Ivanti has released a critical security update for its Workspace Control software, patching three high-severity vulnerabilities that could allow attackers to compromise sensitive credentials. The vulnerabilities, identified as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, affect versions of Ivanti Workspace Control prior to…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Severe SAP NetWeaver Vulnerability Allows Attackers to Bypass Authorization Checks
SAP has released nineteen security patches in its June Patch Day, addressing critical vulnerabilities that could allow attackers to bypass authorization controls and escalate privileges across multiple enterprise systems. The update includes two HotNews Notes and seven High Priority Notes,…
Hackers Persist in Using ConnectWise ScreenConnect Tool to Distribute Malware
Hackers continue to exploit the ConnectWise ScreenConnect remote management and monitoring (RMM) tool to deploy malicious payloads, with a focus on financial organizations. An independent researcher first reported a potential critical vulnerability in ScreenConnect versions 23.9.7 and prior through the…
ISPConfig Vulnerability Allows Privilege Escalation to Superadmin and PHP Code Injection Exploit
A critical security vulnerability has been identified in ISPConfig version 3.2.12p1, a widely used open-source web hosting control panel. The vulnerability allows authenticated attackers to escalate their privileges to that of a superadmin and execute arbitrary PHP code remotely, posing…
New SharePoint Phishing Campaigns Employing Deceptive Lick Techniques
Security analysts at CyberProof’s Security Operations Center (SOC) have identified a sharp rise in phishing campaigns leveraging Microsoft SharePoint to bypass modern detection systems. Unlike traditional phishing attempts that rely on embedded malicious links, these sophisticated attacks exploit the inherent…
Critical Vulnerability in Lovable’s Security Policies Allows Malicious Code Injection
Security researchers have uncovered a widespread vulnerability in Lovable’s AI-powered development platform that exposes sensitive user data and enables malicious code injection across hundreds of applications. The critical vulnerability, discovered on March 20, 2025, affects the platform’s implementation of Row…
Indian Authorities Bust Cybercriminals Posing as Microsoft Tech Support
India’s Central Bureau of Investigation (CBI), the nation’s federal law enforcement agency, launched a sweeping operation targeting cyber-enabled financial fraud networks. Raids at 19 locations across India dismantled a sophisticated tech support scam operation impersonating Microsoft, primarily victimizing older adults…
CISA Issues Alert on Erlang/OTP SSH Server RCE Vulnerability Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH server implementations that allows attackers to execute arbitrary commands without authentication. The vulnerability, designated as CVE-2025-32433, has been added to CISA…
Malicious Actors Exploit SoraAI’s Popularity & GitHub to Distribute Malware
Threat actors are leveraging the growing popularity of OpenAI’s Sora, a cutting-edge video generation model, to distribute malicious software. Disguised as a legitimate shortcut file named “SoraAI.lnk,” this information-stealing malware mimics the branding of Sora to trick users into initiating…
SAP Security Patch Day: 14 Vulnerabilities Resolved Across Various Products
SAP’s June 10, 2025 Security Patch Day delivered critical security updates addressing 14 distinct vulnerabilities across the enterprise software portfolio. The security notes span severity levels from Critical (CVSS 9.6) to Low (CVSS 3.0), encompassing core platform components, business applications,…