutionised Bluetooth connectivity, enabling seamless one-tap pairing across supported accessories and account synchronisation for millions of users.  However, a critical vulnerability discovered in flagship audio accessories threatens the security of hundreds of millions of devices.  Attribute  Details  Vulnerability Name  WhisperPair – Unauthorized Device Pairing Without User Consent  CVE Identifier  CVE-2025-36911  Severity Rating  Critical  […]

The post WhisperPair Vulnerability Allows Attackers to Pair Devices Without User Consent  appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AVEVA has disclosed seven critical and high-severity vulnerabilities in its Process Optimization software (formerly ROMeo) that could enable attackers to execute remote code with SYSTEM privileges and completely compromise industrial control systems. The security bulletin, published on January 13, 2026, affects AVEVA Process Optimization version 2024.1 and all prior versions. The most severe vulnerability, tracked […]

The post Critical AVEVA Software Flaws Allow Remote Code Execution With SYSTEM Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A harmless-looking Google Calendar invite has revealed a new frontier in the exploitation of artificial intelligence (AI).  Security researchers at Miggo discovered a vulnerability in Google Gemini’s integration with Google Calendar that allowed attackers to bypass privacy controls and exfiltrate sensitive meeting data without any user interaction.   Gemini, Google’s AI assistant, interacts with Calendar to help users […]

The post Google Gemini Flaw Allows Access to Private Meeting Details Through Calendar Events appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers from FearsOff discovered on October 9, 2025, that requests targeting a specific certificate-validation path could completely circumvent customer-configured WAF rules designed to block unauthorized traffic. The Hidden Backdoor in Certificate Validation […]

The post Cloudflare Zero-Day Flaw Allows Attackers to Bypass Security and Access Any Host appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.