GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A critical security vulnerability has been discovered in Citrix’s Windows Virtual Delivery Agent that could allow attackers with low-level system access to escalate their privileges to SYSTEM level, potentially granting them complete control over affected systems. The vulnerability, tracked as CVE-2025-6759, affects Citrix Virtual Apps and Desktops as well as Citrix DaaS (Desktop as a […]

The post Citrix Windows Virtual Delivery Agent Vulnerability Lets Attackers Escalate to SYSTEM Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered in Fortinet’s FortiWeb web application firewall that allows unauthenticated attackers to execute malicious SQL commands through the device’s graphical user interface. The flaw, designated as CVE-2025-25257, poses significant risks to organizations relying on FortiWeb for web application protection. Vulnerability Details The vulnerability stems from improper neutralization of special elements […]

The post FortiWeb SQL Injection Vulnerability Allows Attackers to Execute Malicious SQL Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered two significant vulnerabilities in Zoom Clients for Windows, exposing users to potential Denial of Service (DoS) attacks. The flaws, identified as classic buffer overflow vulnerabilities, could allow an authorized user to disrupt Zoom services via network access. Both issues have been assigned medium severity ratings, and Zoom has released updates to […]

The post Zoom for Windows Flaw Allows Attackers to Trigger DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A chilling discovery by Koi Security has exposed a sophisticated browser hijacking campaign dubbed “RedDirection,” compromising over 1.7 million users through 11 Google-verified Chrome extensions. This operation, which also spans Microsoft Edge with additional extensions totaling 2.3 million infections across platforms, exploited trusted signals like verification badges, featured placements, and high install counts to distribute […]

The post 11 Google-Verified Chrome Extensions Infected Over 1.7 Million Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent in-depth analysis by threat intelligence experts sheds critical light on the pervasive issue of outdated and unreliable data circulating on the dark web. The report, spanning a comprehensive 26-minute read, delves into the world of combolists text files containing username-password pairs and URL-Login-Password (ULP) files, which include associated website URLs alongside credentials. Despite […]

The post New Report Finds Billions of Leaked Credentials and ULP Files on Dark Web Are Outdated appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A China-Nexus Threat Actor has launched a highly advanced assault against China Mobile Tietong Co., Ltd., a division of China Mobile, one of the biggest telecom behemoths in the nation, in a compelling illustration of state-aligned cyberwarfare. Named “DragonClone” by Seqrite Labs APT-Team, this operation underscores the strategic motivations behind China-linked cyber threats, which go […]

The post China-Linked VELETRIX Loader Used in Attacks on Telecommunications Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Monero (XMR), a cryptocurrency, saw a spectacular surge in early 2025, rising 45% from $196 to $285 by May, with a notable peak in April. This surge coincided with a high-profile Bitcoin theft in the US, where the stolen assets were reportedly converted into Monero by a single individual, drawing attention to the privacy-focused coin. […]

The post XMRig Malware Disables Windows Updates and Scheduled Tasks to Maintain Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly identified ransomware group, BERT, tracked by Trend Micro as Water Pombero, has emerged as a significant threat to organizations across Asia, Europe, and the US. First observed in April, BERT targets critical sectors such as healthcare, technology, and event services, employing a dual-platform approach to infect both Windows and Linux systems. Threat Targeting […]

The post BERT Ransomware Can Force Shutdown of ESXi Virtual Machines to Hinder Recovery appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Arctic Wolf has uncovered a cunning cybersecurity threat that exploits search engine optimization (SEO) poisoning and malvertising tactics to distribute Trojanized versions of widely used IT tools such as PuTTY and WinSCP. This campaign cunningly targets IT professionals and system administrators, individuals who frequently rely on these tools for secure file transfers and remote system […]

The post Hackers Manipulate Search Results to Target IT Pros with Trojanized PuTTY and WinSCP appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Check Point Research has revealed important details about the phishing domain patterns and advanced attack techniques of the infamous Scattered Spider organization, which has brought a new wave of cyberthreats under close investigation. Known for their aggressive social engineering tactics, this financially motivated group active since at least 2022 and comprising young individuals aged 19–22 […]

The post Researchers Reveal Scatter Spider’s Tools, Tactics, and Key Indicators appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fortinet has disclosed a critical security vulnerability in FortiOS that could allow authenticated attackers to execute arbitrary code through a heap-based buffer overflow in the cw_stad daemon, affecting multiple versions of the popular network security operating system. Critical Security Flaw Discovered in FortiOS Fortinet announced today the discovery of a significant security vulnerability, designated as CVE-2025-24477, […]

The post FortiOS Buffer Overflow vulnerability Enables Remote Code Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ivanti has released critical security updates for its Connect Secure and Policy Secure products, addressing six medium-severity vulnerabilities that could potentially lead to denial-of-service attacks and unauthorized access. The cybersecurity firm announced today that while no customers have been exploited by these vulnerabilities at the time of disclosure, immediate patching is recommended to prevent potential […]

The post Ivanti Products Connect Secure and Policy Secure Hit by Denial-of-Service Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

MediaTek has released a comprehensive security bulletin addressing 16 critical vulnerabilities across its extensive chipset portfolio, including smartphone, tablet, AIoT, smart display, smart platform, OTT, computer vision, audio, and TV chipsets. The July 2025 security update reveals seven high-severity and nine medium-severity vulnerabilities that could potentially compromise device security through various attack vectors including remote code execution, […]

The post MediaTek July 2025 Security Update Addresses Multiple Chipset Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical path traversal vulnerability in Ruby on Rails, designated as CVE-2019-5418. The agency added this five-year-old security flaw to its Known Exploited Vulnerabilities (KEV) catalog on July 7, 2025, signaling that threat actors are actively leveraging this […]

The post CISA Alerts on Active Exploit of Ruby on Rails Path Traversal Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have released proof-of-concept exploits for CVE-2025-5777, a critical vulnerability in Citrix NetScaler ADC and Gateway devices dubbed “CitrixBleed2.” The flaw allows unauthenticated attackers to extract sensitive data from device memory, including session tokens that can be used to bypass multi-factor authentication. Vulnerability Details and Impact CVE-2025-5777 is a memory disclosure vulnerability with a CVSS score of […]

The post PoC Exploits Released for CitrixBleed2: 127 Bytes Exfiltrated Per Request appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Atomic macOS Stealer (AMOS), a notorious piece of info-stealing malware targeting Apple users, has undergone a significant update, introducing an embedded backdoor for the first time. This development, reported by Moonlock a cybersecurity division of MacPaw marks a critical escalation in the malware’s capabilities, allowing attackers to maintain persistent access to compromised macOS systems. […]

The post Atomic macOS Info-Stealer Updated with New Backdoor for Persistent Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have discovered a critical vulnerability in DNN (formerly DotNetNuke), one of the oldest open-source content management systems, that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique. The vulnerability, tracked as CVE-2025-52488, affects the widely-used enterprise CMS platform and demonstrates how defensive coding measures can be circumvented through carefully […]

The post DNN Vulnerability Exposes NTLM Credentials via Unicode Normalization Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SAP released critical security updates on July 8, 2025, addressing 27 vulnerabilities across its enterprise software portfolio, with seven classified as critical-severity flaws. The monthly Security Patch Day also included three updates to previously released security notes, underscoring the ongoing security challenges facing enterprise software environments. The most severe vulnerability, CVE-2025-30012, affects SAP Supplier Relationship Management’s […]

The post SAP July 2025 Patch Day: Fixes for 27 Flaws, Including 7 Critical appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Call of Duty team removed the PC edition of Call of Duty: WWII off the internet on Saturday after numerous allegations of a serious security flaw surfaced, which is concerning for the gaming community. The culprit appears to be a Remote Code Execution (RCE) vulnerability an especially dangerous flaw that enables attackers to execute […]

The post Call of Duty Gamers Hacked via RCE Exploit Allowing Player-to-Player Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

FortiGuard Labs has discovered a current campaign that targets Microsoft Windows users with the NordDragonScan infostealer, which is a worrying trend for cybersecurity. This high-severity threat leverages a complex infection chain to infiltrate systems, harvest sensitive data, and exfiltrate it to a command-and-control (C2) server for potential use in future attacks. As detailed in the […]

The post NordDragonScan Targets Windows Users to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.