Aggregator

A vulnerability, which was classified as problematic, has been found in SUSE Manager Server. Affected by this issue is some unknown functionality of the component spacewalk-java. The manipulation leads to basic cross site scripting. This vulnerability is handled as CVE-2025-23392. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in SUSE openSUSE Tumbleweed 2.5.0-1.1. Affected by this vulnerability is an unknown functionality of the component cyrus-imapd. The manipulation leads to symlink following. This vulnerability is known as CVE-2025-23394. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Submit #583397 / VDB-310323

A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/add-doctor.php. The manipulation of the argument Doctorspecialization leads to sql injection. This vulnerability is traded as CVE-2025-5224. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

ONEKEY Research Lab has uncovered a severe command injection vulnerability in the MeteoBridge firmware, a compact device designed to connect personal weather stations to public weather networks like Weather Underground. This flaw, identified through ONEKEY’s recently introduced bash static code analysis on their platform, affects versions 6.1 and below of the MeteoBridge firmware, enabling remote, […]

The post Meteobridge Web Interface Vulnerability Let Attackers Inject Commands Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A hackers has made news by allegedly selling a ZIP archive containing more than 500 compromised databases, which seems to be a serious blow to the cybersecurity of several cryptocurrency companies. This clandestine operation, taking place on dark-web forums, showcases the growing threat landscape within the crypto space where cybercriminals are increasingly targeting valuable digital […]

The post Hackers Reportedly Selling Over 500 Stolen Crypto Databases on Dark-Web Forums appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #583029 / VDB-310320

A vulnerability, which was classified as critical, was found in Trend Micro Password Manager Pro. Affected is an unknown function of the file api/openUrlInDefaultBrowser of the component HTTP Server. The manipulation of the argument url leads to improper access controls. This vulnerability is traded as CVE-2016-3987. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Mr Hamza Targeted the Website of Orange Spain

ChatGPT has rolled out a beta feature called Deep Research Connectors, designed to integrate seamlessly with third-party applications such as Dropbox, Microsoft OneDrive, GitHub, Microsoft SharePoint, and Box. Announced this week, this feature enables users to access and analyze live data from these platforms directly within ChatGPT’s interface, eliminating the need to toggle between multiple […]

The post ChatGPT Deep Research Now Integrates with Dropbox and OneDrive to Retrieve Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Federal Bureau of Investigation (FBI) has issued a critical alert regarding the escalating activities of the cyber threat actor known as Silent Ransom Group (SRG), also identified under aliases such as Luna Moth, Chatty Spider, and UNC3753. Since emerging in 2022, SRG has gained notoriety for its advanced callback phishing schemes, often posing as […]

The post FBI Issues on Silent Ransom Group Using Fake IT Support Calls to Target Victims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors have been exploiting the trust in India’s digital public infrastructure by setting up a deceptive phishing site, digiyatra[.]in, impersonating the DigiYatra Foundation. This fraudulent website, still live at the time of reporting, is being used to harvest personal user data by presenting itself as an official service for air travelers. Data Harvesting The […]

The post Fake DigiYatra Apps Target Indian Users to Steal Financial Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Katz Stealer has emerged as a potent credential-stealing malware-as-a-service, targeting popular web browsers such as Chrome, Edge, Brave, and Firefox. This multi-feature stealer conducts extensive system reconnaissance and data theft by extracting saved passwords, cookies, and session tokens from these browsers. Beyond browsers, it also compromises cryptocurrency wallets, communication platforms like Discord and Telegram, email […]

The post Katz Stealer Targets Chrome, Edge, Brave, and Firefox to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Нейроинтерфейс считывает и стимулирует мозг в 16 точках одновременно. И это помогает.

A vulnerability was found in glFusion 1.0.0/1.0.1/1.1.0/1.1.1/1.1.2. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2009-1281. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Как хищник из Нью-Джерси использует городской трафик для засады.

A Socket’s Threat Research Team has revealed a sophisticated and ongoing campaign targeting the npm ecosystem, involving 60 malicious packages published under three distinct accounts: bbbb335656, cdsfdfafd49Group2436437, and sdsds656565. First detected just eleven days ago, with the latest package appearing mere hours before this report, these packages embed a covert script that activates during the […]

The post 60 Malicious npm Packages Exfiltrate Hostnames, IP Addresses, and DNS Server Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Alleged Sale of Admin Panel Access to Two Government Websites

A vulnerability, which was classified as problematic, was found in Novell GroupWise 5.57e/6.5.7/7.0/7.0.0. This affects an unknown part of the file user.html of the component WebAccess. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2006-4220. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Cybersecurity experts have noted an increase in data breaches where threat actors are directly querying internal databases to steal sensitive information. Unlike traditional malware-based attacks, these adversaries are leveraging legitimate database client tools such as DBeaver, Navicat, and sqlcmd to exfiltrate data from targeted systems. These tools, often used by legitimate administrators for database management, […]

The post Threat Actors Deploy Database Client Tools on Targeted Systems to Exfiltrate Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.