Aggregator

Token Security experts recently conducted a thorough investigation that exposed serious security weaknesses in Microsoft Azure’s Role-Based Access Control (RBAC) architecture. Azure RBAC, the backbone of permission management in the cloud platform, allows administrators to assign roles to users, groups, or service principals with predefined permissions at varying scopes, from entire subscriptions to specific resources. […]

The post Azure API Vulnerabilities Expose VPN Keys and Grant Over-Privileged Access via Built-In Roles appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities.

The post China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year appeared first on CyberScoop.

You must login to view this content

Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which raises privacy and security concerns. In response, Google has open-sourced a cryptographic solution that uses zero-knowledge proofs (ZKPs) to let people verify their age without giving up sensitive information. The newly released ZKP codebase allows users to prove they are over or under a certain age without … More →

The post Google open-sources privacy tech for age verification appeared first on Help Net Security.

Threat actors have dramatically increased their exploitation of the cybersecurity sector, which is a disturbing development. Spain’s country code TLD, ES, is used to plan credential phishing attacks. According to recent findings from Cofense Intelligence, the abuse of .ES TLD domains surged by an astonishing 19-fold from Q4 2024 to Q1 2025, propelling it to […]

The post Threat Actors Exploit .COM TLD to Host Widespread Credential Phishing Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.