Nginx UI Vulnerabilities Let Attackers Download Full System Backups
A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups. Tracked as CVE-2026-27944,…
Category: GBHackers
Hikvision Multiple Product Vulnerability Could Let Attackers Escalate Privileges
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting multiple Hikvision products to its Known Exploited Vulnerabilities (KEV) catalog.…
Critical ExifTool Vulnerability Allows Malicious Images to Execute Code on macOS
Many users believe macOS is inherently resistant to malware, but a newly discovered vulnerability proves otherwise. Kaspersky’s Global Research and Analysis Team (GReAT) recently uncovered…
CISA Alerts Users to Actively Exploited Vulnerabilities Impacting macOS and iOS
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three actively exploited vulnerabilities affecting multiple Apple platforms. On March 5, 2026,…
China-Nexus Hackers Target Telecommunication Providers with New Malware Attack
A highly sophisticated China-linked threat actor, identified as UAT-9244, has been actively targeting critical telecommunications infrastructure across South America since 2024. Security researchers assess with…
New Linux Rootkits Leverage Advanced eBPF and io_uring Techniques for Stealthy Attacks
Linux rootkits have historically received less attention than their Windows counterparts, but the rapid adoption of Linux in cloud infrastructure, containers, and IoT devices has…
AWS-LC Flaw Exposes Amazon Users to Attacks by Bypassing Certificate Chain Validation
Amazon issued a critical security bulletin (2026-005-AWS) detailing three high-severity vulnerabilities in AWS-LC, its open-source cryptographic library. Discovered through a coordinated disclosure process with the…
Apache ActiveMQ Flaw Enables DoS Attacks via Malformed Network Packets
Security researchers have uncovered a significant vulnerability in Apache ActiveMQ, a popular open-source message broker used by enterprises to route data between applications. Tracked as…
AVideo Platform Vulnerability Allows Hackers to Hijack Streams via Zero-Click Command Injection
A highly critical security flaw has been disclosed in the AVideo platform, leaving media servers exposed to complete system takeover. Tracked as CVE-2026-29058, this zero-click,…
RMM Tools Crucial for IT Operations, But Growing Threat as Attackers Weaponize Them
Threat actors are increasingly weaponizing trusted administrative software to bypass security defenses. By exploiting legitimate software, cybercriminals gain persistent, hands-on-keyboard (HOK) access while hiding within…
OpenAI’s Codex Security Built to Automate Vulnerability Discovery and Remediation
OpenAI has officially introduced Codex Security, an advanced application security agent designed to automate vulnerability discovery and remediation. Formerly known as Aardvark, the tool is…
Malicious Browser Add‑on Targets imToken Users’ Private Keys
Socket’s Threat Research Team has uncovered a highly deceptive Google Chrome extension designed to steal private keys and seed phrases from cryptocurrency users. The malicious…