Seqrite Labs has uncovered an active Russian phishing campaign that delivers Phantom information-stealing malware through malicious ISO files embedded in fake payment confirmation emails. The sophisticated attack primarily targets finance and accounting professionals in Russia, using social engineering tactics to deceive victims into executing malicious payloads that steal credentials, cryptocurrency wallets, browser data, and sensitive […]

The post Hackers Target Windows Systems Using Phantom Stealer Hidden in ISO Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

MITRE has released its annual Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list for 2025, identifying the most critical vulnerabilities affecting software development worldwide. The comprehensive analysis draws from over 39,080 CVE records, providing security professionals and developers with actionable intelligence to strengthen their defenses. MITRE 2025 list reveals significant shifts in the vulnerability […]

The post MITRE Unveils 2025’s Top 25 Most Dangerous Software Weaknesses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency has released critical guidance on managing UEFI Secure Boot configurations across enterprise systems. The comprehensive advisory addresses growing concerns about boot-level security vulnerabilities that have exposed organizations to firmware-based threats and persistent malware attacks.​ Recent vulnerabilities, including PKFail, BlackLotus, and BootHole, have demonstrated significant gaps in Secure Boot implementations […]

The post CISA Issues New Guidance for Securing UEFI Secure Boot on Enterprise Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical privilege escalation vulnerability in Microsoft Windows Cloud Files Mini Filter Driver is now under active exploitation, according to a new Cybersecurity and Infrastructure Security Agency (CISA) advisory. The vulnerability, tracked as CVE-2025-62221, poses a significant risk to Windows systems and has prompted urgent security recommendations. The use-after-free vulnerability allows authorized attackers to escalate […]

The post CISA Alerts on Active Exploitation of Windows Cloud Files Mini Filter 0-Day appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A comprehensive security analysis has uncovered a critical vulnerability in container image distribution: more than 10,000 Docker Hub images containing leaked production credentials from over 100 organizations, including a Fortune 500 company and a central national bank. The research, conducted in November 2025, reveals an alarming trend in which developers unknowingly embed sensitive credentials directly […]

The post 10,000+ Docker Hub Images Exposed with Live Production Credentials from 100+ Firms appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers at Push have identified a sophisticated new phishing attack termed “ConsentFix,” which combines OAuth consent manipulation with ClickFix-style social engineering to compromise Microsoft accounts without requiring passwords or bypassing multi-factor authentication. The campaign targets users explicitly by abusing the Azure CLI OAuth application. This first-party Microsoft tool enjoys implicit trust within enterprise environments. […]

The post ConsentFix Attack Lets Hackers Hijack Microsoft Accounts via Azure CLI Abuse appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have identified an active zero-day vulnerability in Gogs, a widely used self-hosted Git service. The flaw has already resulted in the compromise of more than 700 servers publicly exposed on the internet. As of early December 2025, no official patch is available to mitigate this threat, leaving thousands of instances vulnerable to remote […]

The post Gogs 0-Day Actively Exploited to Compromise Over 700 Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The development team behind the popular text editor Notepad++ has released version 8.8.9 to address a critical security flaw that could allow traffic hijacking. This vulnerability affects the software’s update mechanism, potentially allowing attackers to intercept network traffic and install malicious software on users’ systems. Notepad++ Flaw Security experts recently reported incidents in which the […]

The post Notepad++ Flaw Allows Attackers to Hijack Update Traffic and Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have disclosed two new vulnerabilities in React Server Components that expose servers to Denial-of-Service (DoS) attacks and to source code leaks. These flaws were discovered while experts were analyzing the patches for last week’s critical “React2Shell” vulnerability. While these new issues do not allow for Remote Code Execution (RCE), they still pose significant […]

The post Severe Flaws in React Server Components Enable DoS Attacks and Code Exposure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have unveiled a critical series of vulnerabilities in the .NET Framework’s HTTP client proxy architecture, dubbed “SOAPwn,” that enables remote code execution across multiple enterprise-grade platforms. Presented at Black Hat Europe 2025 by Piotr Bazydlo, the research reveals a fundamental design flaw in the framework’s handling of SOAP client proxies and WSDL imports. […]

The post New “SOAPwn” .NET Flaws Expose Barracuda, Ivanti, and Microsoft Devices to RCE appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Jenkins has released a critical security advisory addressing a high-severity denial-of-service vulnerability affecting millions of organizations that rely on the popular automation server. The flaw, tracked as CVE-2025-67635, allows unauthenticated attackers to disrupt Jenkins instances by exploiting improper handling of corrupted HTTP-based CLI connections. Vulnerability Overview The vulnerability resides in Jenkins’ HTTP-based command-line interface, where […]

The post High-Severity Jenkins Flaw Enables Unauthenticated DoS Through HTTP CLI appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated phishing toolkit dubbed “Spiderman” has emerged as a significant threat to European banking customers, enabling cybercriminals to create convincing fake login pages for dozens of financial institutions with just a few clicks. This development marks a dangerous evolution in phishing-as-a-service operations targeting the financial sector. Professional Phishing Framework Targets Multiple Countries The Spiderman […]

The post New “Spiderman” Phishing Kit Lets Hackers Build Fake Bank Login Pages Instantly appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Shadowserver Foundation has issued an urgent update regarding the critical “React2Shell” vulnerability, identifying a massive attack surface that remains exposed to potential exploitation. Following targeted improvements to their scanning infrastructure on December 8, 2025, researchers discovered that over 644,000 domains and 165,000 unique IP addresses are still running vulnerable instances of React Server Components. […]

The post 644K+ Websites at Risk Due to Critical React Server Components Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Parrot Security OS has unveiled its highly anticipated 7.0 beta release, marking a significant milestone with the integration of Debian 13 and a complete desktop environment overhaul. The new version brings substantial stability improvements and modernized infrastructure designed to enhance both user experience and developer workflows. The development team has invested considerable effort into reimagining […]

The post Parrot 7.0 Beta Introduces Debian 13 and a Fully Redesigned Desktop appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability in Google Gemini Enterprise and Vertex AI Search, dubbed GeminiJack, that allows attackers to exfiltrate sensitive corporate data without any user interaction or security alerts. The flaw exploits an architectural weakness in how enterprise AI systems process and interpret information, turning the AI itself into an unauthorized access layer for corporate data. How […]

The post Gemini Zero-Click Flaw Let Attackers Access Gmail, Calendar, and Google Docs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Service that could allow threat actors to access sensitive information on compromised systems. The flaw, identified as CVE-2025-62468, was disclosed as part of the company’s December 2025 security updates. This information disclosure vulnerability poses a risk to organizations that rely on standard […]

The post Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has disclosed a critical remote code execution vulnerability in Outlook that could allow attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-62562, was officially released on December 9, 2025, and poses a significant security risk to enterprise and personal users worldwide. The flaw stems from a use-after-free weakness in Outlook’s […]

The post Microsoft Outlook Flaw Lets Attackers Execute Malicious Code Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft’s final Patch Tuesday of 2025 has been released, addressing 56 vulnerabilities across its product suite. The December update includes patches for three zero-day vulnerabilities, one of which is confirmed to be actively exploited in the wild. Among the resolved flaws, two are rated as “Critical,” while the remaining 54 are classified as “Important” in […]

The post Microsoft December 2025 Patch Tuesday Fixes 56 Vulnerabilities Fixed and 3 Zero-days appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw […]

The post Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Copilot, the AI tool many businesses use daily, is facing significant problems today. Users in the United Kingdom and parts of Europe are reporting that they cannot access the service. Others say that even if they can log in, many features are broken or not working correctly. Microsoft has confirmed the problem. On their […]

The post Microsoft Copilot Outage Disrupts UK and Europe With Access Failures and Broken Features appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.