1010.cx – cybersecurity / defense / intelligence

New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

The Apache MINA project has issued urgent security updates to address two severe vulnerabilities. These security flaws could allow malicious actors to execute unauthorized code remotely. The development team has successfully patched these issues in the newly released Apache MINA versions 2.2.7 and 2.1.12. Apache MINA is a widely used framework for building high-performance network […]

The post New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
DOJ Sentences Two Americans for ALPHV BlackCat Ransomware Attacks

·

cyber security, Cyber Security News, Ransomware

The U.S. Department of Justice (DOJ) has sentenced two American cybersecurity professionals to prison for their involvement in ALPHV BlackCat ransomware attacks that targeted multiple U.S. organizations in 2023. The case highlights the growing threat of insider expertise being misused in ransomware-as-a-service (RaaS) operations. Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas, […]

The post DOJ Sentences Two Americans for ALPHV BlackCat Ransomware Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
CISA Alert Highlights Active Exploitation of cPanel & WHM Security Bug

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has raised the alarm over a critical security vulnerability affecting WebPros cPanel & WebHost Manager (WHM) and WP2 (WordPress Squared). On April 30, 2026, CISA officially added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, confirming that malicious actors are actively abusing it in real-world attacks. […]

The post CISA Alert Highlights Active Exploitation of cPanel & WHM Security Bug appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
cPanel Vulnerability Exploited to Compromise Government and Military Servers

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

A critical authentication bypass vulnerability in cPanel and Web Host Manager, officially tracked as CVE-2026-41940, is currently being exploited by unidentified threat actors. Security researchers at Ctrl-Alt-Intel recently uncovered an alarming campaign leveraging this vulnerability to compromise government and military organizations across Southeast Asia. The attackers managed to weaponize publicly available exploit code just days […]

The post cPanel Vulnerability Exploited to Compromise Government and Military Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Attackers Hijack SAP npm Packages to Steal Dev Secrets

·

cyber security, Cyber Security News

A sophisticated supply chain attack hit the SAP developer ecosystem on April 29, 2026, compromising four widely-used npm packages with credential-stealing malware. The attackers modified package installation scripts to download the Bun JavaScript runtime a legitimate alternative to Node.js during the npm install process. This technique bypasses Node.js-based security monitoring by executing an 11.6 MB […]

The post Attackers Hijack SAP npm Packages to Steal Dev Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
AI-Powered Threat Actors Accelerate 0-Day Discovery at Machine Speed

·

AI, cyber security, Cyber Security News

Threat actors are already using AI models as autonomous operators to discover and exploit 0‑days in minutes, thereby collapsing the time and cost required to run complex intrusion campaigns. This shift, first clearly visible in late 2025 operations, is forcing defenders to rethink detection, containment, and even how they define insider risk. Until 2025, attackers […]

The post AI-Powered Threat Actors Accelerate 0-Day Discovery at Machine Speed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Email Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing Surge

·

cyber security, Cyber Security News, Phishing

Email bombing campaigns combined with fake IT support outreach are driving a surge in sophisticated Microsoft Teams phishing attacks. The attacks typically begin with email bombing, where victims are flooded with spam messages to create confusion and urgency. Shortly after, threat actors initiate contact via Microsoft Teams, impersonating internal IT support or helpdesk personnel. Posing […]

The post Email Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing Surge appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
MOVEit Authentication Bypass Vulnerability Sparks Security Concerns

·

CVE/vulnerability, cyber security, Cyber Security News, Vulnerabilities, vulnerability

Progress Software has issued a critical security alert for its MOVEit Automation software. Two severe vulnerabilities have been discovered that could allow attackers to bypass authentication and escalate their privileges. Because of the critical nature of these flaws, administrators are urged to apply the latest security patches immediately to prevent unauthorized access and data exposure. […]

The post MOVEit Authentication Bypass Vulnerability Sparks Security Concerns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
FreeBSD Systems at Risk From DHCP Client RCE Vulnerability

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

The FreeBSD Project has issued a critical security advisory (FreeBSD-SA-26:12.dhclient) to address a severe Remote Code Execution (RCE) vulnerability in its default IPv4 DHCP client. Tracked as CVE-2026-42511, this flaw allows local network attackers to execute arbitrary code with root privileges. Discovered by Joshua Rogers of the AISLE Research Team, the vulnerability affects all supported […]

The post FreeBSD Systems at Risk From DHCP Client RCE Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Trellix Source Code Breach Exposes Repository to Unauthorized Access

·

cyber security, Cyber Security News, Data Breach

Leading cybersecurity firm Trellix has announced a security incident involving unauthorized access to a portion of its source code repository. The breach highlights a growing trend of threat actors targeting top-tier security vendors to uncover potential software vulnerabilities. The Breach and Immediate Response In a recent public statement, Trellix confirmed that a threat actor had […]

The post Trellix Source Code Breach Exposes Repository to Unauthorized Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶