The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with international cybersecurity authorities, announced the release of comprehensive guidance to help organizations protect their network edge devices and appliances. This collaborative effort, involving agencies from Australia, Canada, the United Kingdom,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Over 40,000 Internet-Connected Cameras Exposed, Streaming Live Online
Bitsight TRACE has uncovered more than 40,000 security cameras openly accessible on the internet—streaming live footage from homes, offices, factories, and even sensitive datacenter rooms. This widespread exposure, which Bitsight first flagged in 2023, shows no sign of improvement, leaving…
Interpol Dismantles 20,000 Malicious IPs and Domains Tied to 69 Malware Variants
INTERPOL’s Operation Secure has seen the takedown of more than 20,000 malicious IP addresses and domains associated with infostealer malware. Law enforcement across 26 countries collaborated to dismantle cybercriminal infrastructure, marking a significant step forward in the fight against digital…
New Secure Boot Vulnerability Allows Attackers to Install Malware in PC and Server Boot Processes
Security researchers from Binarly have uncovered a major software vulnerability in the Unified Extensible Firmware Interface (UEFI) ecosystem, specifically impacting the Secure Boot mechanism used by almost all modern PCs and servers. Dubbed CVE-2025-3052 (BRLY-2025-001), this memory corruption flaw enables attackers…
ConnectWise to Update Code Signing Certificates for ScreenConnect, Automate, and RMM
ConnectWise, a leading provider of remote management and cyber protection tools for managed service providers (MSPs), is set to implement a significant security update affecting ScreenConnect, ConnectWise Automate, and ConnectWise RMM. The action, scheduled for June 13, 2025, at 8:00…
Linux Malware Authors Targeting Cloud Environments with ELF Binaries
Unit 42, Palo Alto Networks’ threat intelligence division, has recently conducted investigations that have revealed a worrying trend: threat actors are increasingly creating and modifying Linux Executable and Linkable Format (ELF) malware to attack cloud infrastructure. With cloud adoption skyrocketing…
Insyde UEFI Application Vulnerability Enables Digital Certificate Injection Through NVRAM Variable
A critical vulnerability in Insyde H2O UEFI firmware (tracked as CVE-2025-XXXX) allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. This flaw exposes millions of devices to pre-boot malware and kernel-level rootkits…
Outlook Vulnerability Allows Remote Execution of Arbitrary Code by Attackers
Microsoft confirmed a critical security vulnerability (CVE-2025-47176) in Microsoft Office Outlook, enabling attackers to execute arbitrary code. Despite the “Remote Code Execution” title, the attack vector is local, requiring attackers to run code from a user’s own machine. However, the…
Windows Common Log File System Driver Flaw Allows Attackers to Escalate Privileges
Microsoft addressed a critical security flaw (CVE-2025-32713) in the Windows Common Log File System (CLFS) driver during its June 2025 Patch Tuesday. The heap-based buffer overflow vulnerability enables local attackers to escalate privileges to SYSTEM-level access, posing significant risks to…
Windows Task Scheduler Flaw Allows Attackers to Escalate Privileges
A critical elevation of privilege vulnerability has been identified in the Windows Task Scheduler service, tracked as CVE-2025-33067. Officially published on June 10, 2025, by Microsoft as the assigning CNA (CVE Numbering Authority), this flaw allows attackers to potentially gain…
Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers
Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025 Patch Tuesday updates, posing significant risks to organizations and individuals who depend on the widely used productivity software. The vulnerabilities,…
CoreDNS Vulnerability Allows Attackers to Exhaust Server Memory via Amplification Attack
A high-severity vulnerability (CVE-2025-47950) in CoreDNS’s DNS-over-QUIC (DoQ) implementation enables remote attackers to crash DNS servers through stream amplification attacks. Patched in v1.21.2, this flaw highlights risks in modern protocol adoption for cloud-native systems Goroutine Proliferation in DoQ Implementation The…
Apache CloudStack Flaw Allows Attackers to Execute Privileged Actions
Apache CloudStack, a leading open-source cloud management platform, has announced the immediate availability of new Long-Term Support (LTS) releases—version 4.19.3.0 and 4.20.1.0—to address multiple critical security vulnerabilities. The advisory, published by PMC member Pearl Dsilva on June 10, 2025, highlights…
HPE Aruba Network Flaw Exposes Sensitive Data to Potential Hackers
HPE Aruba Networking has issued a critical security advisory regarding a high-severity vulnerability in its Private 5G Core Platform. Tracked as CVE-2025-37100, the flaw enables unauthorized access to sensitive system files, posing a significant risk to enterprise confidentiality and infrastructure…
Insyde UEFI Flaw Enables Digital Certificate Injection via NVRAM Variable
A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. Dubbed Hydroph0bia, this flaw enables pre-boot execution of unsigned code, posing severe risks to…
Multiple Chrome Flaws Enable Remote Code Execution by Attackers
Google Chrome’s Stable channel is being updated to version 137.0.7151.103 for Windows and Mac, with Linux receiving version 137.0.7151.103 as well. The rollout will take place gradually over the coming days and weeks, ensuring smooth deployment and minimal disruption for…
Microsoft Windows WebDAV 0-Day RCE Vulnerability Actively Exploited in The Wild
A critical zero-day vulnerability in Microsoft Windows, designated CVE-2025-33053, has been actively exploited by the advanced persistent threat (APT) group Stealth Falcon. The flaw, enabling remote code execution (RCE) through manipulation of a system’s working directory, was addressed by Microsoft…
Microsoft Patch Tuesday June 2025 – 66 Vulnerabilities Patched Including 2 Zero-Day
Microsoft has released its June 2025 Patch Tuesday security updates, addressing a total of 66 vulnerabilities across its software ecosystem. This month’s updates include fixes for ten critical vulnerabilities and two zero-day flaws, one of which is actively exploited in…
ESET Details on How to Manage Your Digital Footprint
ESET, a leading cybersecurity firm, has shed light on the intricate nature of digital footprints the data trails left by users during online interactions. As the internet becomes an integral part of daily life, every click, post, and transaction contributes…
New Report Highlights the Internet as the Primary Threat to Industrial Automation Systems
A recent report by Kaspersky ICS CERT, released on June 10, 2025, sheds light on the persistent and evolving cyberthreats targeting industrial automation systems (IAS) worldwide during the first quarter of 2025. The comprehensive analysis, based on data from Kaspersky…