Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Cisco has issued a critical advisory regarding a privilege escalation vulnerability in its Meeting Management REST API. The flaw tracked as CVE-2025-20156, allows a remote, authenticated attacker with low privileges to elevate their access to administrator-level control on affected devices, posing…

Read more →

In today’s app dev world, where new apps and millions of lines of code are being deployed every day, the need for fast and secure development practices has never been greater. Static Application Security Testing (SAST) plays a big role…

Read more →

A former CIA analyst, Asif William Rahman, has pleaded guilty to charges of retaining and transmitting Top Secret National Defense Information to unauthorized recipients. This alarming breach of national security came to light after classified information was publicly posted on…

Read more →

 The Mirai botnet unleashed a record-breaking Distributed Denial of Service (DDoS) attack on October 29, 2024, peaking at an astonishing 5.6 terabits per second (Tbps). This mega surge of malicious traffic targeted a Cloudflare customer, an Internet Service Provider (ISP)…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) announced three new Industrial Control Systems (ICS) advisories. These advisories provide critical insights into vulnerabilities impacting Traffic Alert and Collision Avoidance Systems (TCAS) II, Siemens SIMATIC S7-1200 CPUs, and ZF Roll Stability Support…

Read more →

A potential security flaw in IBM i Access Client Solutions (ACS) has raised serious concerns about password leakage, leaving users vulnerable to exploitation. Research published yesterday by a vulnerability assessment team revealed that the *WINLOGON authentication feature in IBM ACS…

Read more →

Cybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step…

Read more →

A newly identified extension for Visual Studio Code (VS Code) has been found to impersonate a legitimate Zoom application, enabling cybercriminals to steal sensitive cookies from Google Chrome. This incident marks a significant escalation in the tactics employed by malicious…

Read more →

A security researcher, exploring reverse engineering and exploit development, has successfully identified a critical vulnerability in the TP-Link TL-WR940N router, specifically affecting hardware versions 3 and 4 with all firmware up to the latest version. This vulnerability, which has been…

Read more →

A security vulnerability has been identified in Brave Browser, potentially allowing malicious websites to masquerade as trusted ones during file upload or download operations. The issue, tracked under CVE-2025-23086, affects specific versions of the Brave browser on desktop platforms, creating…

Read more →

A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications. This issue affects all versions before 5.13.0 and is characterized by an argument injection vulnerability, enabling potential attackers…

Read more →

The Gootloader malware family employs sophisticated social engineering tactics to infiltrate computers. By leveraging compromised legitimate WordPress websites, Gootloader’s operators manipulate Google search results to redirect users to a deceptive online message board. They link the malware to a simulated…

Read more →

A recent phishing campaign has targeted customers of SBI Bank through a deceptive message circulating in WhatsApp groups. The message falsely claims that the recipient’s SBI reward points, amounting to Rs 9,980, will expire unless they download a purported “SBI…

Read more →

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services. This issue, documented as CVE-2025-23184, poses a significant risk as it can lead to a Denial of Service (DoS) attack…

Read more →

Microsoft has announced the release of Windows 11 Insider Preview Build 27774 to the Canary Channel. This build comes packed with enhancements, including a significant new feature aimed at bolstering system security—Administrator Protection. The highlight of this update is the…

Read more →

In early January 2025, a new ransomware strain identified as Contacto surfaced, showcasing advanced techniques designed to bypass conventional security measures. This analysis provides insights into its operational mechanisms, particularly suited for professionals venturing into ransomware analysis. Operational Mechanisms Upon…

Read more →

The Open Web Application Security Project (OWASP) has released its updated Smart Contract Top 10 for 2025, providing essential insights for developers and security teams in the rapidly evolving Web3 environment. This document outlines the most pressing vulnerabilities found in smart contracts,…

Read more →

A ransomware attack has compelled UK Brit, a prominent British high school, to close its doors to students for two days, specifically Monday, January 20, and Tuesday, January 21, 2025. This decision follows an incident that occurred on Friday, January…

Read more →

A significant security vulnerability, designated as CVE-2024-13454, has been discovered in the OpenVPN Easy-RSA tool, specifically affecting versions from 3.0.5 to 3.2.0 that utilize OpenSSL 3. This flaw pertains to the incorrect encryption of password-protected Certificate Authority (CA) private keys…

Read more →

A serious code execution vulnerability in the TP-Link TL-WR940N router, identified as CVE-2024-54887, has become the focus of intense scrutiny following the release of a proof-of-concept (PoC) exploit. This vulnerability allows attackers to execute arbitrary code on the device remotely…

Read more →