Cal.com has disclosed a critical authentication bypass vulnerability that could allow attackers to gain unauthorized access to user accounts by exploiting a flaw in password verification logic. The flaw, tracked as CVE-2025-66489 and assigned a critical CVSS v4 score of 9.3, affects all versions of Cal.com up to and including 5.9.7. Users are urged to […]

The post Critical Cal.com Flaw Allows Attackers to Bypass Authentication Using Fake TOTP Codes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked as CVE-2025-55182 and dubbed “React2Shell,” affects React and downstream ecosystems, including the popular Next.js framework, prompting urgent calls for immediate patching. CVE ID Vulnerability CVSS Score Severity […]

The post Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered critical infrastructure details for the notorious LockBit 5.0 ransomware operation, including the IP address 205.185.116.233 and the domain karma0.xyz, which hosts the group’s latest leak site. The discovery represents a significant operational security failure for the cybercriminal organization. Cybersecurity researcher Rakesh Krishnan first publicized the findings on December 5, 2025, identifying […]

The post LockBit 5.0 Infrastructure Exposed as Hackers Leak Critical Server Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket Threat Research Team have discovered two malicious software packages that impersonate popular Google tools. These fake packages, designed to trick busy developers, have been quietly stealing data since May 2021. The malicious packages are identified […]

The post Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Barts Health NHS Trust has disclosed a significant data breach affecting patient and staff information after the Cl0p ransomware gang exploited a critical vulnerability in Oracle E-Business Suite software. The criminal syndicate stole files from an invoice database. It published them on the dark web, compromising the personal data of individuals who received treatment or […]

The post Barts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as “React2Shell.” The flaw affects React Server Components (RSC) and has a maximum CVSS score of 10, the highest possible rating, signaling critical impact and ease of exploitation. Censys telemetry shows that more than 2.15 million internet‑facing services are […]

The post 2.15M Next.js Web Services Exposed Online, Active Attacks Reported – Update Immediately appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly discovered Android banking trojan, FvncBot, has emerged as a sophisticated threat targeting mobile banking users in Poland. Researchers from Intel 471 first identified this malware on November 25, 2025, disguised as a security application from mBank, one of Poland’s most prominent banking institutions.​ Novel Malware with Advanced Capabilities FvncBot represents an entirely new […]

The post FvncBot Android Malware Steals Keystrokes and Injects Harmful Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SAFA researchers uncovered four kernel heap overflow vulnerabilities in Avast Antivirus’s aswSnx.sys driver, designated CVE-2025-13032, affecting versions before 25.3 on Windows. These flaws originate from double-fetch issues in IOCTL handling, allow local attackers to trigger pool overflows for privilege escalation to SYSTEM. The vulnerabilities require sandbox manipulation to access the attack surface, marking a reversal […]

The post Avast Antivirus Sandbox Vulnerabilities Allow Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed critical vulnerability in Apache Tika could allow attackers to compromise servers by simply uploading a malicious PDF file, according to a security advisory published by Apache maintainers. Tracked as CVE-2025-66516, the flaw affects Apache Tika core, Apache Tika parsers, and the Apache Tika PDF parser module. CVE ID Severity Vulnerability Type Affected Component Affected Versions CVE-2025-66516 Critical XML External […]

The post Apache Tika Core Flaw Allows Attackers to Exploit Systems with Malicious PDF Uploads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The UK’s National Cyber Security Centre (NCSC) has introduced a new initiative designed to protect organisations from cyber threats. Working alongside Netcraft, the NCSC has launched the Proactive Notification Service, a groundbreaking program that identifies and alerts system owners about security vulnerabilities affecting their networks. How the Service Works The Proactive Notification Service operates by scanning […]

The post NCSC Launches Proactive Notification Service to Alert System Owners of Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cloudflare has announced that it is currently experiencing a significant outage impacting its Dashboard and Cloudflare API services. Many users around the world are reporting issues such as 500 Internal Server Errors, failed API requests, and sudden disruptions in tools that depend on Cloudflare’s backend systems. According to the cloudflare, the problem mainly affects the […]

The post Cloudflare Outage Triggers Widespread 500 Internal Server Errors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated phishing campaign is targeting users through Microsoft Teams notifications, exploiting the platform’s trusted status to deliver deceptive messages that appear legitimate to both recipients and email security filters. Threat actors are leveraging Teams’ official notification system to send emails from the no-reply@teams.mail.microsoft address, creating a false sense of authenticity that makes detection increasingly difficult. The […]

The post Hackers Abuse Microsoft Teams Notifications to Launch Callback Phishing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed security flaw in the open-source monitoring platform Cacti could allow attackers to execute arbitrary commands on vulnerable servers. The issue, rated High severity and tracked as CVE-2025-66399, affects Cacti versions up to and including 1.2.28. The problem has been fixed in Cacti 1.2.29. The vulnerability stems from improper input validation in the SNMP device configuration workflow. When an authenticated […]

The post Cacti Command Injection Flaw Allows Remote Execution of Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed “BRICKSTORM.” According to the advisory released, state-sponsored hackers from the People’s Republic of China (PRC) are actively using this tool to infiltrate and hide […]

The post CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A security researcher has unveiled a novel web exploitation technique dubbed “SVG clickjacking,” which significantly elevates the sophistication of traditional user-interface redress attacks. Unlike standard clickjacking, which typically involves tricking users into clicking a hidden button on a static overlay, this new method allows attackers to create complex, responsive, and highly interactive fake interfaces that […]

The post New SVG Technique Enables Highly Interactive Clickjacking Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kohler’s Dekota toilet camera, launched in October as a $600 health-monitoring device, is facing significant scrutiny over its privacy claims. The device promises to track gut health, hydration, and other wellness metrics by analyzing bowel contents. However, the investigation reveals the company’s assurances about data protection are misleading. Kohler prominently advertises “end-to-end encryption” across its […]

The post Kohler’s Smart Toilet Camera Not Truly End-to-End Encrypted appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications, addressing a critical gap in the detection of CVE-2025-55182. New Detection Approach Challenges Existing Security Assumptions A newly available Python-based scanner is transforming how organizations assess their exposure to CVE-2025-55182 by introducing a sophisticated surface […]

The post New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182) appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implications for Windows users. Attribute Details CVE ID CVE-2025-66476 Product Vim for […]

The post Vim for Windows Flaw Lets Attackers Execute Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Akamai has fixed a vulnerability in its edge servers that could have allowed HTTP Request Smuggling attacks. The issue was entirely resolved on November 17, 2025, and the company says no action is needed from customers. The flaw is now tracked as CVE-2025-66373. Field Detail CVE ID CVE-2025-66373 Vendor Akamai Component Akamai edge servers Vulnerability […]

The post Akamai Fixes HTTP Request Smuggling Flaw in Edge Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A significant cybersecurity incident affecting multiple U.S. financial institutions came to light on November 26, 2025, when Marquis Software Solutions notified affected customers of a ransomware attack. The breach, discovered on August 14, 2025, compromised the personal information of thousands of customers across numerous banks and credit unions throughout the United States. Marquis Software Solutions, […]

The post Marquis Data Breach Exposes Dozens of U.S. Banks and Credit Unions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.