1010.cx – Page 33 – cybersecurity / defense / intelligence

Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity

·

cyber security, Cyber Security News, Microsoft

Microsoft Entra Agent ID logs have exposed a subtle but consequential threat vector: assistive agents using the OAuth On-Behalf-Of (OBO) flow to act with delegated user privileges and perform potentially risky actions, such as sending external emails. In the examined incident an email with subject “Here is your invoice” was recorded in Exchange Purview as […]

The post Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

·

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

·

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. “The compromised releases shipped a *-setup.pth file that attempts to execute automatically

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges

·

CVE/vulnerability, cyber security, Cyber Security News, Linux, vulnerability

A newly disclosed Linux kernel vulnerability tracked as CVE-2026-23111 allows local attackers to escalate privileges to root by exploiting a use-after-free flaw in the nftables subsystem. The vulnerability, patched upstream on February 5, 2026, affects the netfilter framework, specifically nftables, which is widely used for packet filtering, NAT, and firewall rule management across modern Linux […]

The post Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026

·

Cyber Security News, Top 10

In 2026, the traditional network perimeter is obsolete. With the widespread adoption of remote and hybrid work models, multi-cloud environments, and a proliferation of IoT devices, the old “castle-and-moat” security model where everything inside the network is trusted by default is no longer viable. This outdated approach leaves organizations vulnerable to sophisticated attacks, including lateral […]

The post Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group

·

cyber security, Cyber Security News, WhatsApp

WhatsApp has disrupted a new spyware campaign linked to the NSO Group, the controversial surveillance vendor behind Pegasus, while simultaneously seeking legal action against the company for allegedly violating a U.S. court injunction. The disclosure highlights NSO’s continued efforts to target users despite a landmark 2025 ruling that permanently barred the firm from accessing WhatsApp’s […]

The post WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Weedhack MaaS Targets Minecraft Players to Steal Credentials and Hijack Accounts

·

cyber security, Cyber Security News, Malware

Weedhack, a Malware-as-a-Service (MaaS) operation specifically engineered to prey on Minecraft players, that has been active since at least January 2026. The service packages credential theft, cryptocurrency wallet extraction, account hijacking and full remote-access capabilities into a low-cost, subscription-based offering marketed through SEO poisoning,YouTube promotion and counterfeit Minecraft mod websites. By combining polished distribution tactics […]

The post Weedhack MaaS Targets Minecraft Players to Steal Credentials and Hijack Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

·

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
NFCShare Android Malware Spreads via Weaponized Banking Apps

·

Android, cyber security, Cyber Security News, Malware

A renewed and operationally refined wave of the NFCShare Android banking trojan that delivers NFC card-data theft by masquerading as legitimate banking applications. First documented in January 2026, NFCShare continues to rely on a social‑engineering phishing flow that coerces victims into sideloading malicious APKs; since 14 May 2026 the campaign has pivoted to Italian and […]

The post NFCShare Android Malware Spreads via Weaponized Banking Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Top 10 Best Software Composition Analysis (SCA) Services 2026

·

Cyber Security News, Top 10

In 2026, the foundation of nearly every modern application is built on open-source components. While this accelerates development and fosters innovation, it also introduces a significant attack surface. A single vulnerability in a widely-used open-source library can expose countless applications to risk, as demonstrated by past high-profile incidents. The need for robust Software Composition Analysis […]

The post Top 10 Best Software Composition Analysis (SCA) Services 2026 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶