1010.cx – Page 48 – cybersecurity / defense / intelligence

Critical Apache ActiveMQ Vulnerability Exposes Systems to Security Header Injection Attacks

·

CVE/vulnerability, cyber security, Cyber Security News, Vulnerabilities, vulnerability

Apache ActiveMQ users are being urged to apply immediate patches following the disclosure of a critical vulnerability, CVE-2026-42253, that enables HTTP response header injection via improperly handled JMS message properties. The flaw affects both Apache ActiveMQ and ActiveMQ Web components. It has been rated with “important” severity by the Apache Software Foundation. CVE-2026-42253: HTTP Response […]

The post Critical Apache ActiveMQ Vulnerability Exposes Systems to Security Header Injection Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

·

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and beyond the reach of

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

·

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that race. You don’t control which bug lands. You control what it can reach once it does. That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Alcasec, “Robin Hood of Spanish Hackers,” Jailed for 31 Months Over Data Theft

·

Alcasec, Cyber Attack, Cyber Crime, cybersecurity, Dark Web, Spain, Udyat

Alcasec, the “Robin Hood of Spanish Hackers,” is jailed for 31 months after admitting to stealing and selling Spanish citizens’ banking data.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
38% of GitHub Actions Workflows Exposed to Script Injection Risks

·

cyber security, Cyber Security News, GitHub

Analysis has revealed that 38% of organizations are running GitHub Actions workflows vulnerable to script injection or unsafe trigger configurations, highlighting a growing risk in modern software supply chains. GitHub plays a central role in development pipelines by automating build, test, and deployment tasks through YAML-defined workflows and reusable actions. These workflows often run with […]

The post 38% of GitHub Actions Workflows Exposed to Script Injection Risks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Ivanti ITSM Flaw Could Allow Attackers to Escalate to Admin Access

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Ivanti has patched a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow authenticated attackers to escalate privileges and gain full administrative access to affected systems. Tracked as CVE-2026-9614, the flaw is classified as an improper access control issue (CWE-284) and carries a CVSS score of 8.8. The vulnerability affects both cloud […]

The post Ivanti ITSM Flaw Could Allow Attackers to Escalate to Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise

·

AI, cyber security, Cyber Security News

A threat campaign in which attackers leveraged AI-powered tools to streamline Active Directory (AD) compromise and accelerate endpoint detection and response (EDR) evasion testing. The activity, observed on June 2, 2026, was triggered by suspicious files originating from the path C:\Users\User\Documents\test. Sophos investigation revealed a collection of malicious components forming a structured post-exploitation framework designed to […]

The post Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

·

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress. CVE-2026-33829 refers to a spoofing vulnerability that could expose

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications

·

AWS, cyber security, Cyber Security News

A newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels that are difficult for defenders to detect. The campaign primarily targets government networks in Southeast Asia and represents a growing shift toward cloud-native attack infrastructure. This misconfiguration enables threat actors to […]

The post HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability, Windows

Windows systems are once again exposed to NTLM credential leakage through a newly observed abuse of the search, URI handler, a vulnerability class closely mirroring the previously patched CVE-2026-33829 in the Snipping Tool. Windows Search URI Handler Vulnerability Security researchers from Huntress have identified that the Windows search URI handler improperly processes user-supplied parameters, allowing attackers to coerce […]

The post Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶