-
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12. A patch for the flaw was
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors have resurfaced with an upgraded SHub stealer for macOS, now branded “Reaper,” and they’re using a stealthy distribution trick that should worry every Mac user. Attackers build fake download pages for popular apps (WeChat, Miro and others) and employ an automated ClickFix technique that opens Apple’s Script Editor preloaded with malicious code. One […]
The post New SHub Stealer Variant Targets Major Browsers and Crypto Wallets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
AI-powered malware is moving from theory to reality, with new proof-of-concept worms showing how large language models (LLMs) can autonomously compromise mixed networks of Linux, Windows, and IoT devices while parasitically hijacking GPU compute for their own reasoning. Instead of shipping with a fixed exploit toolkit, this new class of AI-driven malware uses an embedded […]
The post AI-Powered Worm Leverages Stolen Compute to Target Linux, Windows, and IoT Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Taxonomy of Failure Modes in Agentic AI Systems v2.0 published in April 2026, the field received more than a classification update: it got operational guidance grounded in a year of real-world red teaming that exposed how quickly agentic AI systems transform classical threat surfaces into new, high-impact attack vectors. The headline finding from those engagements […]
The post Zero-Click Agentic AI Attack Bypasses Human Oversight appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a fresh alert warning organizations about the active exploitation of a Linux kernel vulnerability tracked as CVE-2022-0492. The flaw, categorized as an improper authentication issue, affects Linux systems using the cgroups v1 release_agent feature and can allow attackers to escalate privileges within compromised environments. Linux […]
The post CISA Issues Alert on Actively Exploited Linux Kernel Security Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that copies FIFA’s login page well enough to take over real accounts. It is an obvious target. More than
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root-level privileges on affected systems. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 and is caused by improper input validation (CWE-116) within the command-line interface of […]
The post Cisco SD-WAN Security Flaw Actively Exploited for Root-Level Command Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Let’s Encrypt has unveiled a new approach to securing the web against future quantum threats: Merkle Tree Certificates (MTCs), a post-quantum–ready certificate model designed to maintain the speed and reliability of today’s TLS ecosystem. As the industry moves closer to the reality of cryptographically relevant quantum computers (CRQCs), the focus is shifting beyond encryption to […]
The post Let’s Encrypt Introduces Merkle Tree Certificates for Post-Quantum Web Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated typosquatting attack targeting Python developers through a malicious package named “parsimonius” on the Python Package Index (PyPI). The rogue package was engineered to impersonate the legitimate parsimonious parsing library, a well-known tool for building recursive descent parsers in Python, by altering just a single character in the package name. The attack exemplifies a […]
The post Malicious Python Package Mimics Parsimonious Parser appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
BRICKSTORM is a modular remote access trojan (RAT) originally seen in Golang and later in Rust. It uses a wssoft library with pluggable “tasks” for shell commands, a Socks5 proxy, and a simple web server for file listing. An incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine […]
The post Chinese APT VerdantBamboo Targets Appliances with BRICKSTORM Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
