GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

In a recent discovery, a security researcher uncovered a critical SQL injection vulnerability on Microsoft’s DevBlogs website (accessible at https://devblogs.microsoft.com). This vulnerability could allow attackers to manipulate the site’s underlying database by injecting malicious SQL queries, posing a significant risk to the platform and its data integrity. Identifying the Vulnerability The vulnerability was found in the […]

The post SQL Injection Vulnerability in Microsoft’s DevBlogs Lets Hackers Injecting Malicious SQL appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) announced three new Industrial Control Systems (ICS) advisories. These advisories provide critical insights into vulnerabilities impacting Traffic Alert and Collision Avoidance Systems (TCAS) II, Siemens SIMATIC S7-1200 CPUs, and ZF Roll Stability Support Plus (RSSPlus). Each advisory includes detailed technical descriptions of the vulnerabilities, associated CVEs, and recommended […]

The post Three New ICS Advisories Released by CISA Detailing Vulnerabilities & Mitigations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting. […]

The post Security Researchers Discover Critical RCE Vulnerability, Earned $40,000 Bounty appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A potential security flaw in IBM i Access Client Solutions (ACS) has raised serious concerns about password leakage, leaving users vulnerable to exploitation. Research published yesterday by a vulnerability assessment team revealed that the *WINLOGON authentication feature in IBM ACS is questionably storing Windows credentials, potentially exposing plaintext passwords. This alarming discovery has prompted immediate […]

The post IBM i Access Client Solutions Might Be Leaking Your Passwords appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly identified extension for Visual Studio Code (VS Code) has been found to impersonate a legitimate Zoom application, enabling cybercriminals to steal sensitive cookies from Google Chrome. This incident marks a significant escalation in the tactics employed by malicious actors to exploit trusted software ecosystems. The Discovery The nefarious extension, uploaded to the VS […]

The post Weaponized VS Code Impersonate Zoom App Steals Cookies From Chrome appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A security researcher, exploring reverse engineering and exploit development, has successfully identified a critical vulnerability in the TP-Link TL-WR940N router, specifically affecting hardware versions 3 and 4 with all firmware up to the latest version. This vulnerability, which has been documented as CVE-2024-54887, allows for potential arbitrary remote code execution (RCE) through stack buffer overflow […]

The post PoC Exploit Released for TP-Link Code Execution Vulnerability(CVE-2024-54887) appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A security vulnerability has been identified in Brave Browser, potentially allowing malicious websites to masquerade as trusted ones during file upload or download operations. The issue, tracked under CVE-2025-23086, affects specific versions of the Brave browser on desktop platforms, creating a risk for unsuspecting users. Brave Browser Vulnerability The vulnerability impacts Brave Browser versions 1.70.x […]

The post Brave Browser Vulnerability Allows Malicious Website Appears as Trusted One appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent phishing campaign has targeted customers of SBI Bank through a deceptive message circulating in WhatsApp groups. The message falsely claims that the recipient’s SBI reward points, amounting to Rs 9,980, will expire unless they download a purported “SBI BANK REWARD App.” This app is represented as an Android APK file, prompting users to […]

The post Beware! Fake SBI Reward APK Attacking Users to Deliver Android Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Gootloader malware family employs sophisticated social engineering tactics to infiltrate computers. By leveraging compromised legitimate WordPress websites, Gootloader’s operators manipulate Google search results to redirect users to a deceptive online message board. They link the malware to a simulated conversation featuring fictitious users, effectively answering the exact queries victims input into search engines. Investigate […]

The post Gootloader Malware Employs Blackhat SEO Techniques To Attack Victims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications. This issue affects all versions before 5.13.0 and is characterized by an argument injection vulnerability, enabling potential attackers to modify git-upload-pack flags when utilizing the file transport protocol. This protocol is particularly vulnerable […]

The post Critical SUSE Linux Distro Injection Vulnerability Allow Attackers Exploits “go-git” Library appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services. This issue, documented as CVE-2025-23184, poses a significant risk as it can lead to a Denial of Service (DoS) attack due to improper handling of temporary files. The vulnerability has been confirmed in specific versions […]

The post Apache CXF Vulnerability Triggers DoS Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has announced the release of Windows 11 Insider Preview Build 27774 to the Canary Channel. This build comes packed with enhancements, including a significant new feature aimed at bolstering system security—Administrator Protection. The highlight of this update is the newly integrated Administrator Protection, which can now be activated directly from the Windows Security settings […]

The post Microsoft Rolls Out New Administrator Protection Feature Under Windows Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In early January 2025, a new ransomware strain identified as Contacto surfaced, showcasing advanced techniques designed to bypass conventional security measures. This analysis provides insights into its operational mechanisms, particularly suited for professionals venturing into ransomware analysis. Operational Mechanisms Upon execution, Contacto ransomware employs the GetConsoleWindow() and ShowWindow() functions to retrieve and conceal its command […]

The post New Contacto Ransomware Evades AV Detection & Uses Windows Console for Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Open Web Application Security Project (OWASP) has released its updated Smart Contract Top 10 for 2025, providing essential insights for developers and security teams in the rapidly evolving Web3 environment. This document outlines the most pressing vulnerabilities found in smart contracts, serving as a crucial resource for maintaining security and protecting against exploitation. OWASP’s new release […]

The post OWASP Smart Contract Top 10 2025 Released – What’s new! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A ransomware attack has compelled UK Brit, a prominent British high school, to close its doors to students for two days, specifically Monday, January 20, and Tuesday, January 21, 2025. This decision follows an incident that occurred on Friday, January 17, which has left school officials scrambling to address potential security breaches. In a statement […]

The post Ransomware Attack Forces UK Brit High School to Close Doors For Students appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A serious code execution vulnerability in the TP-Link TL-WR940N router, identified as CVE-2024-54887, has become the focus of intense scrutiny following the release of a proof-of-concept (PoC) exploit. This vulnerability allows attackers to execute arbitrary code on the device remotely without authentication, posing significant risks to network security. The following article provides an overview of […]

The post PoC Exploit Released for TP-Link Code Execution Vulnerability (CVE-2024-54887) appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Rhino Linux is roaring into the new year with the exciting release of Rhino Linux 2025.1! After a brief pause to refine the system, this latest snapshot introduces an array of updates and improvements, solidifying Rhino Linux as a reliable and forward-thinking distribution. Here’s everything you need to know about this release and other thrilling announcements […]

The post Rhino Linux 2025.1 Released – Update Now! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have uncovered a major flaw in the Windows BitLocker encryption system, allowing attackers to access encrypted data without requiring physical disassembly of the target laptop. The exploit, named “bitpixie”, demonstrates how attackers can extract the disk encryption key, bypassing Microsoft’s well-known security features such as Secure Boot and the Trusted Platform Module (TPM). This […]

The post Researchers Accessed Windows BitLocker Encrypted Files Disassembling the Laptop appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-53691, has recently come to light, affecting users of QNAP’s QTS and QuTS Hero operating systems. This vulnerability enables remote attackers with user access privileges to traverse the file system and run arbitrary code on affected systems. With a CVSS score of 8.7, the severity of […]

The post PoC Exploit Released for QNAP RCE Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

 Hewlett Packard Enterprise (HPE) has confirmed multiple vulnerabilities in its Aruba Networking products that could allow remote arbitrary code execution. These vulnerabilities, CVE-2025-23051 and CVE-2025-23052, affect various versions of the AOS-8 and AOS-10 Operating Systems, specifically impacting Mobility Conductors, Controllers, and managed WLAN and SD-WAN Gateways. This advisory comes amid growing concerns within the cybersecurity […]

The post Multiple HPE Aruba Network Vulnerabilities Allows Remote Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.