Microsoft has confirmed a controversial new feature coming to Teams that will automatically reveal employee work locations by detecting which Wi-Fi networks they connect to raising significant concerns about workplace surveillance and hybrid work policies. The feature, documented in Microsoft’s 365 Roadmap and Admin Centre (Message ID MC1081568), will automatically set users’ work location when […]

The post Microsoft Teams to Begin Sharing Employee Location with Employers Based on Wi-Fi Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The flaw allows remote attackers to gain root access without authentication, triggering widespread exploitation attempts across internet-exposed systems. The security flaw affects GNU InetUtils telnetd versions 1.9.3 through 2.7, with the vulnerable […]

The post Attackers Leveraging telnetd Exploit for Root Privileges After PoC Goes Public appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities CVE-2025-59718 and CVE-2025-59719 discovered during internal code audits in December 2025, with exploitation attempts now documented in customer environments. The vulnerabilities stem from improper verification of cryptographic signatures in FortiCloud […]

The post Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026, permitted the reuse of domain validation data across different ACME accounts, allowing unauthorized certificate issuance for domains that were validated by other users. The vulnerability violated the CA/Browser Forum Baseline […]

The post TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations. The vulnerability, tracked as CVE-2026-0920 with a CVSS severity rating of 9.8 (Critical), enables unauthenticated attackers to create administrator accounts and achieve complete site compromise. The function fails to properly restrict […]

The post 20,000 WordPress Sites Compromised by Backdoor Vulnerability Enabling Malicious Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over three intense days of competition, researchers successfully identified and exploited 76 unique zero-day vulnerabilities across automotive systems, claiming a combined prize pool of $1,047,000 USD. The competition crowned Tobias Scharnowski, […]

The post 76 Zero-Day Vulnerabilities Exposed at Pwn2Own Automotive 2026 by Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ShinyHunters claim more data breaches and leaks are coming soon!

Pwn2Own participants disclosed a total of 76 vulnerabilities during the three-day event. 

The post Infotainment, EV Charger Exploits Earn Hackers $1M at Pwn2Own Automotive 2026 appeared first on SecurityWeek.

That LinkedIn message pretending to be job offer could just be malwre.

Akamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets remote attackers inject and run arbitrary code as root without authentication. Researchers used AI-driven reverse engineering to find it, confirming impact on dozens of older camera models. This boosts botnet […]

The post Critical Vivotek Flaw Enables Remote Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on January 20, 2026, the update addresses four flaws in Nsight Systems and related tools, all tied to the CUDA Toolkit ecosystem. Attackers could exploit these via malicious inputs during manual […]

The post NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that malformed BRID or HHIT records in DNS queries can trigger an unexpected termination of the named process. Attackers need no authentication to exploit this, making it a high-risk issue for […]

The post BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across industries, averaging 700,000 PyPI downloads monthly. The flaws CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (SSRF) enable attackers to steal API keys, sensitive files, and cloud credentials without user interaction. Zafran […]

The post Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20, 2026, assigning it CVE-2026-1245. The flaw affects versions before 2.3.0 and stems from unsafe dynamic code generation. Developers using untrusted input for parser definitions face severe risks, including full process […]

The post Node.js binary-parser Library Flaw Enables Malicious Code Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The startup will use the new funding to accelerate product development and deepen remediation capabilities.

The post Furl Raises $10 Million for Autonomous Vulnerability Remediation appeared first on SecurityWeek.

Fixes were rolled out for over two dozen vulnerabilities, including critical- and high-severity bugs.

The post Atlassian, GitLab, Zoom Release Security Patches appeared first on SecurityWeek.

Threat actors actively exploit critical Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO authentication on firewalls and proxies. These flaws allow unauthenticated attackers to craft malicious SAML messages, gaining admin access on internet-exposed devices. Fortinet disclosed them on December 9, 2025, with CVSS scores of 9.8, and CISA added CVE-2025-59718 to its Known Exploited […]

The post Active Exploitation Of Fortinet SSO Flaw Targets Firewalls For Admin Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cisco has released patches for CVE-2026-20045, a critical vulnerability that can be exploited for unauthenticated remote code execution.

The post Hackers Targeting Cisco Unified CM Zero-Day  appeared first on SecurityWeek.

GitLab has released critical security patches addressing multiple vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Versions 18.8.2, 18.7.2, and 18.6.4 are now available to fix flaws that enable two-factor authentication bypass and denial-of-service attacks. GitLab strongly recommends that all self-managed installations upgrade immediately, while GitLab.com has already deployed the patches. Critical Authentication […]

The post GitLab Security Flaws Could Allow Two-Factor Authentication Bypass and DoS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significant risks to development and graphics analysis workflows. Vulnerability Overview The flaw exists in NVIDIA NSIGHT Graphics across all Linux versions prior to […]

The post NVIDIA Nsight Graphics on Linux Exposed to Code Execution Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.