1010.cx – cybersecurity / defense / intelligence

Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026

·

cyber security, Cyber Security News, Microsoft, Windows

The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Windows 11, LiteLLM, and NVIDIA platforms. On May 14, researchers demonstrated 24 unique zero-day exploits, earning a total of $523,000 in rewards, according to Trend […]

The post Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA

·

cyber security, Cyber Security News, Phishing

A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and Europol disrupted Tycoon 2FA infrastructure. Despite that operation, the actors have quickly adapted, reusing their […]

The post Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Amazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2026-8178, affects the widely used Amazon Redshift JDBC Driver and raises concerns for organizations that rely on Java-based database connectivity. Redshift JDBC Driver Flaws The […]

The post Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Multiple cPanel Vulnerabilities Could Lead to Sensitive Resource Exposure

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Multiple newly disclosed vulnerabilities in cPanel & WHM, including the critical CVE‑2026‑41940 authentication bypass bug and a cluster of May 2026 flaws, could allow attackers to access sensitive resources and hosting accounts if servers remain unpatched. Organizations running Internet‑facing cPanel instances are urged to update immediately, as at least one of the issues is already […]

The post Multiple cPanel Vulnerabilities Could Lead to Sensitive Resource Exposure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical

·

Chrome, CVE/vulnerability, cyber security, Cyber Security News, Google, Vulnerabilities, vulnerability

Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac and 148.0.7778.167 for Linux, is being gradually deployed to users worldwide. The latest […]

The post Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access

·

Cisco, CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Cisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administrative control over enterprise networks without authentication. Critical SD-WAN flaw under attack The vulnerability, tracked as CVE-2026-20182, carries a maximum CVSS score of 10.0 and affects Cisco Catalyst SD-WAN Controller (vSmart) and […]

The post Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials

·

cyber security, Cyber Security News

A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensitive developer and cloud credentials at scale. TeamPCP’s core strategy is simple but highly effective: compromise trusted build and release workflows instead of end-user systems. By injecting malicious code into CI/CD pipelines, attackers leverage […]

The post TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Next.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin Interfaces

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Next.js, one of the most widely used React frameworks, has been hit by a high-severity vulnerability that could allow attackers to extract sensitive cloud credentials, API keys, and even access internal admin interfaces. The flaw, tracked as CVE-2026-44578, exposes a critical weakness in how certain server-side deployments handle WebSocket upgrade requests. Next.js Security Flaw The […]

The post Next.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin Interfaces appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

·

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. “

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Microsoft Exposes Kazuar Malware’s Modular P2P Botnet Architecture

·

cyber security, Cyber Security News, Malware

Microsoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its evolution into a stealthy, modular peer-to-peer (P2P) botnet designed for persistent cyber espionage. Originally identified as a traditional backdoor, Kazuar has steadily transformed into a sophisticated ecosystem that prioritizes resilience, low visibility, and flexible […]

The post Microsoft Exposes Kazuar Malware’s Modular P2P Botnet Architecture appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶