A critical vulnerability discovered by Varonis Threat Labs has exposed users of Microsoft Azure’s AI and High-Performance Computing (HPC) workloads to a potential privilege escalation attack. The flaw, found in a utility pre-installed on select Azure Linux virtual machines, made…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Seamless AI Communication: Microsoft Azure Adopts Google’s A2A Protocol
Microsoft has announced its support for the Agent2Agent (A2A) protocol, an open standard developed in collaboration with industry partners including Google, to enable seamless communication between AI agents across platforms, clouds, and organizational boundaries. This strategic move, integrated into Azure…
Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks
Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security Features (SISF) of multiple software platforms that could allow unauthenticated attackers to cause denial of service (DoS) conditions. The vulnerability stems from incorrect handling of DHCPv6…
IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers
A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux, and macOS systems to local privilege escalation attacks, enabling non-privileged users to gain root or SYSTEM-level access. Designated as CVE-2025-26168 and CVE-2025-26169, these flaws affect versions…
Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers
Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score of 10.0-could allow attackers to hijack cameras, execute malicious code remotely, and maintain unauthorized access to video feeds. The flaws, disclosed on May 6, 2025, affect…
Radware Cloud Web App Firewall Flaw Allows Attackers to Bypass Security Filters
Security researchers have uncovered two critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that enable attackers to bypass security filters and deliver malicious payloads to protected web applications. These flaws, designated CVE-2024-56523 and CVE-2024-56524, highlight systemic weaknesses in how…
ESET Reveals How to Spot Fake Calls Demanding Payment for ‘Missed Jury Duty’
ESET, a leading cybersecurity firm, has shed light on one particularly insidious scheme: fake calls purportedly from government officials demanding payment for ‘missed jury duty’. Here’s how to identify and protect against these scams. Scammers employing these tactics often impersonate…
New Spam Campaign Leverages Remote Monitoring Tools to Exploit Organizations
A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco Talos, active since at least January 2025. This campaign exploits commercial remote monitoring and management (RMM) tools, such as PDQ Connect and N-able Remote Access, to…
Researchers Turn the Tables: Scamming the Scammers in Telegram’s PigButchering Scheme
Cybersecurity specialists have devised an innovative approach to combat an emerging cybercrime called “PigButchering” on the Telegram platform. This form of cyber fraud involves scammers cultivating false relationships with victims over time, much like fattening a pig for slaughter, only…
Ransomware-as-a-Service (RaaS) Emerges as a Leading Framework for Cyberattacks
Ransomware-as-a-Service (RaaS) has solidified its position as the dominant framework driving ransomware attacks in 2024, according to the latest insights from Kaspersky ahead of International Anti-Ransomware Day on May 12. Kaspersky Security Network data reveals an 18% drop in ransomware…
DOGE Big Balls Ransomware Leverages Open-Source Tools and Custom Scripts for Multi-Stage Attacks
A recent discovery by Netskope Threat Labs has brought to light a highly complex ransomware variant dubbed “DOGE Big Balls,” a derivative of the Fog ransomware. Named provocatively after the Department of Government Efficiency (DOGE), this ransomware incorporates political statements…
Guess Which Browser Tops the List for Data Collection!
Google Chrome has emerged as the undisputed champion of data collection among 10 popular web browsers studied on the Apple App Store. Collecting a staggering 20 different data types, Chrome surpasses all competitors by a significant margin. From personal contact…
New Attack Exploits X/Twitter Ad URL Feature to Deceive Users
Silent Push Threat Analysts have recently exposed a sophisticated financial scam leveraging a vulnerability in X/Twitter’s advertising display URL feature to deceive users. This attack manipulates the platform’s URL display mechanism to present a legitimate-looking link, such as “From CNN[.]com,”…
AI-Driven Fake Vulnerability Reports Flooding Bug Bounty Platforms
AI-generated bogus vulnerability reports, or “AI slop,” are flooding bug bounty platforms, which is a worrying trend in the cybersecurity space. These fraudulent submissions, crafted by large language models (LLMs), mimic technical jargon convincingly enough to pass initial scrutiny but…
Russian COLDRIVER Hackers Deploy LOSTKEYS Malware to Steal Sensitive Information
The Google Threat Intelligence Group (GTIG) has uncovered a sophisticated new malware dubbed LOSTKEYS, attributed to the Russian government-backed threat actor COLDRIVER, also known as UNC4057, Star Blizzard, and Callisto. Active since at least December 2023, with significant campaigns observed…
Iranian Hackers Posing as Model Agency to Target Victims
Unit 42, the threat intelligence arm of Palo Alto Networks, has exposed a covert operation likely orchestrated by Iranian cyber actors. The campaign involves a fraudulent website, megamodelstudio[.]com, meticulously designed to impersonate the Hamburg-based Mega Model Agency. Cyberespionage Campaign Uncovered…
Microsoft Bookings Vulnerability Allows Unauthorized Changes to Meeting Details
Security researchers have uncovered a significant vulnerability in Microsoft Bookings, the scheduling tool integrated with Microsoft 365. The flaw, discovered through technical analysis of the service’s appointment creation and update APIs, allows unauthorized modification of meeting details, posing risks such…
Nmap 7.96 Released with Enhanced Scanning Capabilities and Updated Libraries
The popular network mapping and security auditing tool Nmap has released version 7.96, featuring a host of significant improvements. This latest version introduces parallel forward DNS resolution for dramatically faster hostname scanning, upgraded core libraries, new scripting capabilities, and enhanced…
Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges
Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple privilege escalation vulnerabilities in its widely used IOS XE Software. The flaws could allow attackers with existing high-level device access to gain root privileges, jeopardizing the…
Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots
Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its widely used IOS, IOS XE, and IOS XR software. The flaw, tracked as CVE-2025-20154, allows unauthenticated attackers to trigger denial-of-service (DoS) conditions by forcing devices to…