In a detailed analysis published on January 27, 2025, Zimperium’s zLabs team uncovered a sophisticated phishing campaign targeting mobile devices through malicious PDF files. Disguised as communications from the United States Postal Service (USPS), this campaign employs advanced social engineering…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Stratoshark – A New Wireshark Tool Released for Cloud
The masterminds behind the revolutionary network analyzer Wireshark have unveiled a new tool, Stratoshark, designed to bring their proven methodology to system call analysis. Marking over 25 years since Wireshark’s inception, this latest development continues the legacy of democratizing complex…
Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access
A critical authentication vulnerability in Fortinet’s FortiGate SSL VPN appliance tracked as CVE-2024-55591, has been weaponized in active attacks. Threat actors have exploited this vulnerability to gain super-admin privileges, bypassing the authentication mechanism, and compromising devices globally. Cybersecurity experts warn organizations using…
Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows
A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0. The issue, classified as a Relative Path Traversal vulnerability, exposes Solr instances running on Windows to potential risks of arbitrary file path manipulation and write-access.…
Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft
IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory Integrator and IBM Security Verify Directory Integrator products. The vulnerabilities, identified through the Common Vulnerabilities and Exposures (CVE) system, expose users to various risks, including sensitive…
White House Considers Oracle-Led Takeover of TikTok with U.S. Investors
In a significant development, the Trump administration is reportedly formulating a plan to prevent a nationwide ban on TikTok, involving Oracle and a consortium of private investors. Under the proposed arrangement, ByteDance, TikTok’s Chinese parent company, would retain a minority…
Critical Isolation Vulnerability in Intel Trust Domain Extensions Exposes Sensitive Data
Researchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel Trust Domain Extensions (TDX), a foundational technology designed to ensure robust isolation between virtual machines (VMs) in secure environments. The study reveals that hardware performance…
GitHub Vulnerability Exposes User Credentials via Malicious Repositories
A cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper handling of credential protocols can lead to sensitive data leaks. From GitHub Desktop to Git Credential Manager and Git LFS, these issues were uncovered during a…
Burp Suite 2025.1 Released, What’s New!
Burp Suite 2025.1, is packed with new features and enhancements designed to improve your web application testing workflow. This latest version brings exciting upgrades like auto-pausing Burp Intruder attacks based on response content, exporting Collaborator interactions to CSV, highlighting Content-Length…
New Phishing Framework Attack Multiple Brands Login Pages To Steal Credentials
Researchers have identified a sophisticated phishing tactic leveraging Cloudflare’s workers.dev, a free domain name service, to execute credential theft campaigns. The modus operandi involves a generic phishing page that can impersonate any brand, with significant technical ingenuity aimed at deceiving…
Chrome Security Update – Patch for 3 High-Severity Vulnerabilities
Google has released a critical update for the Chrome browser, addressing three high-severity security vulnerabilities. This patch, part of the latest Stable channel release, ensures users remain protected from potential threats. The new version rolled out progressively, underscores Chrome’s commitment…
Apache Solr For Windows instances Vulnerability Allows Arbitrary Path Write-Access
A critical security vulnerability (CVE-2024-52012) affecting Apache Solr instances on Windows has been identified, allowing attackers to gain arbitrary file path write access using the “configset upload” API. The flaw, categorized as a relative path traversal vulnerability, poses a moderate…
LockBit Ransomware: 11-Day Timeline from Initial Compromise to Deployment
A well-coordinated cyber intrusion, spanning 11 days, culminated in the deployment of LockBit ransomware across a corporate environment. The attack, which began with the execution of a malicious file posing as a Windows Media Configuration Utility, displayed a sophisticated playbook…
Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices
A recent cybersecurity attack involving a Trojanized version of the XWorm Remote Access Trojan (RAT) builder has compromised over 18,000 devices worldwide. This sophisticated malware, primarily distributed via GitHub repositories, Telegram channels, and other platforms, has targeted cybersecurity novices, also…
New SCAVY Framework to Detect Memory Corruption Privilege Escalation in Linux Kernel
A breakthrough framework named SCAVY has been introduced to proactively detect memory corruption targets that could potentially lead to privilege escalation in the Linux kernel. Presented at the prestigious USENIX Security Symposium in August 2024, the framework aims to address long-standing gaps…
Researchers Exploited Windows Charset Conversion Feature to Execute Remote Code
Researchers have exposed a systemic vulnerability within the Windows operating system, leveraging its “Best-Fit” charset conversion feature to bypass security checks and execute remote code. The findings highlight widespread implications across various applications, with real-world exploitation scenarios impacting widely used…
GitLab Security Update – Patch for Multiple Vulnerabilities
GitLab, the widely adopted DevOps platform, has announced the immediate release of versions 17.8.1, 17.7.3, and 17.6.4 for both its Community Edition (CE) and Enterprise Edition (EE). These updates address multiple security vulnerabilities and provide critical fixes, underscoring GitLab’s commitment to maintaining…
Critical Vulnerability in Meta Llama Framework Let Remote Attackers Execute Arbitrary Code
The Oligo Research team has disclosed a critical vulnerability in Meta’s widely used Llama-stack framework. This vulnerability, tracked as CVE-2024-50050, allows remote attackers to execute arbitrary code on servers running the Llama-stack framework. Due to its potential impact, the flaw has…
Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access
In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a colleague unearthed a major security vulnerability in Subaru’s STARLINK connected vehicle service. The flaw allowed unauthorized, unrestricted access to vehicles and customer accounts across the United…
Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights
A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a grave vulnerability, potentially allowing attackers to control air conditioning, lighting, and other room functions remotely. The investigation, highlighted by security researchers at LAC Co., Ltd., reveals…