Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026
The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero...
GBHackers
20 articles
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond trad...
Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks
Amazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbi...
Multiple cPanel Vulnerabilities Could Lead to Sensitive Resource Exposure
Multiple newly disclosed vulnerabilities in cPanel & WHM, including the critical CVE‑2026‑41940 authentication bypass bug and a cluster of May 2026 flaws, co...
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical
Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers...
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access
Cisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administ...
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensi...
Next.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin Interfaces
Next.js, one of the most widely used React frameworks, has been hit by a high-severity vulnerability that could allow attackers to extract sensitive cloud cr...
Microsoft Exposes Kazuar Malware’s Modular P2P Botnet Architecture
Microsoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its ...
Palo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as Root
A devastating zero-day vulnerability in Palo Alto Networks firewalls is under active exploitation by suspected state-sponsored hackers, allowing unauthentica...
Hackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor Attacks
Hackers linked to the long-running FrostyNeighbor cyber‑espionage group have intensified attacks against Ukrainian government organizations, deploying update...
Dell SupportAssist Update Forces Windows Systems Into BSOD Loop
A faulty update to Dell’s SupportAssist Remediation service is triggering widespread system crashes, forcing thousands of Dell and Alienware devices into con...
Popular node-ipc npm Library Hit by Supply Chain Attack, Impacting 822K Weekly Downloads
A widely used npm package with more than 822,000 weekly downloads has once again become the center of a serious supply chain attack, raising fresh concerns a...
TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest
A new cybercrime campaign is turning supply chain attacks into a public competition, as TeamPCP and BreachForums operators launch a $1,000 contest that encou...
Critical WordPress Plugin Flaw Allows Unauthorized Access to Websites
A critical vulnerability in a widely used WordPress plugin has exposed more than 200,000 websites to potential takeover, raising urgent concerns across the s...
Sandworm Hackers Shift From IT Breaches to Critical OT Targets
A new wave of cyber activity linked to the notorious Sandworm group is raising fresh alarms across global critical infrastructure. Security researchers warn ...
Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution
Windows systems worldwide are at risk from a new critical flaw in the Windows DNS Client that could allow remote code execution without any user interaction....
Chinese APT Exploits Microsoft Exchange to Breach Energy Sector Network
Chinese state-aligned hackers compromised a Microsoft Exchange server at a major energy firm. They repeatedly reused that same entry point to run a months‑lo...
New Malware Framework Enables Screen Control and UAC Bypass
A sophisticated malware framework capable of screen control, browser artifact access, and User Account Control (UAC) bypass, highlighting how attackers are i...
Critical Exim Mailer Flaw Enables Remote Code Execution Attacks
A newly disclosed vulnerability in the widely used Exim mail transfer agent exposes thousands of internet-facing mail servers to unauthenticated remote code ...