A critical local privilege escalation vulnerability in the JumpCloud Remote Assist for Windows agent allows any low-privileged user on a Windows system to gain NT AUTHORITY\SYSTEM privileges or crash the machine. Tracked as CVE-2025-34352, the flaw affects JumpCloud Remote Assist for Windows versions prior to 0.317.0 and has been rated High severity (CVSS v4.0: 8.5). JumpCloud is a widely used cloud-based Directory-as-a-Service and […]

The post JumpCloud Remote Assist Windows Agent Vulnerability Allows Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Jaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal data belonging to current and former employees. This disclosure marks the luxury automaker’s first public admission regarding the full scope of the incident, following a month-long production shutdown that cost the company hundreds of millions […]

The post Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft’s December 2025 security update has introduced a significant compatibility issue affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The problematic update, identified as KB5071546 (OS Build 19045.6691), was released on December 9, 2025, and has already impacted organizations relying on MSMQ for inter-application communication, particularly in Internet Information Services (IIS) deployments. […]

The post Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Wireshark, the world’s leading network protocol analyzer, has released version 4.6.2 with critical security updates and important bug fixes. The update addresses compatibility issues, resolves multiple vulnerability concerns, and enhances protocol support for enterprise users and network engineers worldwide. Security Vulnerabilities Patched The latest release fixes two critical security vulnerabilities that could have impacted network […]

The post Wireshark 4.6.2 Released With Crash Vulnerability Fixes and Protocol Updates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Keygraph has unveiled Shannon, a fully autonomous artificial intelligence pentester designed to discover and execute real exploits in web applications. Unlike conventional vulnerability scanners that generate false positives, Shannon bridges a critical security gap by delivering proof-of-concept exploits that demonstrate actual risk before attackers do. The modern development workflow has created a significant security paradox. Teams […]

The post Shannon: AI Pentesting Tool That Autonomously Identifies and Exploits Code Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems. The security bulletin, published on December 9, 2025, identifies critical flaws in the NVTabular and Transformers4Rec components of NVIDIA […]

The post NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered in Plesk, a widely used web hosting control panel, that enables unauthorised users to escalate privileges and gain root-level access to affected systems. This flaw poses a significant threat to web hosting providers and organisations that rely on Plesk for server management. Vulnerability Overview The vulnerability allows malicious […]

The post Critical Plesk Vulnerability Allows Users to Gain Root-Level Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new critical vulnerability in pgAdmin 4 allows remote attackers to bypass security filters and execute arbitrary shell commands on the host server. The flaw, tracked as CVE-2025-13780, exploits a weakness in how the popular PostgreSQL management tool processes database restoration files. CVE ID CVE-2025-13780 Severity Critical Vulnerability Type Remote Code Execution (RCE) Affected Component […]

The post Critical pgAdmin Flaw Allows Attackers to Execute Shell Commands on Host appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered a critical unpatched vulnerability in the Windows Remote Access Connection Manager (RasMan) service that enables attackers to crash the service and facilitate local arbitrary code execution with Local System privileges. This discovery emerged during an investigation of CVE-2025-59230, which Microsoft patched in October 2025. CVE-2025-59230 represents an elevation-of-privilege vulnerability conceptually similar […]

The post Windows Remote Access Connection Manager Flaw Allows Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalogue, warning organisations about active exploitation in the wild. Critical File Upload Vulnerability Under Active Attack The vulnerability, tracked as CVE-2018-4063, involves an unrestricted file upload with a dangerous type weakness […]

The post CISA Adds Actively Exploited Sierra Router Flaw to KEV Catalog appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical zero-day vulnerability in Google Chrome that is being actively exploited in the wild. The flaw, tracked as CVE-2025-14174, poses a significant risk to millions of users across multiple web browsers. Vulnerability Details Security researchers discovered an out-of-bounds memory access vulnerability within […]

The post CISA Alerts on Actively Exploited Google Chromium Zero-Day Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated AI-generated supply chain attack is targeting researchers, developers, and security professionals through compromised GitHub repositories, according to findings from Morphisec Threat Labs. The campaign leverages dormant GitHub accounts and polished, AI-crafted repositories to distribute a previously undocumented backdoor known as PyStoreRAT. Attack Methodology The attackers employed a carefully orchestrated strategy by reactivating dormant […]

The post Researchers and Developers Targeted in AI-Driven GitHub Supply Chain Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researcher has officially released Empire 6.3.0, a significant update to the widely used post-exploitation and adversary emulation framework designed for Red Teams and Penetration Testers. This latest version reinforces the tool’s modular architecture, offering operator flexibility through a robust server/client model. Written primarily in Python 3, Empire 6.3.0 continues to streamline remote engagements with built-in encrypted communications […]

The post Empire 6.3.0 Released as Updated Post-Exploitation Framework for Red Teams appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Apple has issued critical security patches addressing two actively exploited zero-day vulnerabilities affecting iPhone and iPad devices. The tech giant confirmed that both flaws were leveraged in extremely sophisticated attacks targeting specific individuals before iOS 26 was released. Critical WebKit Vulnerabilities Under Active Exploitation The vulnerabilities, tracked as CVE-2025-43529 and CVE-2025-14174, reside in WebKit, Apple’s […]

The post Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The release of Kali Linux 2025.4 marks a significant milestone for the ethical hacking distribution, bringing major architectural changes and a suite of fresh tools. This update focuses on stripping away “fluff” to prioritize performance, essential utilities, and improved hardware support. With the transition to Kernel 6.16, the platform is now faster and more stable than ever. […]

The post Kali Linux 2025.4 Released Featuring 3 New Hacking Tools and Wifipumpkin3 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals are increasingly abandoning traditional programming languages like C and C++ in favor of modern alternatives such as Rust, Golang, and Nim. This strategic shift enables threat actors to write malicious code once and compile it for both Windows and Linux with minimal changes. Leading this trend is “Luca Stealer,” a newly identified information-stealing malware […]

The post Hackers Launch Rust-Based Luca Stealer Targeting Linux and Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Seqrite Labs has uncovered an active Russian phishing campaign that delivers Phantom information-stealing malware through malicious ISO files embedded in fake payment confirmation emails. The sophisticated attack primarily targets finance and accounting professionals in Russia, using social engineering tactics to deceive victims into executing malicious payloads that steal credentials, cryptocurrency wallets, browser data, and sensitive […]

The post Hackers Target Windows Systems Using Phantom Stealer Hidden in ISO Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

MITRE has released its annual Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list for 2025, identifying the most critical vulnerabilities affecting software development worldwide. The comprehensive analysis draws from over 39,080 CVE records, providing security professionals and developers with actionable intelligence to strengthen their defenses. MITRE 2025 list reveals significant shifts in the vulnerability […]

The post MITRE Unveils 2025’s Top 25 Most Dangerous Software Weaknesses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency has released critical guidance on managing UEFI Secure Boot configurations across enterprise systems. The comprehensive advisory addresses growing concerns about boot-level security vulnerabilities that have exposed organizations to firmware-based threats and persistent malware attacks.​ Recent vulnerabilities, including PKFail, BlackLotus, and BootHole, have demonstrated significant gaps in Secure Boot implementations […]

The post CISA Issues New Guidance for Securing UEFI Secure Boot on Enterprise Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical privilege escalation vulnerability in Microsoft Windows Cloud Files Mini Filter Driver is now under active exploitation, according to a new Cybersecurity and Infrastructure Security Agency (CISA) advisory. The vulnerability, tracked as CVE-2025-62221, poses a significant risk to Windows systems and has prompted urgent security recommendations. The use-after-free vulnerability allows authorized attackers to escalate […]

The post CISA Alerts on Active Exploitation of Windows Cloud Files Mini Filter 0-Day appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.