The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities through industrial espionage. The targeted organizations include a metal engineering firm, an aircraft component manufacturer, […]

The post Lazarus Hackers Target European Drone Manufacturers in Active Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the internet. The vulnerability allows unauthenticated attackers to execute arbitrary commands on affected systems running vulnerable versions of the telnetd service. Vulnerability Overview CVE-2026-24061 […]

The post PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A server-side vulnerability in Instagram that allegedly allowed completely unauthenticated access to private account posts. This raises concerns about Meta’s vulnerability disclosure handling and the effectiveness of compensatory controls protecting user privacy. Technical Overview According to the disclosure, the vulnerability existed in Instagram’s mobile web interface and required no authentication or follower relationship to exploit. […]

The post Instagram Investigates Reported Vulnerability Allowing Access to Private Content appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dangerous new malware toolkit is being sold on Russian cybercrime forums that can redirect victims to fake websites while keeping the real domain name visible in their browser’s address bar. The toolkit, called Stanley, costs between $2,000 and $6,000 and comes with a guarantee that it will pass Google’s Chrome Web Store review process. […]

The post New Malware Toolkit Redirects Victims to Malicious Sites Without Changing the URL appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dangerous new iteration of the “Contagious Interview” campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants.  North Korean threat actors linked to […]

The post New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Two critical 0-day vulnerabilities in NetSupport Manager that, when chained, allow unauthenticated remote code execution (RCE). The vulnerabilities were discovered during routine security assessments of operational technology (OT) environments and affect version 14.10.4.0 and earlier, with fixes implemented in version 14.12.0000 released on July 29th, 2025. The two vulnerabilities tracked as CVE-2025-34164 and CVE-2025-34165 reside […]

The post NetSupport Manager 0-Day Vulnerabilities Enable Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has released two critical out-of-band (OOB) security patches targeting widespread issues affecting Windows 11 users following January’s monthly security updates. The emergency patches, KB5078127 and KB5078132, address severe file system failures and application crashes that emerged after the January 13 security release. The primary culprit behind these issues is unexpected complications introduced by KB5073455 […]

The post Microsoft Issues KB5078127 OOB Patch After Reports of Outlook Freezing and File System Instability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the “SyncFuture Espionage Campaign,” weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems.​ The campaign begins with targeted […]

The post SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A moderate out-of-bounds write vulnerability in Apache Hadoop’s HDFS native client that could allow attackers to trigger system crashes or cause data corruption in production environments.  The flaw, identified as CVE-2025-27821, affects the native HDFS client’s URI parser and has been assigned moderate severity by Apache. The vulnerability was discovered and reported by security researcher […]

The post Apache Hadoop Flaw Could Trigger System Crashes or Data Corruption appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick is “inherited trust.” Attackers send short phishing emails with financial or business themes such as unpaid invoices, payment statements, or document reviews. The real hook is not the text, but […]

The post New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has confirmed a controversial new feature coming to Teams that will automatically reveal employee work locations by detecting which Wi-Fi networks they connect to raising significant concerns about workplace surveillance and hybrid work policies. The feature, documented in Microsoft’s 365 Roadmap and Admin Centre (Message ID MC1081568), will automatically set users’ work location when […]

The post Microsoft Teams to Begin Sharing Employee Location with Employers Based on Wi-Fi Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has announced the public preview of the Windows App Development CLI (winapp), a new open-source command-line tool designed to simplify Windows application development across multiple frameworks and toolchains. The tool is now available on GitHub for developers working outside traditional Visual Studio or MSBuild environments. The winapp CLI targets developers using cross-platform frameworks including […]

The post Microsoft Open-Sources winapp, a New CLI Tool for Streamlined Windows App Development appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has confirmed that it provided BitLocker encryption recovery keys to the FBI following a valid search warrant, marking the first publicly known case of the technology giant sharing encryption keys with law enforcement. The disclosure occurred after federal investigators in Guam requested access to three encrypted laptops believed to contain evidence of fraud in […]

The post Microsoft Shared BitLocker Recovery Keys with the FBI to Unlock Encrypted Laptop Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations, leveraging SharePoint file-sharing services to bypass traditional email security controls and compromise multiple user accounts. SharePoint Abuse for Initial Access The attack began with a phishing email sent from a compromised trusted vendor’s email address, embedding SharePoint URLs that mimicked […]

The post Researchers Uncover Multi-Stage AiTM Attack Using SharePoint to Bypass Security Controls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The flaw allows remote attackers to gain root access without authentication, triggering widespread exploitation attempts across internet-exposed systems. The security flaw affects GNU InetUtils telnetd versions 1.9.3 through 2.7, with the vulnerable […]

The post Attackers Leveraging telnetd Exploit for Root Privileges After PoC Goes Public appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In 2026, data has become the most valuable asset for businesses and the most targeted. With rising ransomware attacks, insider threats, AI-driven breaches, and strict global data protection regulations, organizations can no longer rely on basic security controls. This has fueled massive demand for advanced data security companies that can protect sensitive information across cloud, […]

The post Top 10 World’s Best Data Security Companies in 2026 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities CVE-2025-59718 and CVE-2025-59719 discovered during internal code audits in December 2025, with exploitation attempts now documented in customer environments. The vulnerabilities stem from improper verification of cryptographic signatures in FortiCloud […]

The post Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026, permitted the reuse of domain validation data across different ACME accounts, allowing unauthorized certificate issuance for domains that were validated by other users. The vulnerability violated the CA/Browser Forum Baseline […]

The post TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security checks or browser validation steps. What appears to be a routine security interstitial something millions […]

The post Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations. The vulnerability, tracked as CVE-2026-0920 with a CVSS severity rating of 9.8 (Critical), enables unauthenticated attackers to create administrator accounts and achieve complete site compromise. The function fails to properly restrict […]

The post 20,000 WordPress Sites Compromised by Backdoor Vulnerability Enabling Malicious Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.