GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Fortinet has disclosed a critical security vulnerability in FortiOS that could allow authenticated attackers to execute arbitrary code through a heap-based buffer overflow in the cw_stad daemon, affecting multiple versions of the popular network security operating system. Critical Security Flaw Discovered in FortiOS Fortinet announced today the discovery of a significant security vulnerability, designated as CVE-2025-24477, […]

The post FortiOS Buffer Overflow vulnerability Enables Remote Code Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ivanti has released critical security updates for its Connect Secure and Policy Secure products, addressing six medium-severity vulnerabilities that could potentially lead to denial-of-service attacks and unauthorized access. The cybersecurity firm announced today that while no customers have been exploited by these vulnerabilities at the time of disclosure, immediate patching is recommended to prevent potential […]

The post Ivanti Products Connect Secure and Policy Secure Hit by Denial-of-Service Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

MediaTek has released a comprehensive security bulletin addressing 16 critical vulnerabilities across its extensive chipset portfolio, including smartphone, tablet, AIoT, smart display, smart platform, OTT, computer vision, audio, and TV chipsets. The July 2025 security update reveals seven high-severity and nine medium-severity vulnerabilities that could potentially compromise device security through various attack vectors including remote code execution, […]

The post MediaTek July 2025 Security Update Addresses Multiple Chipset Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical path traversal vulnerability in Ruby on Rails, designated as CVE-2019-5418. The agency added this five-year-old security flaw to its Known Exploited Vulnerabilities (KEV) catalog on July 7, 2025, signaling that threat actors are actively leveraging this […]

The post CISA Alerts on Active Exploit of Ruby on Rails Path Traversal Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have released proof-of-concept exploits for CVE-2025-5777, a critical vulnerability in Citrix NetScaler ADC and Gateway devices dubbed “CitrixBleed2.” The flaw allows unauthenticated attackers to extract sensitive data from device memory, including session tokens that can be used to bypass multi-factor authentication. Vulnerability Details and Impact CVE-2025-5777 is a memory disclosure vulnerability with a CVSS score of […]

The post PoC Exploits Released for CitrixBleed2: 127 Bytes Exfiltrated Per Request appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Atomic macOS Stealer (AMOS), a notorious piece of info-stealing malware targeting Apple users, has undergone a significant update, introducing an embedded backdoor for the first time. This development, reported by Moonlock a cybersecurity division of MacPaw marks a critical escalation in the malware’s capabilities, allowing attackers to maintain persistent access to compromised macOS systems. […]

The post Atomic macOS Info-Stealer Updated with New Backdoor for Persistent Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have discovered a critical vulnerability in DNN (formerly DotNetNuke), one of the oldest open-source content management systems, that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique. The vulnerability, tracked as CVE-2025-52488, affects the widely-used enterprise CMS platform and demonstrates how defensive coding measures can be circumvented through carefully […]

The post DNN Vulnerability Exposes NTLM Credentials via Unicode Normalization Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SAP released critical security updates on July 8, 2025, addressing 27 vulnerabilities across its enterprise software portfolio, with seven classified as critical-severity flaws. The monthly Security Patch Day also included three updates to previously released security notes, underscoring the ongoing security challenges facing enterprise software environments. The most severe vulnerability, CVE-2025-30012, affects SAP Supplier Relationship Management’s […]

The post SAP July 2025 Patch Day: Fixes for 27 Flaws, Including 7 Critical appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Call of Duty team removed the PC edition of Call of Duty: WWII off the internet on Saturday after numerous allegations of a serious security flaw surfaced, which is concerning for the gaming community. The culprit appears to be a Remote Code Execution (RCE) vulnerability an especially dangerous flaw that enables attackers to execute […]

The post Call of Duty Gamers Hacked via RCE Exploit Allowing Player-to-Player Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

FortiGuard Labs has discovered a current campaign that targets Microsoft Windows users with the NordDragonScan infostealer, which is a worrying trend for cybersecurity. This high-severity threat leverages a complex infection chain to infiltrate systems, harvest sensitive data, and exfiltrate it to a command-and-control (C2) server for potential use in future attacks. As detailed in the […]

The post NordDragonScan Targets Windows Users to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability has been discovered in Apple’s macOS SMBClient, exposing millions of users to the risk of remote code execution (RCE) and potentially catastrophic kernel crashes. Tracked as CVE-2025-24269, this flaw is rated with a CVSS score of 9.8, marking it as one of the most severe security issues to affect the macOS platform in recent […]

The post macOS SMBClient Flaw Enables Remote Code Execution and Kernel Crashes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

 The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding the active exploitation of a long-standing vulnerability in PHPMailer, a widely used open-source email-sending library for PHP applications. The flaw, tracked as CVE-2016-10033, poses a significant threat to organizations relying on PHPMailer for email functionality within their web applications. Vulnerability Overview The PHPMailer […]

The post CISA Alerts on Active Exploitation of PHPMailer Command Injection Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent security analysis has uncovered critical vulnerabilities in the infotainment systems of KIA vehicles, raising alarm across the automotive cybersecurity community. These flaws allow attackers to inject and execute malicious code through specially crafted PNG image files, potentially compromising vehicle safety and user privacy. Security researchers, during an in-depth examination of KIA’s head unit and its […]

The post Critical Vulnerabilities in KIA Infotainment Let Attackers Inject Code with PNG Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), urging organizations to take immediate action to mitigate the threat. The flaw, tracked as CVE-2019-9621, is a server-side request forgery (SSRF) vulnerability that resides in the ProxyServlet component of ZCS and has […]

The post CISA Issues Alert Over Actively Exploited Flaw in Zimbra Collaboration Suite appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Dr.Web Security Space for mobile devices reported that malware activity on Android devices increased significantly in the second quarter of 2025. Adware trojans, particularly from the Android.HiddenAds family, remained the most prevalent threat, despite an 8.62% decrease in user encounters. These trojans often disguise themselves as harmless apps or hide within system directories, concealing their […]

The post Malware Attacks on Android Devices Surge in Q2, Driven by Banking Trojans and Spyware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

“Slopsquatting” is a new supply-chain danger that has surfaced in the quickly changing field of AI-driven software development, presenting serious hazards to developers who depend on sophisticated coding agents. Unlike traditional typosquatting, which capitalizes on human typing errors, slopsquatting exploits the hallucinations of AI-powered coding assistants tools like Claude Code CLI, OpenAI Codex CLI, and […]

The post New Slopsquatting Attack Exploits Coding Agent Workflows to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals continue to use kernel-level malware as a preferred weapon against Windows systems amid a terrifying increase in cyberthreats. Operating at ring 0 the highest privilege level in the operating system such malware grants attackers unparalleled access to disable security defenses, maintain persistence, and operate undetected. Despite Microsoft’s robust countermeasures like PatchGuard, Driver Signature Enforcement […]

The post Abusing Trust: Threat Actors Leverage Signed Drivers for Stealthy Windows Kernel Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Parrot Security team has released Parrot Security OS 6.4, a robust update featuring community-driven enhancements and contributions. As the probable final chapter of the 6.x series, this release refines the security-focused OS and sets the stage for the upcoming Parrot 7. Parrot Security OS is an Ethical Hacking and Cybersecurity Professional dedicated Distribution, explicitly […]

The post Parrot Security OS 6.4 Released – What’s New! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ESET researchers have uncovered a series of malicious tools deployed by BladedFeline, an Iran-aligned advanced persistent threat (APT) group, targeting Kurdish and Iraqi government officials. Active since at least 2017, BladedFeline has been linked with medium confidence to the notorious OilRig APT group, known for cyberespionage across the Middle East. Sophisticated Cyberespionage Campaign The group’s […]

The post BladedFeline Exploits Whisper and PrimeCache to Breach IIS and Microsoft Exchange Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Batavia, an unidentified spyware, has been using a sophisticated phishing operation to target Russian industrial organizations since July 2024. Kaspersky researchers have identified a sharp rise in detections since early March 2025, with over 100 users across dozens of organizations falling prey to bait emails disguised as contract agreements. These emails, often containing file names […]

The post Batavia Spyware Targets Employees via Weaponized Word Documents Delivering Malware Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.