Google Project Zero Details Pixel 10 Zero-Click Exploit Chain
A powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through…
Category: GBHackers
Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & Kubernetes
Shai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self-propagating npm worm designed to…
VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges
A newly disclosed vulnerability in VMware Fusion has raised serious security concerns after researchers confirmed it could allow attackers to escalate privileges to root on…
Gunra Ransomware Expands RaaS After Conti Locker Shift
Gunra ransomware is rapidly evolving into a more structured and dangerous cybercrime operation after shifting from a Conti-based locker to its own Ransomware-as-a-Service (RaaS) model.…
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential…
Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution
Windows systems worldwide are at risk from a new critical flaw in the Windows DNS Client that could allow remote code execution without any user…
Sandworm Hackers Shift From IT Breaches to Critical OT Targets
A new wave of cyber activity linked to the notorious Sandworm group is raising fresh alarms across global critical infrastructure. Security researchers warn that the…
Critical WordPress Plugin Flaw Allows Unauthorized Access to Websites
A critical vulnerability in a widely used WordPress plugin has exposed more than 200,000 websites to potential takeover, raising urgent concerns across the security community.…
TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest
A new cybercrime campaign is turning supply chain attacks into a public competition, as TeamPCP and BreachForums operators launch a $1,000 contest that encourages hackers…
Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker
Langflow instances left unpatched against CVE-2026-33017 are now being actively abused not just for remote code execution, but as launchpads to steal AWS keys and…
Google Enhances Android Mobile Security with New AI-powered Protections
Mobile devices have become ground zero for a ruthless wave of cyberattacks, with invisible threat actors draining bank accounts and hijacking digital identities before victims…
ClickFix Evolves Using Decade-Old Open-Source Python SOCKS5 Proxy
A newly observed ClickFix campaign is pushing beyond simple user-triggered infections, introducing a more persistent and stealthy intrusion chain using PySoxy, a 10-year-old open-source Python…