Top 10 Best Static Application Security Testing (SAST) Tools for Security Teams in 2026
The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought....
GBHackers
20 articles
Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks
Threat actors are actively exploiting end-of-life F5 BIG-IP appliances to gain unauthorized SSH access into enterprise networks, using the compromised device...
LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenti...
Ubiquiti Patches Critical UniFi OS Privilege Escalation Flaws
Ubiquiti has released urgent security patches for five critical and high-severity vulnerabilities across its UniFi OS platform, addressing flaws that could a...
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to ...
Hackers Compromise Laravel-Lang Packages via 700 GitHub Repos
A sophisticated and active supply chain attack has struck the Laravel-Lang open-source organization, compromising over 700 historical package versions across...
Claude Mythos Preview Discovers 10,000+ 0-Days in Glasswing
Anthropic has published an update on Project Glasswing, its collaborative AI-powered vulnerability discovery initiative launched last month, revealing that C...
Hackers Exploit Middle East Telecoms for Massive C2 Operations
Hackers are increasingly abusing Middle East telecommunications networks and hosting providers to operate large-scale command-and-control (C2) infrastructure...
Google’s Exploit Code Release Raises Concern Over Unfixed Chromium Security Bug
Google’s recent release of proof-of-concept (PoC) exploit code for a still-unpatched Chromium vulnerability has sparked significant concern across the cybers...
World Cup Phishing Surge: 203 Malicious IPs Detected
The scale of phishing activity targeting the 2026 FIFA World Cup has expanded dramatically, with new research revealing a far broader and more complex threat...
Russian Hackers Exploit RDP, VPNs, Supply Chains for Initial Access
Russian state-sponsored and aligned threat groups are increasingly combining Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), supply chain com...
CISA Adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
The U.S.
Popular npm Package “art-template” Backdoored in Watering-Hole Attack
Hackers compromised the popular art-template npm package to inject a stealthy backdoor that redirected users’ browsers to a malicious watering‑hole site deli...
Hackers Use Six-Layer Persistence on FreePBX Systems
Hackers are actively exploiting FreePBX systems using a highly resilient six-layer persistence mechanism. The campaign has been attributed with high confiden...
CISA Issues Alert on Exploited Microsoft Defender Zero-Day Vulnerabilities
CISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Know...
Hackers Weaponize NF-e Invoice Lures to Deploy Banana RAT
Hackers are actively using Brazil’s electronic invoice system (NF-e) as a lure to distribute a sophisticated banking trojan known as Banana RAT. The campaign...
Android Malware Secretly Signs Users Up for Premium Services
Android users are being targeted by a large-scale malware campaign that silently subscribes victims to premium mobile services without their knowledge. The m...
Google API Key Issue Allows Deleted Keys to Retain Access to Cloud Services
Google Cloud API keys may continue functioning for up to 23 minutes after deletion, exposing a significant security gap that could allow attackers to retain ...
Splunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data Exposure
Splunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt S...
FBI Warns Kali365 PhaaS Platform Targets Microsoft 365 Users to Steal Logins
The U.S.