Aggregator

 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2025-5419 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability 

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

CISA released seven Industrial Control Systems (ICS) advisories on June 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-155-01 CyberData 011209 SIP Emergency Intercom
• ICSA-25-155-02 Hitachi Energy Relion 670, 650 series and SAM600-IO Product
   
• ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update H)
• ICSA-25-133-02 Hitachi Energy Relion 670/650/SAM600-IO Series (Update A)
• ICSA-23-068-05 Hitachi Energy Relion 670, 650 and SAM600-IO Series (Update A)
• ICSA-21-336-05 Hitachi Energy Relion 670/650/SAM600-IO (Update A)
• ICSA-23-089-01 Hitachi Energy IEC 61850 MMS-Server (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Broadcom has issued a high-severity security advisory (VMSA-2025-0012) for VMware NSX, addressing three newly discovered stored Cross-Site Scripting (XSS) vulnerabilities: CVE-2025-22243, CVE-2025-22244, and CVE-2025-22245. These vulnerabilities impact the NSX Manager UI, gateway firewall, and router port components, exposing organizations to potential code injection attacks if left unpatched. The vulnerabilities, all stemming from improper input validation, […]

The post VMware NSX XSS Vulnerability Exposes Systems to Malicious Code Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have encountered a cleverly crafted phishing email targeting Czech bank customers, employing a lesser-known but highly deceptive technique to bypass security mechanisms and trick users into clicking malicious links. At first glance, the email appears to be a standard phishing attempt, masquerading as a legitimate message from a Czech bank and urging recipients […]

The post Hackers Exploit New HTML Trick to Deceive Outlook Users into Clicking Malicious Links appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability, tracked as CVE-2025-5601, was disclosed on June 4, 2025, affecting Wireshark versions 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12. This flaw, identified as “Dissection engine crash” (wnpa-sec-2025-02), stems from a bug in the column utility module used by Wireshark’s dissectors. The vulnerability allows attackers to cause a denial of service (DoS) […]

The post Wireshark Vulnerability Allows Attackers to Launch DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

Netskope Threat Labs reported a staggering 3.32-fold increase in traffic to phishing pages hosted on the Glitch platform, a browser-based web development tool that allows users to create and deploy web apps with free subdomains. This alarming spike has impacted over 830 organizations and more than 3,000 users, with Navy Federal Credit Union members being […]

The post 830 Organizations Hacked via Glitch-hosted Phishing Attack Uses Telegram & Fake CAPTCHAs  appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.