1010.cx – Page 42 – cybersecurity / defense / intelligence

RingH23 Threat Actors Target MacCMS and CDN Infrastructure with New Arsenal

·

cyber security, Cyber Security News

Threat actors are abusing a new Linux-based toolkit dubbed RingH23 to silently compromise MacCMS-based video sites and hijack CDN infrastructure at scale, redirecting millions of users to gambling, pornography, and fraud platforms. Evidence shows Funnull has re-emerged with a fully owned attack framework that no longer parasitizes public CDNs, but actively compromises CDN nodes and […]

The post RingH23 Threat Actors Target MacCMS and CDN Infrastructure with New Arsenal appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

·

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country’s Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the form of two different

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks

·

cyber security, Cyber Security News

Suspected DPRK-linked threat actors have been observed compromising cryptocurrency firms through a coordinated campaign that blends web-app exploitation, cloud abuse, and secrets theft to position for large‑scale digital asset theft. The intrusions show a full kill chain from initial access via the React2Shell vulnerability (CVE‑2025‑55182) to deep AWS and Kubernetes reconnaissance and exfiltration of proprietary […]

The post DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Where Multi-Factor Authentication Stops and Credential Abuse Starts

·

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage. Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta, or

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Critical pac4j-jwt Authentication Bypass Vulnerability Allows Attackers to Impersonate Any User

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

A critical security flaw in the popular Java authentication library pac4j-jwt allows attackers to completely bypass authentication and impersonate any user, including administrators. Tracked as CVE-2026-29000, this vulnerability carries a maximum CVSS score of 10.0 and requires nothing more than the server’s public RSA key to successfully exploit. Their automated tools and security engineers found […]

The post Critical pac4j-jwt Authentication Bypass Vulnerability Allows Attackers to Impersonate Any User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

·

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. “The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning border crossing appeals

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Top 10 Best Cybersecurity Marketing Agencies to Watch in 2026

·

Top 10

As the digital threat landscape continues to evolve rapidly, the marketplace for security solutions has become fiercely congested. For B2B vendors, whether you are selling enterprise Zero Trust architecture, dark web monitoring tools, or consumer-grade privacy software, standing out requires more than just a superior technical product. You need to capture the attention of CISOs, […]

The post Top 10 Best Cybersecurity Marketing Agencies to Watch in 2026 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts

·

cyber security, Cyber Security News, Malware

A highly coordinated malware campaign that targets cryptocurrency and Web3 professionals through fake venture capital (VC) identities on LinkedIn. The operation combines advanced social engineering with cross-platform payloads and a ClickFix-style fake CAPTCHA flow that tricks users into running malicious commands on their own systems. Attackers pose as executives from fictitious funds such as SolidBit […]

The post ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities

·

Chrome, cyber security, Cyber Security News, Google

Google released an urgent security update for its Chrome browser to address 10 vulnerabilities. Deployed on March 3, 2026, this stable channel update fixes three critical flaws and seven high-severity issues. The emergency patch protects users from potential exploits that could allow attackers to execute arbitrary code or compromise affected systems. The Chrome update is […]

The post Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Cisco Secure Firewall Management Flaw Allows Remote Code Execution

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Cisco recently disclosed a critical security vulnerability affecting its Secure Firewall Management Centre (FMC) software. This severe flaw carries a maximum severity score of 10.0 and allows unauthenticated, remote attackers to execute arbitrary code with root privileges. CVE ID CVSS Score Vulnerability Type CWE CVE-2026-20131 10.0 (Critical) Remote Code Execution CWE-502 The root cause of […]

The post Cisco Secure Firewall Management Flaw Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶