Cline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep access to source code, cloud credentials, and terminals, Cline automates complex coding tasks. However, researchers from Oasis Security uncovered a critical flaw (CVSS 9.7) that allows malicious websites to silently hijack […]

The post Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The SUSE Rancher Security team disclosed a critical vulnerability tracked as CVE-2026-41050. This severe flaw affects Rancher Fleet, a popular GitOps tool for managing Kubernetes clusters at scale. The vulnerability completely breaks the platform’s core multi-tenant isolation mechanism, allowing malicious users to bypass security boundaries and steal sensitive data. According to an analysis by Lyrie […]

The post Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mozilla has successfully identified and patched 423 latent security vulnerabilities in Firefox using advanced artificial intelligence models, notably Claude Mythos Preview. Two weeks after initially announcing their AI-assisted security initiative, Firefox developers have shared a behind-the-scenes look at how they engineered a highly effective threat-hunting pipeline. This milestone marks a significant shift in open-source security, […]

The post 423 Firefox Flaws Fixed as Browser Gains Support for Claude, Mythos, and More appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a newly identified, severe vulnerability within Palo Alto Networks PAN-OS. Officially tracked as CVE-2026-0300, this critical flaw was aggressively added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on May 6, 2026. Because the vulnerability grants unauthorized users complete system control, federal agencies […]

The post CISA Issues Warning Over Palo Alto PAN-OS Flaw Enabling Root-Level Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have identified four new vulnerabilities in the Spring Cloud Config Server, ranging from medium to critical severity. These newly disclosed flaws could allow attackers to access arbitrary files, leak Google Cloud Platform (GCP) secrets, and manipulate system directories. Administrators, please patch your systems immediately to prevent active exploitation. Spring Vulnerabilities Critical Directory Traversal […]

The post Spring Vulnerabilities Open Door to Arbitrary File Access and GCP Secret Leaks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has officially rolled out Chrome version 148 to the stable channel, delivering a massive security overhaul that addresses 127 vulnerabilities across Windows, Mac, and Linux. The update, now available as version 148.0.7778.96 for Linux and 148.0.7778.96 or 148.0.7778.97 for Windows and Mac, patches several critical memory management flaws that could allow attackers to execute […]

The post Google Chrome 148 Released With Fixes for 127 Security Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Redis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote code execution (RCE) on affected Redis servers. The advisory, published May 5, 2026, by Redis Chief Information Security Officer Riaz Lakhani, covers CVE-2026-23479, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589, and CVE-2026-23631. Redis Security Flaws Expose Servers CVE-2026-23479 […]

The post Redis Security Flaws Expose Servers to Remote Code Execution Risks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability has been identified in Argo CD that could allow attackers with minimal privileges to extract highly sensitive Kubernetes Secrets directly from etcd clusters. Tracked as CVE-2026-42880 and rated 9.6, this severe security flaw exposes a missing authorisation and data-masking gap within the platform. According to the disclosure, this exposure primarily affects environments […]

The post Argo CD ServerSideDiff Flaw Allows Attackers to Extract Kubernetes Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical unauthenticated remote code execution vulnerability in Weaver (Fanwei) E-cology is being actively exploited in the wild, with real-world intrusion activity traced back to mid-March 2026, weeks before public awareness. Tracked as CVE-2026-22679 with a CVSS score of 9.8, this flaw exposes enterprise office automation systems to full OS-level compromise without requiring any authentication. Vulnerability Overview CVE-2026-22679 […]

The post Critical Weaver E-cology RCE Exploit Raises Alarm for Enterprise Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

WhatsApp has recently patched two notable security vulnerabilities that could have allowed attackers to execute malicious links and disguise dangerous files. The most alarming discovery involves a flaw in how WhatsApp processes Instagram Reels. This vulnerability allows remote threat actors to trigger arbitrary URLs on a victim’s device by exploiting unvalidated message elements. Meta’s latest […]

The post WhatsApp Security Flaw Enables Malicious URL Execution Through Instagram Reels appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Qualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industrial Internet of Things devices without requiring user interaction. The semiconductor giant is strongly urging original equipment manufacturers to deploy […]

The post Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-31431, this flaw is currently being exploited in the wild by threat actors. This active exploitation has prompted urgent patching mandates for federal agencies and strong recommendations for private organizations worldwide. […]

The post CISA Flags Linux Kernel Vulnerability as Threat Actors Launch Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Apache MINA project has issued urgent security updates to address two severe vulnerabilities. These security flaws could allow malicious actors to execute unauthorized code remotely. The development team has successfully patched these issues in the newly released Apache MINA versions 2.2.7 and 2.1.12. Apache MINA is a widely used framework for building high-performance network […]

The post New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The US Cybersecurity and Infrastructure Security Agency (CISA) has raised the alarm over a critical security vulnerability affecting WebPros cPanel & WebHost Manager (WHM) and WP2 (WordPress Squared). On April 30, 2026, CISA officially added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, confirming that malicious actors are actively abusing it in real-world attacks. […]

The post CISA Alert Highlights Active Exploitation of cPanel & WHM Security Bug appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical zero-day vulnerability in cPanel and WebHost Manager (WHM) is under massive active exploitation following the public release of a sophisticated proof-of-concept exploit. Tracked as CVE-2026-41940, this flaw has already compromised tens of thousands of servers worldwide. The vulnerability, identified as CVE-2026-41940, is a severe authentication bypass flaw affecting cPanel and WHM. It carries […]

The post cPanelSniper PoC Exploit Disclosed as 44,000 Servers Reportedly Compromised appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The developers of the Exim mail server have officially rolled out version 4.99.2 to address four newly discovered security vulnerabilities. This critical update patches multiple software flaws that could allow attackers to crash server connections, corrupt memory heaps, or potentially leak sensitive system data. Mail server administrators are strongly advised to apply these fixes immediately […]

The post Multiple Exim Mail Server Vulnerabilities Could Trigger Crashes via Malicious DNS Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Wireshark Foundation has released version 4.6.5 of its widely used network protocol analyzer, addressing a massive wave of security vulnerabilities. This urgent update patches over 40 distinct security flaws, driven by a recent surge in AI-assisted vulnerability reports. The most critical bugs in this release allow for possible arbitrary code execution, elevating the risk […]

The post Multiple Wireshark Vulnerabilities Allow Arbitrary Code Execution via Malformed Packets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injection vulnerability allows an authenticated administrator to execute arbitrary commands with root privileges. ASUSTOR has since addressed the […]

The post PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session […]

The post Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could allow threat actors to execute arbitrary code or hijack user sessions. All vulnerabilities were responsibly disclosed through the Jenkins Bug Bounty Program, which the […]

The post Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.