TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest
A new cybercrime campaign is turning supply chain attacks into a public competition, as TeamPCP and BreachForums operators launch a $1,000 contest that encourages hackers…
Category: GBHackers
Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker
Langflow instances left unpatched against CVE-2026-33017 are now being actively abused not just for remote code execution, but as launchpads to steal AWS keys and…
Google Enhances Android Mobile Security with New AI-powered Protections
Mobile devices have become ground zero for a ruthless wave of cyberattacks, with invisible threat actors draining bank accounts and hijacking digital identities before victims…
ClickFix Evolves Using Decade-Old Open-Source Python SOCKS5 Proxy
A newly observed ClickFix campaign is pushing beyond simple user-triggered infections, introducing a more persistent and stealthy intrusion chain using PySoxy, a 10-year-old open-source Python…
Ransomware Gangs Use BYOVD and EDR Killers to Disable Security Tools
Ransomware is evolving faster than many defenses can keep up. In 2026, attackers are no longer just encrypting files they are systematically dismantling security tools,…
Cushman and Wakefield Confirms Data Breach Impacting Over 310,000 Accounts
Global real estate powerhouse Cushman & Wakefield is the latest casualty in an escalating war of corporate extortion. Following a tense “pay or leak” standoff,…
SAP Releases Patch for Critical SQL Injection Flaw in S/4HANA
A severe vulnerability has struck the heart of enterprise resource planning systems this month, threatening organizations worldwide with potential data breaches. On May 12, 2026,…
Threat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing Sites
Threat actors are rapidly adopting generative AI platforms to scale phishing operations, and Vercel has emerged as a powerful enabler in this shift. Vercel is…
Zoom Rooms and Workplace Flaws Expose Users to Elevated Access Attacks
A newly disclosed batch of vulnerabilities in Zoom’s software suite could give attackers the leverage they need to hijack systems. Zoom has released critical security…
Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks
A critical security vulnerability in the Cline AI coding assistant’s kanban package exposes developers to remote code execution, data theft, and denial-of-service attacks by simply…
Python Infostealer Hides in GitHub Releases to Bypass Detection
A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low‑visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait”…
cPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940
A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a highly sophisticated and elusive cybercriminal…