Microsoft has confirmed a controversial new feature coming to Teams that will automatically reveal employee work locations by detecting which Wi-Fi networks they connect to raising significant concerns about workplace surveillance and hybrid work policies. The feature, documented in Microsoft’s 365 Roadmap and Admin Centre (Message ID MC1081568), will automatically set users’ work location when […]

The post Microsoft Teams to Begin Sharing Employee Location with Employers Based on Wi-Fi Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has announced the public preview of the Windows App Development CLI (winapp), a new open-source command-line tool designed to simplify Windows application development across multiple frameworks and toolchains. The tool is now available on GitHub for developers working outside traditional Visual Studio or MSBuild environments. The winapp CLI targets developers using cross-platform frameworks including […]

The post Microsoft Open-Sources winapp, a New CLI Tool for Streamlined Windows App Development appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has confirmed that it provided BitLocker encryption recovery keys to the FBI following a valid search warrant, marking the first publicly known case of the technology giant sharing encryption keys with law enforcement. The disclosure occurred after federal investigators in Guam requested access to three encrypted laptops believed to contain evidence of fraud in […]

The post Microsoft Shared BitLocker Recovery Keys with the FBI to Unlock Encrypted Laptop Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations, leveraging SharePoint file-sharing services to bypass traditional email security controls and compromise multiple user accounts. SharePoint Abuse for Initial Access The attack began with a phishing email sent from a compromised trusted vendor’s email address, embedding SharePoint URLs that mimicked […]

The post Researchers Uncover Multi-Stage AiTM Attack Using SharePoint to Bypass Security Controls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The flaw allows remote attackers to gain root access without authentication, triggering widespread exploitation attempts across internet-exposed systems. The security flaw affects GNU InetUtils telnetd versions 1.9.3 through 2.7, with the vulnerable […]

The post Attackers Leveraging telnetd Exploit for Root Privileges After PoC Goes Public appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026, permitted the reuse of domain validation data across different ACME accounts, allowing unauthorized certificate issuance for domains that were validated by other users. The vulnerability violated the CA/Browser Forum Baseline […]

The post TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws affecting widely-used enterprise software and development tools. All vulnerabilities were added on January 22, 2026, with a standardized deadline of February 12, 2026, requiring federal agencies and critical infrastructure operators to implement patches or mitigations. […]

The post CISA Updates KEV Catalog with 4 Critical Vulnerabilities Following Ongoing Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Node.js has implemented a new quality control measure on its HackerOne bug bounty program, requiring researchers to maintain a minimum Signal reputation score of 1.0 before submitting vulnerability reports. This policy change, announced by the OpenJS Foundation, aims to reduce the growing volume of low-quality submissions that have overwhelmed the security team’s triage capacity. The […]

The post Node.js Sets New Standard for HackerOne Reports, Demands Signal of 1.0 or Higher appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over three intense days of competition, researchers successfully identified and exploited 76 unique zero-day vulnerabilities across automotive systems, claiming a combined prize pool of $1,047,000 USD. The competition crowned Tobias Scharnowski, […]

The post 76 Zero-Day Vulnerabilities Exposed at Pwn2Own Automotive 2026 by Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is launching a new security feature designed to protect Teams users from fraudulent external callers impersonating trusted organizations. The Brand Impersonation Protection for Teams Calling will roll out starting mid-February 2026, with general availability expected by late February. The new protection mechanism evaluates inbound calls from external parties to identify signs of brand impersonation […]

The post Microsoft Introduces Brand Impersonation Protection Warning for Teams Calls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GitLab has released critical security patches addressing multiple vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Versions 18.8.2, 18.7.2, and 18.6.4 are now available to fix flaws that enable two-factor authentication bypass and denial-of-service attacks. GitLab strongly recommends that all self-managed installations upgrade immediately, while GitLab.com has already deployed the patches. Critical Authentication […]

The post GitLab Security Flaws Could Allow Two-Factor Authentication Bypass and DoS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significant risks to development and graphics analysis workflows. Vulnerability Overview The flaw exists in NVIDIA NSIGHT Graphics across all Linux versions prior to […]

The post NVIDIA Nsight Graphics on Linux Exposed to Code Execution Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical command injection vulnerability in Zoom Node Multimedia Routers (MMRs) has been disclosed, potentially allowing meeting participants to execute arbitrary code on vulnerable systems. The flaw affects Zoom Node Meetings Hybrid and Meeting Connector deployments, requiring immediate patching across enterprise environments. Vulnerability Overview Zoom Offensive Security identified a command injection flaw in Zoom Node […]

The post Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical authentication bypass vulnerability in GNU InetUtils’ telnetd server allows remote attackers to gain root access without credentials by exploiting improper parameter sanitization. GNU InetUtils versions 1.9.3 through 2.7 contain a high-severity authentication bypass vulnerability in the telnetd server that enables unauthenticated remote attackers to achieve full system compromise. The flaw stems from insufficient […]

The post GNU InetUtils Vulnerability Exploited via “-f root” to Achieve Full System Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has released Chrome version 144.0.7559.96/.97 to the stable channel across Windows, Mac, and Linux platforms, addressing a critical race condition vulnerability in the V8 JavaScript engine. The update is rolling out gradually to users over the coming days and weeks. Security Update Details The latest stable release patches one significant security vulnerability tracked as […]

The post Chrome 144 Released to Fix High-Severity V8 JavaScript Engine Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical architectural weakness in Azure’s Private Endpoint deployments could allow both accidental and intentional denial of service (DoS) attacks against cloud resources. The vulnerability stems from how Azure’s Private DNS zone resolution interacts with hybrid networking configurations, potentially affecting over 5% of Azure storage accounts and multiple critical services. The Core Vulnerability The issue […]

The post Azure Private Endpoint Deployments Expose Cloud Resources to DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive corporate and customer data. The threat actors posted breach details on their dark web leak site on January 20, 2026, threatening public release if McDonald’s fails to respond within their specified deadline. Scope of Alleged […]

The post Everest Ransomware Group Allegedly Claims Breach of McDonald’s India Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Indian music streaming platform Raaga has become the latest victim of a significant cybersecurity incident after sensitive user data was posted for sale on a popular hacking forum in December 2025.   The breach has exposed personal information from over 10 million users, raising serious concerns about account security and the risk of identity theft.   The compromised database contains approximately […]

The post Raaga Confirms Major Data Breach Exposing Personal Information of 10.2Million Users  appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Apache Airflow has patched two separate credential-exposure vulnerabilities in versions before 3.1.6.   The flaws could allow attackers to extract sensitive authentication data embedded in proxy configurations and templated workflow fields through log files and the web UI, potentially compromising network infrastructure and sensitive data pipelines.  The first vulnerability affects Apache Airflow versions before 3.1.6 and stems from […]

The post Apache Airflow Flaws Expose Sensitive Workflow Data to Potential Attackers  appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The OPNsense team has started the new year with the release of version 25.7.11, bringing a notable networking enhancement: a native host discovery service that deepens visibility into connected devices and tightens policy control across the firewall.  Native host discovery improves network visibility. The headline feature in 25.7.11 is the new host discovery service, built on the hostwatch component.  It automatically […]

The post OPNsense 25.7.11 Enhances Network Visibility With Host Discovery Feature appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.