GBHackers On Security

Dubai, UAE, May 11th, 2026, CyberNewswire Dubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification — slated for IETF submission. OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two milestones that together position the company as foundational infrastructure for The post Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A dispute over maintainer access in the widely used Go library fsnotify has triggered temporary supply chain concerns after contributors were removed from the project’s GitHub organization and recent releases came under scrutiny. While no evidence suggests that any version of fsnotify has been compromised, the incident highlights how governance ambiguity in critical open source projects can The post fsnotify Maintainer Access Change Sparks Supply Chain Security Concerns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a highly sophisticated and elusive cybercriminal syndicate known as Mr_Rot13. The vulnerability carries a maximum severity CVSS score of 9.8, allowing unauthenticated remote attackers to completely bypass standard authentication protocols and gain full administrator privileges over The post cPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low‑visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait” in some reporting, appears designed for cyberespionage against Russian‑speaking targets using humanitarian‑themed lures and a PE‑less Python architecture. The campaign starts with phishing emails that deliver a RAR archive containing The post Python Infostealer Hides in GitHub Releases to Bypass Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Recently disclosed vulnerabilities in PHP, particularly within its widely used SOAP extension, have raised significant alarms across the cybersecurity community. Among the newly identified flaws is a high-severity vulnerability that could permit attackers to achieve Remote Code Execution (RCE) on affected servers. Several other moderate-severity flaws, including Use-After-Free (UAF) bugs, NULL pointer dereferences, and out-of-bounds The post PHP SOAP Extension Flaw Could Let Attackers Execute Code Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers are abusing a fake Claude AI download site to deliver a PlugX‑style DLL sideloading chain that ultimately deploys a new Windows backdoor dubbed “Beagle.” The campaign blends malvertising, a trojanized installer, and signed security software components to achieve stealthy persistence and remote control. Attackers registered claude-pro[.]com, a site that visually imitates Anthropic’s legitimate Claude The post Fake Claude Campaign Uses PlugX-Style DLL Sideloading Chain appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has disclosed a trio of critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. Released on May 7, 2026, these security flaws pose a substantial risk to enterprise data privacy and corporate confidentiality. If successfully exploited, malicious actors could bypass established security boundaries to access sensitive information processed, summarized, The post Microsoft 365 Copilot Flaws Could Let Attackers Access Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A malicious Hugging Face repository, Open-OSS/privacy-filter, that abused the platform’s trust and trending algorithm to deliver a sophisticated Rust-based infostealer to Windows users. The project briefly reached the #1 trending position with roughly 244,000 downloads and hundreds of likes before Hugging Face took it down, strongly suggesting the threat actor artificially boosted its popularity to The post Trending Hugging Face Repo With 200K Downloads Spreads Windows Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have exposed critical sandbox escape vulnerabilities in Sandboxie and Sandboxie-Plus that allow attackers to gain full SYSTEM-level privileges. We strongly urge users to update to version 1.17.5, which was recently patched, to mitigate these severe execution threats. A series of catastrophic security vulnerabilities has been exposed in Sandboxie and Sandboxie-Plus, allowing threat actors The post Sandboxie Escape Flaw Could Let Attackers Gain SYSTEM-Level Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Public references indicate that a GitHub proof-of-concept is now circulating for CVE-2026-0073, the critical Android flaw documented in Google’s May 2026 security bulletin, raising the urgency for defenders with wireless ADB enabled on test or production devices. Google and multiple security reports describe the issue as a no-interaction remote code execution vulnerability in Android’s adbd The post PoC Exploit Released for Android Zero-Click Flaw Enabling Remote Shell Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.