SAFA researchers uncovered four kernel heap overflow vulnerabilities in Avast Antivirus’s aswSnx.sys driver, designated CVE-2025-13032, affecting versions before 25.3 on Windows. These flaws originate from double-fetch issues in IOCTL handling, allow local attackers to trigger pool overflows for privilege escalation to SYSTEM. The vulnerabilities require sandbox manipulation to access the attack surface, marking a reversal […]

The post Avast Antivirus Sandbox Vulnerabilities Allow Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed critical vulnerability in Apache Tika could allow attackers to compromise servers by simply uploading a malicious PDF file, according to a security advisory published by Apache maintainers. Tracked as CVE-2025-66516, the flaw affects Apache Tika core, Apache Tika parsers, and the Apache Tika PDF parser module. CVE ID Severity Vulnerability Type Affected Component Affected Versions CVE-2025-66516 Critical XML External […]

The post Apache Tika Core Flaw Allows Attackers to Exploit Systems with Malicious PDF Uploads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed security flaw in the open-source monitoring platform Cacti could allow attackers to execute arbitrary commands on vulnerable servers. The issue, rated High severity and tracked as CVE-2025-66399, affects Cacti versions up to and including 1.2.28. The problem has been fixed in Cacti 1.2.29. The vulnerability stems from improper input validation in the SNMP device configuration workflow. When an authenticated […]

The post Cacti Command Injection Flaw Allows Remote Execution of Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications, addressing a critical gap in the detection of CVE-2025-55182. New Detection Approach Challenges Existing Security Assumptions A newly available Python-based scanner is transforming how organizations assess their exposure to CVE-2025-55182 by introducing a sophisticated surface […]

The post New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182) appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implications for Windows users. Attribute Details CVE ID CVE-2025-66476 Product Vim for […]

The post Vim for Windows Flaw Lets Attackers Execute Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Akamai has fixed a vulnerability in its edge servers that could have allowed HTTP Request Smuggling attacks. The issue was entirely resolved on November 17, 2025, and the company says no action is needed from customers. The flaw is now tracked as CVE-2025-66373. Field Detail CVE ID CVE-2025-66373 Vendor Akamai Component Akamai edge servers Vulnerability […]

The post Akamai Fixes HTTP Request Smuggling Flaw in Edge Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical remote code execution vulnerability affecting Industrial Video & Control’s Longwatch video surveillance and monitoring system. The flaw enables unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges, posing significant risks to organizations using the affected platform. Critical Vulnerability Details The […]

The post Longwatch RCE Flaw Allows Attackers to Run Remote Code with Elevated Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A severe privilege escalation vulnerability in the King Addons for Elementor WordPress plugin has exposed thousands of websites to complete administrative compromise. The flaw, tracked as CVE-2025-8489 with a critical CVSS score of 9.8, allows unauthenticated attackers to register with administrator-level privileges, granting threat actors complete control of the site. Field Details CVE ID CVE-2025-8489 […]

The post Critical Elementor Plugin Flaw Allows Attackers to Seize WordPress Admin Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Angular team has released high security updates to address a high-severity vulnerability in the Angular Template Compiler. Tracked as CVE-2025-66412, this flaw allows attackers to bypass built-in security protections and execute malicious code inside a user’s browser. The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue. It stems from an incomplete security schema […]

The post Angular Platform Vulnerability Lets Attackers Execute Code Through Malicious SVG Animations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe authentication vulnerability affecting Iskra iHUB and iHUB Lite intelligent metering gateways worldwide. Assigned CVE-2025-13510 with a CVSS score of 9.3, this vulnerability represents a significant threat to critical infrastructure in the energy sector and beyond. The flaw, classified as missing […]

The post CISA Alerts on Iskra iHUB Authentication Flaw Allowing Remote Device Reconfiguration appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Django development team has released critical security patches for three major versions of the popular Python web framework, addressing two significant vulnerabilities that could expose applications to SQL injection attacks and denial-of-service conditions. The updates, issued on December 2, 2025, affect Django versions 5.2.9, 5.1.15, and 4.2.27, as well as the upcoming Django 6.0 […]

The post Multiple Django Vulnerability Expose Applications to SQL Injection and DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has released Chrome 143 to the stable channel, addressing 13 security vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update is now rolling out to Windows, Mac, and Linux users worldwide. The latest version, Chrome 143.0.7499.40 for Linux and Chrome 143.0.7499.40/41 for Windows and Mac, brings essential security fixes […]

The post Chrome 143 Update Patches 13 Security Vulnerabilities Allowing Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform […]

The post nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security flaw in the Azure API Management Developer Portal enables attackers to bypass administrator controls and register accounts across multiple tenants, even when user sign-up has been explicitly disabled. The vulnerability remains unpatched as Microsoft considers it working “by design.” The Vulnerability Security researcher Mihalis Haatainen from Finnish cybersecurity firm Bountyy Oy discovered […]

The post Azure API Management Vulnerability Lets Attackers Create Accounts Across Tenants appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read sensitive memory data. The OpenVPN development team has released urgent updates to address these issues, and administrators are […]

The post OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulletin, affect multiple Android versions and require immediate attention from device manufacturers and users. Active Exploitation Confirmed The two CVEs under active exploitation, CVE-2025-48633 […]

The post Google Fixes Android Zero-Day Flaws Actively Exploited in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new security flaw has been found in Apache Struts, a popular open‑source web application framework used by many companies worldwide. The issue, tracked as CVE‑2025‑64775, could allow attackers to fill a server’s disk space, causing it to stop working correctly. Field Details CVE ID CVE-2025-64775 Vulnerability Title Apache Struts flaw allows attackers to launch disk […]

The post Apache Struts Flaw Allows Attackers to Launch Disk Exhaustion Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

OpenAI’s Codex CLI, a command-line tool designed to bring AI-powered reasoning into developer workflows, contains a critical vulnerability that allows attackers to execute arbitrary commands on developer machines without any user interaction or approval. Security researchers Isabel Mill and Oded Vanunu discovered the flaw, tracked as CVE-2025-61260, on December 1, 2025. Attribute Details CVE ID CVE-2025-61260 […]

The post OpenAI Codex CLI Flaw Allows Attackers to Run Arbitrary Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a fundamental security mechanism that protects devices from malicious software during startup. The security update, published today, addresses six high-priority vulnerabilities discovered in Qualcomm’s proprietary software. […]

The post Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered in Devolutions Server, a popular centralized password and privileged access management solution. The flaw, rated critical severity by experts, could allow attackers to steal sensitive data or modify internal records. Devolutions, the company behind the software, released a security advisory (DEVO-2025-0018) on November 27, 2025, detailing three separate […]

The post Devolutions Server Hit by SQL Injection Flaw Allowing Data Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.