Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec
New York, New York, April 1st, 2026, CyberNewswire TAC Infosec, a global leader in cybersecurity (NSE: TAC), with presence across 100+ countries, announced a...
GBHackers
20 articles
Hackers Exploit Hotel Booking Systems to Send Fake Payment Requests to Guests
Hackers are increasingly targeting hotel booking workflows to trick travelers into handing over payment details, using a technique that blends real reservati...
PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw
A critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and execute ar...
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems
A North Korea–nexus threat actor has hijacked the popular Axios NPM package in a high‑impact software supply chain attack that can silently backdoor Windows,...
CrewAI Hit by Critical Vulnerabilities Enabling Sandbox Escape and Host Compromise
CrewAI, a prominent tool used by developers to orchestrate multi-agent AI systems, is currently vulnerable to a chain of critical security flaws. By using di...
Windows 11 Update Fixes Critical Installation Loop Problem
Microsoft has rolled out an urgent, out-of-band update to fix a frustrating installation glitch plaguing Windows 11 users. On March 31, 2026, the company rel...
PyPI Telnyx Python SDK Backdoored to Steal Credentials on Windows, macOS, and Linux
Telnyx Python SDK on PyPI, using a multi‑stage WAV steganography payload to steal credentials across Windows, macOS, and Linux systems. The backdoor lives in...
TrueConf Vulnerability Under Active Exploitation in Southeast Asia Government Attacks
Check Point Research has discovered a critical zero-day vulnerability in the TrueConf video conferencing client. Tracked as CVE-2026-3502 with a CVSS score o...
NPM Supply Chain Attack Uses undicy-http to Deploy RAT
A highly sophisticated npm supply chain attack that abuses a fake HTTP client package to deliver both a powerful RAT and a stealthy browser stealer. The mali...
Google Cloud’s Vertex AI Hit by Vulnerability Enabling Sensitive Data Access
Artificial intelligence agents are transforming enterprise workflows, but they also introduce dangerous new attack vectors. Security researchers from Palo Al...
Hackers Actively Exploit Critical WebLogic RCE Vulnerabilities in Ongoing Attacks
A maximum-severity vulnerability in Oracle WebLogic Server is facing rapid exploitation in the wild. Tracked as CVE-2026-21962, this unauthenticated Remote C...
XLoader malware Sharpens Obfuscation, Masks C2 Traffic via Decoy Servers
XLoader’s developers have released new versions that significantly harden the malware’s code and hide its command‑and‑control (C2) traffic behind layers of e...
Windows Tools Abused to Kill AV Ahead of Ransomware Attacks
Hackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, maki...
Axios NPM Packages Breached in Ongoing Supply Chain Attack
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a malicious dependency into specific A...
Dutch Finance Ministry Responds to Cyberattack by Taking Systems Offline
The Dutch Ministry of Finance is actively managing a significant cybersecurity incident after discovering unauthorized access to its internal Information and...
Telegram-Based ResokerRAT Adds Screenshot Capture and Persistence
Hackers are deploying a new Windows malware called ResokerRAT, a Telegram‑based Remote Access Trojan (RAT) that gives attackers stealthy remote control over ...
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network G...
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than t...
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to ...
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature
Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks.