1010.cx – Page 36 – cybersecurity / defense / intelligence

Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs

·

Chrome, CVE/vulnerability, cyber security, Cyber Security News, Google, Vulnerabilities, vulnerability

Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, including 22 critical flaws that could enable remote code execution, memory corruption, and sandbox escapes. The update, version 149.0.7827.53/54, is being rolled out gradually and includes fixes across multiple components, including ANGLE, GPU, […]

The post Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse

·

Cyber Attack, cybersecurity, Data Breaches, FACEBOOK, Instagram, Maine, Meta, Privacy, Security, Social Media, vulnerability

Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
OWASP Unveils AI Security Report Highlighting New Tools for Security Teams

·

cyber security, Cyber Security News, OWASP – Top 10

OWASP has released a new edition of its AI security report, “State of Agentic AI Security and Governance v2.01,” giving security teams a concrete playbook for defending autonomous AI agents and the expanding ecosystem of tools they rely on. Positioned within the OWASP GenAI Security Project, the report shifts AI security conversations from hypothetical threat […]

The post OWASP Unveils AI Security Report Highlighting New Tools for Security Teams appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE

·

cyber security, Cyber Security News, internet, vulnerability

Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems that no longer use Internet Explorer as a standalone browser. Although Microsoft officially ended support for IE, the Trident engine and WebBrowser ActiveX control remain embedded in numerous Windows applications built with […]

The post Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

·

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking groups known as Clay Typhoon (Microsoft),

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users

·

cybersecurity, FACEBOOK, Glitch, Instagram, Mark Zuckerberg, Meta, Privacy, Security, Social Media, vulnerability

Instagram glitch exposed Mark Zuckerberg’s email addresses and phone number, plus contact details of other top users, through a password reset flaw.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework

·

cyber security, Cyber Security News, IIS

A suspected China-linked espionage cluster dubbed OP-512 after rapidly correlating many low-fidelity events into a single high-priority incident that human analysts then validated. OP-512 compromised an Internet Information Services (IIS) server and deployed a custom web shell framework built to evade signature-based detection. Each web shell instance is cryptographically unique, restricts access with layered encryption, […]

The post China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens

·

cyber security, Cyber Security News

A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-linked underground channels, is not a simple packed executable but a Lucid-branded information stealer and RAT wrapped inside a legitimate Node.js Single Executable Application (SEA). Static analysis recovered an embedded JavaScript loader and decrypted core […]

The post Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

A critical vulnerability in Redis, tracked as CVE-2026-23631 and dubbed “DarkReplica,” exposes authenticated deployments to remote code execution (RCE) through a complex use-after-free (UAF) condition in the replication subsystem. Discovered by security researcher Yoni Sherez during the ZeroDay. In the Cloud 2025 competition, the flaw demonstrates how Redis’s internal Lua execution model and replication logic […]

The post Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Instagram Patches Account Recovery Flaw Leaking User Contact Information

·

CVE/vulnerability, cyber security, Cyber Security News, Instagram, vulnerability

A critical logic flaw in Instagram’s web-based account recovery workflow exposed unredacted user contact information, including full email addresses and phone numbers, before Meta rapidly patched it on June 6, 2026. The vulnerability, which affected the platform’s password reset interface, allowed any unauthenticated user to initiate a standard recovery request for a target username and […]

The post Instagram Patches Account Recovery Flaw Leaking User Contact Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶