1010.cx – Page 49 – cybersecurity / defense / intelligence

HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy, and Cloudflare Pingora

·

cyber security, Cyber Security News

A newly disclosed “HTTP/2 Bomb” attack is raising serious concerns across the web infrastructure ecosystem, enabling remote denial-of-service (DoS) conditions against widely deployed servers including nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. Overview of the HTTP/2 Bomb Attack Security researcher Quang Luong, working with the Codex team, uncovered a novel exploitation technique that […]

The post HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy, and Cloudflare Pingora appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

·

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. “The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems

·

Cyber Attack, cyber security, Cyber Security News

The Cybersecurity and Infrastructure Security Agency (CISA), alongside the FBI, NSA, Department of Energy, EPA, TSA, Department of Transportation, and USDA, has issued a joint warning about ongoing cyberattacks targeting automatic tank gauge (ATG) systems across the United States. These systems are critical components used in energy, chemical, food and agriculture, and transportation sectors to […]

The post CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Laravel CRLF Injection Flaw Could Disrupt Outbound Email Handling

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

A high-severity vulnerability in the Laravel framework could allow attackers to manipulate outbound email processing, potentially leading to unauthorized message delivery, data exposure, or the abuse of mail relays. The issue, tracked as CVE-2026-48019, stems from improper neutralization of CRLF (Carriage Return Line Feed) sequences in Laravel’s default email validation logic. The vulnerability is documented […]

The post Laravel CRLF Injection Flaw Could Disrupt Outbound Email Handling appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Fake Purchase Orders Spread JS.MonoGlyphRAT in U.S. Enterprise Attacks

·

cyber security, Cyber Security News

Hackers are using highly convincing fake purchase orders and sales documents to sneak a new JavaScript backdoor, JS.MonoGlyphRAT, into US enterprises, where it quietly establishes persistence and enables full remote control of infected systems. The malware arrives as a .js attachment masquerading as a purchase order, quotation, or business proposal, and it encourages staff in […]

The post Fake Purchase Orders Spread JS.MonoGlyphRAT in U.S. Enterprise Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
1-Click GitHub Vulnerability Enables OAuth Token Theft

·

cyber security, Cyber Security News, GitHub, vulnerability

A newly disclosed vulnerability in GitHub’s browser-based editor, GitHub.dev, allows attackers to steal powerful OAuth tokens with just a single click, giving them read and write access to private repositories. The flaw exploits how Visual Studio Code (VSCode) webviews handle keyboard events and message passing, enabling a malicious repository to execute attacker-controlled actions inside the […]

The post 1-Click GitHub Vulnerability Enables OAuth Token Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
50+ Malicious Chrome Extensions Hit 30K Users

·

Chrome, cyber security, Cyber Security News

50+ malicious Chrome extensions posing as “live wallpaper” utilities have been caught running an adware operation that hijacks browser behavior and quietly pushes remote HTML content to around 30,000 users. These extensions were distributed through at least three publisher accounts and made available via the Chrome Web Store and third‑party download portals that advertised animated […]

The post 50+ Malicious Chrome Extensions Hit 30K Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

·

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Hackers Spread WeedHack Malware via YouTube and SEO Poisoning

·

cyber security, Cyber Security News, Malware, Youtube

Hackers are increasingly abusing trusted platforms like YouTube and search engines to distribute malware, and a newly uncovered campaign targeting Minecraft players highlights how effective this tactic has become. Minecraft, originally released in 2011 by Mojang Studios, remains the best-selling video game globally with more than 350 million copies sold. Its open ecosystem, which supports […]

The post Hackers Spread WeedHack Malware via YouTube and SEO Poisoning appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Microsoft MSRC Allegedly Declines Action on Dependency Confusion Vulnerability

·

cyber security, Cyber Security News, Microsoft

Microsoft is facing scrutiny after reportedly declining to treat a critical dependency confusion vulnerability affecting Azure Portal assets as a security issue, despite a proof-of-concept exploit demonstrating remote code execution (RCE). Security researcher Wahid Fayad identified the issue while analyzing JavaScript assets served via portal.azure.com. The investigation revealed an internal Node.js dependency, FxInternal/NetDiagnostics, that was not […]

The post Microsoft MSRC Allegedly Declines Action on Dependency Confusion Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶