Security researchers have unveiled a critical series of vulnerabilities in the .NET Framework’s HTTP client proxy architecture, dubbed “SOAPwn,” that enables remote code execution across multiple enterprise-grade platforms. Presented at Black Hat Europe 2025 by Piotr Bazydlo, the research reveals a fundamental design flaw in the framework’s handling of SOAP client proxies and WSDL imports. […]

The post New “SOAPwn” .NET Flaws Expose Barracuda, Ivanti, and Microsoft Devices to RCE appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Jenkins has released a critical security advisory addressing a high-severity denial-of-service vulnerability affecting millions of organizations that rely on the popular automation server. The flaw, tracked as CVE-2025-67635, allows unauthenticated attackers to disrupt Jenkins instances by exploiting improper handling of corrupted HTTP-based CLI connections. Vulnerability Overview The vulnerability resides in Jenkins’ HTTP-based command-line interface, where […]

The post High-Severity Jenkins Flaw Enables Unauthenticated DoS Through HTTP CLI appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated phishing toolkit dubbed “Spiderman” has emerged as a significant threat to European banking customers, enabling cybercriminals to create convincing fake login pages for dozens of financial institutions with just a few clicks. This development marks a dangerous evolution in phishing-as-a-service operations targeting the financial sector. Professional Phishing Framework Targets Multiple Countries The Spiderman […]

The post New “Spiderman” Phishing Kit Lets Hackers Build Fake Bank Login Pages Instantly appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Shadowserver Foundation has issued an urgent update regarding the critical “React2Shell” vulnerability, identifying a massive attack surface that remains exposed to potential exploitation. Following targeted improvements to their scanning infrastructure on December 8, 2025, researchers discovered that over 644,000 domains and 165,000 unique IP addresses are still running vulnerable instances of React Server Components. […]

The post 644K+ Websites at Risk Due to Critical React Server Components Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Parrot Security OS has unveiled its highly anticipated 7.0 beta release, marking a significant milestone with the integration of Debian 13 and a complete desktop environment overhaul. The new version brings substantial stability improvements and modernized infrastructure designed to enhance both user experience and developer workflows. The development team has invested considerable effort into reimagining […]

The post Parrot 7.0 Beta Introduces Debian 13 and a Fully Redesigned Desktop appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability in Google Gemini Enterprise and Vertex AI Search, dubbed GeminiJack, that allows attackers to exfiltrate sensitive corporate data without any user interaction or security alerts. The flaw exploits an architectural weakness in how enterprise AI systems process and interpret information, turning the AI itself into an unauthorized access layer for corporate data. How […]

The post Gemini Zero-Click Flaw Let Attackers Access Gmail, Calendar, and Google Docs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Service that could allow threat actors to access sensitive information on compromised systems. The flaw, identified as CVE-2025-62468, was disclosed as part of the company’s December 2025 security updates. This information disclosure vulnerability poses a risk to organizations that rely on standard […]

The post Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has disclosed a critical remote code execution vulnerability in Outlook that could allow attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-62562, was officially released on December 9, 2025, and poses a significant security risk to enterprise and personal users worldwide. The flaw stems from a use-after-free weakness in Outlook’s […]

The post Microsoft Outlook Flaw Lets Attackers Execute Malicious Code Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft’s final Patch Tuesday of 2025 has been released, addressing 56 vulnerabilities across its product suite. The December update includes patches for three zero-day vulnerabilities, one of which is confirmed to be actively exploited in the wild. Among the resolved flaws, two are rated as “Critical,” while the remaining 54 are classified as “Important” in […]

The post Microsoft December 2025 Patch Tuesday Fixes 56 Vulnerabilities Fixed and 3 Zero-days appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw […]

The post Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Copilot, the AI tool many businesses use daily, is facing significant problems today. Users in the United Kingdom and parts of Europe are reporting that they cannot access the service. Others say that even if they can log in, many features are broken or not working correctly. Microsoft has confirmed the problem. On their […]

The post Microsoft Copilot Outage Disrupts UK and Europe With Access Failures and Broken Features appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SAP has released its December 2025 Security Patch Day updates, addressing 14 new security notes that fix multiple critical and high‑severity vulnerabilities across key enterprise products. Administrators are strongly advised to review the latest security notes in the SAP Support Portal and apply the patches without delay to protect their SAP environments. The most serious […]

The post SAP Security Patch Day Fixes Critical Flaws in Solution Manager, NetWeaver & More appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ActiveScan++, a widely used extension for the popular penetration testing tool Burp Suite, has released a significant upgrade. The scanner now includes specific detection capabilities for the critical “React2Shell” vulnerabilities. This update addresses two high-severity security flaws, CVE-2025-55182 and CVE-2025-66478. Why This Update Matters React2Shell vulnerabilities are critical because they allow attackers to execute remote […]

The post Burp Suite Upgrades Scanner With Detection for Critical React2Shell Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered critical vulnerabilities in the Model Context Protocol (MCP) sampling feature that enable malicious servers to execute stealthy prompt injection attacks, drain computational resources, and compromise large language model applications without user detection. The findings reveal three primary attack vectors that exploit the protocol’s inherent trust model and lack of robust security […]

The post Malicious MCP Servers Enable Stealthy Prompt Injection to Drain System Resources appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Polish authorities have arrested three Ukrainian citizens after discovering sophisticated hacking equipment, including FLIPPER devices, during a routine traffic stop in Warsaw. The discovery marks a significant operation targeting cybercriminals allegedly traveling across Europe and conducting cyberattacks against critical infrastructure. Officers from Warsaw’s Śródmieście district stopped a Toyota sedan on Senatorska Street. They found three […]

The post Hackers Using FLIPPER Devices to Breach IT Systems Arrested by Authorities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

India’s government is considering a controversial proposal that could require smartphone manufacturers to enable satellite location tracking on all devices permanently. The plan has sparked significant backlash from major tech companies, including Apple, Google, and Samsung, who argue the measure poses serious privacy and security risks. The proposal originates in India’s telecom industry, specifically the […]

The post Apple, Google, and Samsung May Soon Activate Always-On GPS in India appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered affecting billions of WhatsApp and Signal users worldwide. Researchers found that hackers can exploit delivery receipts to secretly monitor user activity, track daily routines, and drain battery life, all without leaving any visible trace.​ The attack, called “Careless Whisper,” uses the delivery receipt feature that confirms when messages reach their […]

The post Hackers Exploit Delivery Receipts in Messaging Apps to Steal Users’ Private Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability affecting Meta’s React Server Components to its Known Exploited Vulnerabilities (KEV) catalog. Assigned the identifier CVE-2025-55182, the security flaw dubbed “React2Shell” by the security community is currently being exploited in the wild, prompting urgent calls for remediation. React2Shell is a Remote Code Execution […]

The post CISA Adds Critical React2Shell Vulnerability to KEV Catalog After Active Exploitation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hundreds of Porsche owners across Russia are facing a significant problem as their luxury cars have suddenly stopped working. The issue stems from a failure in the factory-installed security and tracking systems, which have completely shut down the vehicles. According to reports from the Rolf dealership network, the largest Porsche service provider in Russia, the […]

The post Porsche Cars Disabled After Major Failure in Installed Satellite Security System appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Next.js developers have a new weapon in the fight against the critical “React2Shell” vulnerability. This new scanner offers a simple, one-line solution for development teams to identify vulnerable versions of Next.js and React Server Components (RSC) and apply the necessary security updates instantly. Vercel Labs has released a dedicated command-line tool, fix-react2shell-next, designed to automatically detect […]

The post Next.js Releases Scanner to Detect and Fix Apps Affected by React2Shell Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.