Cybersecurity researchers have reported a significant rise in web breaches triggered by a lesser-known technique: Host Header Injection. This sophisticated attack vector has enabled hackers to compromise numerous web applications, steal sensitive information, and manipulate website operations-raising alarm bells among…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
UK Government to Shift Away from Passwords in New Security Move
UK government has unveiled plans to implement passkey technology across its digital services later this year, marking a significant shift away from traditional password and SMS-based verification methods. Announced at the government’s flagship cyber security event CYBERUK, this transition aims…
Kaspersky Alerts on AI-Driven Slopsquatting as Emerging Supply Chain Threat
Cybersecurity researchers at Kaspersky have identified a new supply chain vulnerability emerging from the widespread adoption of AI-generated code. As AI assistants increasingly participate in software development-with Microsoft CTO Kevin Scott predicting AI will write 95% of code within five…
Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition
Critical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing malicious actors to exhaust system memory through specially crafted OpenWire commands. The flaw, tracked as AMQ-6596, affects multiple legacy versions of the widely used open-source messaging…
Researchers Uncover Remote Code Execution Flaw in macOS – CVE-2024-44236
Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed critical details about CVE-2024-44236, a memory corruption vulnerability in Apple’s macOS Scriptable Image Processing System (sips). Discovered by Hossein Lotfi through Trend Micro’s Zero Day Initiative,…
New Advanced Phishing Attack Exploits Discord to Target Crypto Users
Check Point Research has uncovered a sophisticated phishing campaign that leverages Discord to target cryptocurrency users. The attack redirects victims from legitimate Web3 websites to a fake Collab.Land bot and then to a phishing site, ultimately tricking them into signing…
Play Ransomware Deployed in the Wild Exploiting Windows 0-Day Vulnerability
Patched Windows zero-day vulnerability (CVE-2025-29824) in the Common Log File System (CLFS) driver was exploited in attacks linked to the Play ransomware operation prior to its disclosure on April 8, 2025. The flaw, which enabled privilege escalation via a use-after-free…
Europol Dismantles DDoS-for-Hire Network and Arrests Four Administrators
Significant blow to cybercriminal infrastructure, Europol has coordinated an international operation resulting in the arrest of four individuals in Poland who allegedly operated six DDoS-for-hire platforms. These platforms, which allowed paying customers to launch devastating cyberattacks for as little as…
SonicWall Unveils New Firewalls and Comprehensive Managed Cybersecurity Service
SonicWall has unveiled a new line of advanced firewalls and a comprehensive managed cybersecurity service designed to combat the evolving threat landscape, with particular emphasis on attacks targeting non-standard ports. The announcement comes on the heels of concerning findings in…
160-Year-Old Haulage Firm Falls After Cyber-Attack: Director Issues Urgent Warning
The 160-year-old haulage giant Knights of Old, once a stalwart of the UK’s logistics sector, was forced into administration in 2023 following a devastating cyber-attack that crippled its financial systems. Paul Abbott, a board director at the Kettering-based firm, has…
Nomad Bridge Hacker Apprehended in Connection with $190 Million Heist
Alexander Gurevich, a 47-year-old dual Russian-Israeli citizen, was arrested last Thursday at Ben-Gurion Airport while attempting to flee to Russia under a new identity. Gurevich is the primary suspect in the 2022 Nomad Bridge hack that resulted in approximately $190…
Microsoft Launches “Copilot+ PC” for an Upgraded Windows Experience
Microsoft has announced a significant wave of new Windows experiences designed for Copilot+ PCs, which the company describes as “the fastest, most intelligent and most secure Windows PCs ever built.” These AI-powered enhancements aim to make Windows more intuitive, accessible,…
Fedora Linux Joins the Windows Subsystem for Linux Officially
Fedora Project has announced the official availability of Fedora Linux on the Windows Subsystem for Linux (WSL), marking a significant expansion of Fedora’s ecosystem. Starting with Fedora 42, users can now seamlessly integrate Fedora’s cutting-edge tools and development environment directly…
FBI Warns Hackers Are Using End-of-Life Routers to Mask Their Tracks
The Federal Bureau of Investigation (FBI) has issued a stark warning to businesses and home users: cybercriminals are actively exploiting outdated, unsupported routers to hide their tracks and launch attacks, making them a favored tool for masking malicious operations. According…
Azure Storage Utility Vulnerability Allows Privilege Escalation to Root Access
A critical vulnerability discovered by Varonis Threat Labs has exposed users of Microsoft Azure’s AI and High-Performance Computing (HPC) workloads to a potential privilege escalation attack. The flaw, found in a utility pre-installed on select Azure Linux virtual machines, made…
Seamless AI Communication: Microsoft Azure Adopts Google’s A2A Protocol
Microsoft has announced its support for the Agent2Agent (A2A) protocol, an open standard developed in collaboration with industry partners including Google, to enable seamless communication between AI agents across platforms, clouds, and organizational boundaries. This strategic move, integrated into Azure…
Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks
Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security Features (SISF) of multiple software platforms that could allow unauthenticated attackers to cause denial of service (DoS) conditions. The vulnerability stems from incorrect handling of DHCPv6…
IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers
A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux, and macOS systems to local privilege escalation attacks, enabling non-privileged users to gain root or SYSTEM-level access. Designated as CVE-2025-26168 and CVE-2025-26169, these flaws affect versions…
Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers
Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score of 10.0-could allow attackers to hijack cameras, execute malicious code remotely, and maintain unauthorized access to video feeds. The flaws, disclosed on May 6, 2025, affect…
Radware Cloud Web App Firewall Flaw Allows Attackers to Bypass Security Filters
Security researchers have uncovered two critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that enable attackers to bypass security filters and deliver malicious payloads to protected web applications. These flaws, designated CVE-2024-56523 and CVE-2024-56524, highlight systemic weaknesses in how…