1010.cx – cybersecurity / defense / intelligence

OpenAI Unveils Cyber Defense Roadmap Focused on AI-Powered Security

·

cyber security, Cyber Security News, OpenAI, vulnerability

OpenAI has released a comprehensive cyber defense roadmap titled “Cybersecurity in the Intelligence Age” to responsibly equip defenders with AI-powered security tools faster than malicious actors can adapt. Spearheaded by Sasha Baker in April 2026, the action plan outlines five core pillars to democratize advanced defensive capabilities and build lasting national resilience. Five Pillars for […]

The post OpenAI Unveils Cyber Defense Roadmap Focused on AI-Powered Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability, Zero-Day

A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session […]

The post Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

The Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could allow threat actors to execute arbitrary code or hijack user sessions. All vulnerabilities were responsibly disclosed through the Jenkins Bug Bounty Program, which the […]

The post Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery

·

cyber security, Cyber Security News, vulnerability, Word press, Wordpress

A long-dormant backdoor has been uncovered in the “Quick Page/Post Redirect Plugin,” a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious features. First, it featured a passive content injection mechanism. On every page viewed by a logged-out user, the plugin connected to a third-party server […]

The post Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Qinglong Task Scheduler RCE Flaws Exploited in the Wild

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Hackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vulnerable servers. Qinglong is a self-hosted task management platform used by developers to automate background tasks using Python, JavaScript, Shell, and TypeScript scripts. With […]

The post Qinglong Task Scheduler RCE Flaws Exploited in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access

·

cybersecurity, Kernel, Linux, Security, Theori, vulnerability, Xint Code

Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algif_aead to stay secure.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

·

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems. “The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,”

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets

·

cyber security, Cyber Security News

Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation relies on injecting malicious pre-install scripts that execute silently during dependency installation. By leveraging a multi-stage payload, the […]

The post Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
SonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash Firewalls

·

CVE/vulnerability, cyber security, Cyber Security News, Vulnerabilities, vulnerability

SonicWall has released a security advisory detailing three new vulnerabilities affecting its SonicOS software. Disclosed on April 29, 2026, under advisory ID SNWLID-2026-0004, these security flaws open the door for attackers to bypass access controls, manipulate restricted files, and intentionally crash critical firewall infrastructure. The most severe of the three bugs carries a high-severity score, […]

The post SonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash Firewalls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
ProFTPD SQL Injection Flaw Opens Door To Remote Code Execution Attacks

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

A newly disclosed flaw in ProFTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-42167, the issue was found in ProFTPD’s mod_sql extension by ZeroPath Research, and MITRE assigned it a CVSS […]

The post ProFTPD SQL Injection Flaw Opens Door To Remote Code Execution Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶