Researchers Score $516,500 For 37 Unique Zero-Days
Day Two of Pwn2Own Automotive 2026 kicked off with high intensity, as security researchers targeted automotive infotainment systems, EV chargers, and gateways. Building on Day…
Category: GBHackers
Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time – GBHackers Security
Miami, Florida, January 22nd, 2026, CyberNewsWire Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has successfully…
Node.js binary-parser Library Flaw Enables Malicious Code Injection
A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20,…
Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments
Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across…
Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning
CISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to its Known Exploited Vulnerabilities (KEV)…
JA3 Fingerprinting Tool Exposes Attackers’ Infrastructure
JA3 fingerprinting, long dismissed as outdated technology, is experiencing a resurgence as security teams discover its practical value in identifying and tracking malicious infrastructure with…
Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages
Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically,…
Multi-Stage Scheme Steals Data, Triggers UPI Payments
A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent…
BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records
A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that…
NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution
NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on…
Critical Vivotek Flaw Enables Remote Arbitrary Code Execution
Akamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets…
New Osiris Ransomware Leverages Living Off the Land and Dual-Use Tools in Attacks
A newly discovered ransomware family, Osiris, targeted a major foodservice franchisee in Southeast Asia in November 2025. Despite sharing a name with a 2016 Locky…