SoundCloud has publicly disclosed a significant data breach affecting approximately 20% of its user base. The music streaming platform confirmed that unauthorized actors gained access to limited user account information through a compromised ancillary service dashboard, prompting immediate containment measures and a comprehensive security response. The Incident Details The company discovered unauthorized activity within an […]

The post SoundCloud Confirms Data Breach After Hackers Steal User Account Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Red Hat has disclosed a significant security flaw in OpenShift GitOps that could allow authenticated users to take complete control of a cluster. Assigned the identifier CVE-2025-13888, this vulnerability allows namespace administrators to elevate their privileges beyond their intended scope, potentially gaining root access to the entire system. Category Information CVE ID CVE-2025-13888 Vendor Severity Important […]

The post OpenShift GitOps Vulnerability Allows Attackers to Escalate Privileges to Root appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fortinet’s FortiGate appliances face immediate threat from two critical authentication bypass vulnerabilities being actively exploited in production environments. Fortinet released advisories for CVE-2025-59718 and CVE-2025-59719 on December 9, 2025, identifying critical flaws in FortiCloud SSO authentication mechanisms. These vulnerabilities enable unauthenticated attackers to bypass SSO login protections through crafted SAML messages when FortiCloud SSO is […]

The post Critical FortiGate SSO Vulnerability Actively Exploited in Real-World Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical local privilege escalation vulnerability in the JumpCloud Remote Assist for Windows agent allows any low-privileged user on a Windows system to gain NT AUTHORITY\SYSTEM privileges or crash the machine. Tracked as CVE-2025-34352, the flaw affects JumpCloud Remote Assist for Windows versions prior to 0.317.0 and has been rated High severity (CVSS v4.0: 8.5). JumpCloud is a widely used cloud-based Directory-as-a-Service and […]

The post JumpCloud Remote Assist Windows Agent Vulnerability Allows Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Jaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal data belonging to current and former employees. This disclosure marks the luxury automaker’s first public admission regarding the full scope of the incident, following a month-long production shutdown that cost the company hundreds of millions […]

The post Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft’s December 2025 security update has introduced a significant compatibility issue affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The problematic update, identified as KB5071546 (OS Build 19045.6691), was released on December 9, 2025, and has already impacted organizations relying on MSMQ for inter-application communication, particularly in Internet Information Services (IIS) deployments. […]

The post Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Wireshark, the world’s leading network protocol analyzer, has released version 4.6.2 with critical security updates and important bug fixes. The update addresses compatibility issues, resolves multiple vulnerability concerns, and enhances protocol support for enterprise users and network engineers worldwide. Security Vulnerabilities Patched The latest release fixes two critical security vulnerabilities that could have impacted network […]

The post Wireshark 4.6.2 Released With Crash Vulnerability Fixes and Protocol Updates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Keygraph has unveiled Shannon, a fully autonomous artificial intelligence pentester designed to discover and execute real exploits in web applications. Unlike conventional vulnerability scanners that generate false positives, Shannon bridges a critical security gap by delivering proof-of-concept exploits that demonstrate actual risk before attackers do. The modern development workflow has created a significant security paradox. Teams […]

The post Shannon: AI Pentesting Tool That Autonomously Identifies and Exploits Code Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems. The security bulletin, published on December 9, 2025, identifies critical flaws in the NVTabular and Transformers4Rec components of NVIDIA […]

The post NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered in Plesk, a widely used web hosting control panel, that enables unauthorised users to escalate privileges and gain root-level access to affected systems. This flaw poses a significant threat to web hosting providers and organisations that rely on Plesk for server management. Vulnerability Overview The vulnerability allows malicious […]

The post Critical Plesk Vulnerability Allows Users to Gain Root-Level Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new critical vulnerability in pgAdmin 4 allows remote attackers to bypass security filters and execute arbitrary shell commands on the host server. The flaw, tracked as CVE-2025-13780, exploits a weakness in how the popular PostgreSQL management tool processes database restoration files. CVE ID CVE-2025-13780 Severity Critical Vulnerability Type Remote Code Execution (RCE) Affected Component […]

The post Critical pgAdmin Flaw Allows Attackers to Execute Shell Commands on Host appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered a critical unpatched vulnerability in the Windows Remote Access Connection Manager (RasMan) service that enables attackers to crash the service and facilitate local arbitrary code execution with Local System privileges. This discovery emerged during an investigation of CVE-2025-59230, which Microsoft patched in October 2025. CVE-2025-59230 represents an elevation-of-privilege vulnerability conceptually similar […]

The post Windows Remote Access Connection Manager Flaw Allows Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalogue, warning organisations about active exploitation in the wild. Critical File Upload Vulnerability Under Active Attack The vulnerability, tracked as CVE-2018-4063, involves an unrestricted file upload with a dangerous type weakness […]

The post CISA Adds Actively Exploited Sierra Router Flaw to KEV Catalog appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical zero-day vulnerability in Google Chrome that is being actively exploited in the wild. The flaw, tracked as CVE-2025-14174, poses a significant risk to millions of users across multiple web browsers. Vulnerability Details Security researchers discovered an out-of-bounds memory access vulnerability within […]

The post CISA Alerts on Actively Exploited Google Chromium Zero-Day Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated AI-generated supply chain attack is targeting researchers, developers, and security professionals through compromised GitHub repositories, according to findings from Morphisec Threat Labs. The campaign leverages dormant GitHub accounts and polished, AI-crafted repositories to distribute a previously undocumented backdoor known as PyStoreRAT. Attack Methodology The attackers employed a carefully orchestrated strategy by reactivating dormant […]

The post Researchers and Developers Targeted in AI-Driven GitHub Supply Chain Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researcher has officially released Empire 6.3.0, a significant update to the widely used post-exploitation and adversary emulation framework designed for Red Teams and Penetration Testers. This latest version reinforces the tool’s modular architecture, offering operator flexibility through a robust server/client model. Written primarily in Python 3, Empire 6.3.0 continues to streamline remote engagements with built-in encrypted communications […]

The post Empire 6.3.0 Released as Updated Post-Exploitation Framework for Red Teams appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Apple has issued critical security patches addressing two actively exploited zero-day vulnerabilities affecting iPhone and iPad devices. The tech giant confirmed that both flaws were leveraged in extremely sophisticated attacks targeting specific individuals before iOS 26 was released. Critical WebKit Vulnerabilities Under Active Exploitation The vulnerabilities, tracked as CVE-2025-43529 and CVE-2025-14174, reside in WebKit, Apple’s […]

The post Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The release of Kali Linux 2025.4 marks a significant milestone for the ethical hacking distribution, bringing major architectural changes and a suite of fresh tools. This update focuses on stripping away “fluff” to prioritize performance, essential utilities, and improved hardware support. With the transition to Kernel 6.16, the platform is now faster and more stable than ever. […]

The post Kali Linux 2025.4 Released Featuring 3 New Hacking Tools and Wifipumpkin3 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals are increasingly abandoning traditional programming languages like C and C++ in favor of modern alternatives such as Rust, Golang, and Nim. This strategic shift enables threat actors to write malicious code once and compile it for both Windows and Linux with minimal changes. Leading this trend is “Luca Stealer,” a newly identified information-stealing malware […]

The post Hackers Launch Rust-Based Luca Stealer Targeting Linux and Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Seqrite Labs has uncovered an active Russian phishing campaign that delivers Phantom information-stealing malware through malicious ISO files embedded in fake payment confirmation emails. The sophisticated attack primarily targets finance and accounting professionals in Russia, using social engineering tactics to deceive victims into executing malicious payloads that steal credentials, cryptocurrency wallets, browser data, and sensitive […]

The post Hackers Target Windows Systems Using Phantom Stealer Hidden in ISO Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.