Aggregator

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability. In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader […]

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models developed by industry giants Microsoft, Nvidia, and Meta. Hackers have reportedly found a way to bypass the stringent filters designed to prevent the generation of harmful or explicit content by using a seemingly harmless tool-a single emoji. This discovery highlights […]

The post Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Download Manager and Payment Form Plugin up to 2.7.13 on WordPress. It has been rated as problematic. Affected by this issue is the function show. The manipulation leads to improper control of resource identifiers. This vulnerability is handled as CVE-2025-3851. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Search Exclude Plugin up to 2.4.9 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function get_rest_permission of the component Setting Handler. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-2821. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in PeproDev Ultimate Profile Solutions Plugin 1.9.1/7.5.2 on WordPress. It has been classified as problematic. Affected is the function handel_ajax_req of the component User Meta Update Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-3921. It is possible to launch the attack remotely. There is no exploit available.

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default Helm charts and Kubernetes deployment templates, revealing that popular cloud-native applications like Apache Pinot, Meshery, and Selenium Grid are being deployed with critical security gaps. These misconfigurations-often prioritizing convenience over protection-allow attackers to hijack databases, execute arbitrary code, and gain […]

The post Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

各位红队师傅否遇到过这样的窘境：费尽心思上传了webshell，上传下载都没问题，却发现命令执行总是失败？今天就结合我个人经验剖析webshell上线后cmd命令执行失败的几种常见原因和解决方法，有其他方法欢迎在评论区分享交流。

Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes). The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox. The attacks have been observed to lure victims with bogus

Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability. [...]

Cybersecurity isn’t a game of cat and mouse. It’s a game of chess—one where the opponent is always thinking five moves ahead. Every organization wants to believe it has a strong defense, but attackers know better. They exploit blind spots, hide in encrypted traffic, and move undetected through networks. The problem isn...

A high-profile Russian Instagram blogger recently fell victim to a sophisticated cyberattack, where scammers hijacked her account to orchestrate a fake $125,000 cash giveaway. The attackers employed advanced techniques, including AI-generated deepfake videos and meticulously crafted phishing campaigns, to deceive followers into surrendering sensitive banking information. This incident highlights the growing threat of cyber fraud […]

The post Popular Instagram Blogger’s Account Hacked to Phish Users and Steal Banking Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2025-3248 Langflow is an open-source, Python-based app that allows users to create AI agents (e.g., chatbots assistants) and workflows without actually writing any code. Instead, they simply drag, drop and chain LLM components and add the neccessary inputs. Unfortunately, … More →

The post RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) appeared first on Help Net Security.

The food and agriculture industry is facing an unprecedented wave of cybersecurity threats in 2025, with ransomware attacks doubling in the first quarter compared to the same period in 2024. Speaking at the RSA Conference on Thursday, Jonathan Braley, director of the Food and Ag-ISAC (Information Sharing and Analysis Center), revealed a staggering 84 ransomware […]

The post Ransomware Attacks on Food & Agriculture Industry Surge 100% – 84 Attacks in Just 3 Months appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

温故而知新，可以CVE

温故而知新，可以CVE

在XYCTF2025中的web方向两道ssti题目中发现禁用了一堆关键字，如何进行有回显和无回显的rce利用呢？

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Langflow flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2025-3248 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Langflow is a popular tool used for building agentic AI workflows.  CVE-2025-3248 is a […]

Whether your organization is already in the cloud or just starting to plan your migration, security is a top priority. This webinar will help you to better understand your options for cloud migration as well as learn how to prioritize cloud security and compliance before you’re even in the cloud using resources from the Center for Internet Security (CIS).

The post Webinar: Securely migrating to the cloud appeared first on Help Net Security.

The post What is DLP & Why It’s Not Enough to Stop Data Breaches Alone appeared first on Votiro.

The post What is DLP & Why It’s Not Enough to Stop Data Breaches Alone appeared first on Security Boulevard.