Aggregator

A severe security vulnerability has been discovered in the Acer Control Center software, which could allow attackers to execute arbitrary code with system-level privileges.  The vulnerability, identified in the ACCSvc.exe process, involves misconfigured Windows Named Pipe permissions that enable unauthenticated remote users to exploit the service’s features.  Security researcher Leon Jacobs from Orange Cyber Defense […]

The post Acer Control Center Vulnerability Let Attackers Execute Malicious Code as a Privileged User appeared first on Cyber Security News.

A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite mercenary spyware, Citizen Lab researchers have revealed on Thursday. The attacks happened in January and early February 2025. “We believe that this infection would not have been visible to the target,” the researchers noted. About CVE-2025-43200 CVE-2025-43200 is a logic issue triggered when the Apple smartphone processed a maliciously crafted photo or video shared … More →

The post iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) appeared first on Help Net Security.

A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of critical Directory Service Accounts (DSAs), potentially compromising Active Directory environments. Rated 6.5 (Medium) on the CVSS v3.1 scale, this flaw exploits MDI’s Lateral Movement Paths (LMPs) feature and has been actively addressed in Microsoft’s May […]

The post Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability (CVE-2025-6031) has been identified in Amazon Cloud Cam devices, which reached end-of-life (EOL) status in December 2022. The flaw allows attackers to bypass SSL pinning during device pairing, enabling man-in-the-middle (MitM) attacks and network traffic manipulation. Technical Analysis SSL Pinning Bypass Mechanism The Cloud Cam’s deprecated service infrastructure forces the device into […]

The post Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

Cybersecurity researchers have identified a sophisticated new phishing campaign that exploits GitHub’s OAuth2 device authorization flow to compromise developer accounts and steal authentication tokens. This emerging threat represents a significant evolution in social engineering tactics, leveraging legitimate GitHub functionality to bypass traditional security measures and gain unauthorized access to source code repositories, CI/CD pipelines, and […]

The post New GitHub Device Code Phishing Attacks Targeting Developers to Steal Tokens appeared first on Cyber Security News.

A significant security vulnerability in HashiCorp Nomad workload orchestrator that allows attackers to escalate privileges by exploiting the Access Control List (ACL) policy lookup mechanism.  The vulnerability, tracked as CVE-2025-4922, affects both Community and Enterprise editions of Nomad across multiple versions and poses a serious risk to organizations relying on the platform’s security controls.  The […]

The post HashiCorp Nomad Vulnerability Allows Privilege Escalation via ACL Policy Lookup Exploit appeared first on Cyber Security News.

A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe service. Acer has released patched versions (4.00.3058+) to address […]

The post Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability that allows attackers to bypass AI-powered content moderation systems using minimal text modifications.  The “TokenBreak” attack demonstrates how adding a single character to specific words can fool protective models while preserving the malicious intent for target systems, exposing a fundamental weakness in current AI security implementations. Simple Character Manipulation HiddenLayer reports that […]

The post New TokenBreak Attack Bypasses AI Model’s with Just a Single Character Change appeared first on Cyber Security News.