Category: GBHackers

20,000 WordPress Sites Compromised by Backdoor Vulnerability Enabling Malicious Admin Access
23
Jan
2026

20,000 WordPress Sites Compromised by Backdoor Vulnerability Enabling Malicious Admin Access

A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more…

Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware
23
Jan
2026

Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware

Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web….

TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability
23
Jan
2026

TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability

TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw,…

Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability
23
Jan
2026

Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability

Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances….

Researchers Score $516,500 For 37 Unique Zero-Days
23
Jan
2026

Researchers Score $516,500 For 37 Unique Zero-Days

Day Two of Pwn2Own Automotive 2026 kicked off with high intensity, as security researchers targeted automotive infotainment systems, EV chargers,…

Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time
23
Jan
2026

Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time – GBHackers Security

Miami, Florida, January 22nd, 2026, CyberNewsWire Halo Security, a leading provider of external attack surface management and penetration testing services,…

Node.js binary-parser Library Flaw Enables Malicious Code Injection
23
Jan
2026

Node.js binary-parser Library Flaw Enables Malicious Code Injection

A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability…

Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments
22
Jan
2026

Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments

Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing…

Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning
22
Jan
2026

Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning

CISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to…

JA3 Fingerprinting Tool Exposes Attackers' Infrastructure
22
Jan
2026

JA3 Fingerprinting Tool Exposes Attackers’ Infrastructure

JA3 fingerprinting, long dismissed as outdated technology, is experiencing a resurgence as security teams discover its practical value in identifying…

Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages
22
Jan
2026

Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages

Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s…

Multi-Stage Scheme Steals Data, Triggers UPI Payments
22
Jan
2026

Multi-Stage Scheme Steals Data, Triggers UPI Payments

A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain…