1010.cx – Page 66 – cybersecurity / defense / intelligence

BTMOB Malware Allows Cybercriminals to Remotely Hijack Android Phones

·

Android, cyber security, Cyber Security News, Malware

A newly observed Android malware strain, known as BTMOB, is raising concerns among cybersecurity researchers due to its powerful remote access capabilities and ease of deployment. Initially identified in early 2025, BTMOB has evolved into a full-featured remote access trojan (RAT) that allows attackers to take near-complete control of infected devices. Unlike traditional banking trojans […]

The post BTMOB Malware Allows Cybercriminals to Remotely Hijack Android Phones appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters

·

cyber security, Cyber Security News, Windows

A critical Windows kernel vulnerability, CVE-2026-40369, allows any unprivileged process, including a browser renderer sandbox, to increment arbitrary kernel memory and reliably escalate to SYSTEM on Windows 11 24H2–25H2. The bug sits in ntoskrnl.exe inside ExpGetProcessInformation, reachable via a single NtQuerySystemInformation call with information class 253. Windows Kernel Vulnerability CVE-2026-40369 is described as an untrusted pointer dereference in the Windows […]

The post Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
GitHub Enterprise Server 3.20.3 Addresses Critical Security Flaws

·

CVE/vulnerability, cyber security, Cyber Security News, GitHub, vulnerability

GitHub has released Enterprise Server (GHES) version 3.20.3, addressing multiple critical and high-severity vulnerabilities that could allow attackers to access internal services, escalate privileges, and extract sensitive data. The update, published on May 26, 2026, also introduces an important security change requiring administrators to rotate cryptographic signing keys before applying the patch. The most severe […]

The post GitHub Enterprise Server 3.20.3 Addresses Critical Security Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Gitea Vulnerability Exposes Private Container Images without Authentication

·

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

·

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. “This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defender Experts and the Microsoft

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
New Zero-Click WhatsApp Account Takeover Attack Targets iOS 16 Users

·

cyber security, Cyber Security News, WhatsApp, Zero-Day

A newly uncovered zero-click attack targets iPhone users running iOS 16, allowing threat actors to hijack WhatsApp accounts without any user interaction, visible prompts, or warnings about linked devices. The campaign was first documented by Italian digital forensics firm Forenser, after multiple users reported that their WhatsApp accounts were sending fraudulent money requests to recent […]

The post New Zero-Click WhatsApp Account Takeover Attack Targets iOS 16 Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Hackers Exploit Shared CDN Edge IPs to Evade Protective DNS Filtering

·

cyber security, Cyber Security News

Hackers are exploiting shared CDN edge infrastructure to bypass DNS-based security controls, according to new research from ADAMnetworks, which details a stealthy evasion technique dubbed “Underminr.” The core issue lies in how content delivery networks (CDNs) route traffic across shared edge IP addresses. In this attack, a device performs a legitimate DNS lookup for a […]

The post Hackers Exploit Shared CDN Edge IPs to Evade Protective DNS Filtering appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Anthropic Launches Free Claude Code Terminal Plugin to Detect Security Vulnerabilities

·

AI, cyber security, Cyber Security News

Anthropic has launched a free Claude Code terminal plugin, “security-guidance,” that continuously reviews AI‑generated code in-session to detect and remediate security vulnerabilities before they ever reach a pull request or CI pipeline. Designed as a lightweight yet powerful layer within a defense‑in‑depth strategy, the plugin targets common classes of weaknesses, including injection flaws, unsafe deserialization, […]

The post Anthropic Launches Free Claude Code Terminal Plugin to Detect Security Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Microsoft SharePoint Server Flaw Enables Remote Code Execution Attacks

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow attackers to execute arbitrary code remotely, raising significant concerns for enterprise environments that depend on on-premises collaboration platforms. The flaw, tracked as CVE-2026-45659, was initially published on May 21, 2026, and later updated on May 26, 2026, with additional technical details emphasizing […]

The post Microsoft SharePoint Server Flaw Enables Remote Code Execution Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Microsoft Defender Gains Auto-Isolation Feature to Block Ransomware Spread

·

cyber security, Cyber Security News, Microsoft, Ransomware

Microsoft Defender XDR has introduced automatic attack disruption capabilities that autonomously contain ransomware and sophisticated cyberattacks in real-time by isolating compromised assets. This advanced feature correlates millions of security signals to identify active threat campaigns with high confidence. It automatically disrupts attacks before they can spread across enterprise networks. The automatic attack disruption system operates […]

The post Microsoft Defender Gains Auto-Isolation Feature to Block Ransomware Spread appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶