A critical security vulnerability has been identified in ISPConfig version 3.2.12p1, a widely used open-source web hosting control panel. The vulnerability allows authenticated attackers to escalate their privileges to that of a superadmin and execute arbitrary PHP code remotely, posing…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
New SharePoint Phishing Campaigns Employing Deceptive Lick Techniques
Security analysts at CyberProof’s Security Operations Center (SOC) have identified a sharp rise in phishing campaigns leveraging Microsoft SharePoint to bypass modern detection systems. Unlike traditional phishing attempts that rely on embedded malicious links, these sophisticated attacks exploit the inherent…
Critical Vulnerability in Lovable’s Security Policies Allows Malicious Code Injection
Security researchers have uncovered a widespread vulnerability in Lovable’s AI-powered development platform that exposes sensitive user data and enables malicious code injection across hundreds of applications. The critical vulnerability, discovered on March 20, 2025, affects the platform’s implementation of Row…
Indian Authorities Bust Cybercriminals Posing as Microsoft Tech Support
India’s Central Bureau of Investigation (CBI), the nation’s federal law enforcement agency, launched a sweeping operation targeting cyber-enabled financial fraud networks. Raids at 19 locations across India dismantled a sophisticated tech support scam operation impersonating Microsoft, primarily victimizing older adults…
CISA Issues Alert on Erlang/OTP SSH Server RCE Vulnerability Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH server implementations that allows attackers to execute arbitrary commands without authentication. The vulnerability, designated as CVE-2025-32433, has been added to CISA…
Malicious Actors Exploit SoraAI’s Popularity & GitHub to Distribute Malware
Threat actors are leveraging the growing popularity of OpenAI’s Sora, a cutting-edge video generation model, to distribute malicious software. Disguised as a legitimate shortcut file named “SoraAI.lnk,” this information-stealing malware mimics the branding of Sora to trick users into initiating…
SAP Security Patch Day: 14 Vulnerabilities Resolved Across Various Products
SAP’s June 10, 2025 Security Patch Day delivered critical security updates addressing 14 distinct vulnerabilities across the enterprise software portfolio. The security notes span severity levels from Critical (CVSS 9.6) to Low (CVSS 3.0), encompassing core platform components, business applications,…
Malware Deployment Campaigns: ‘Librarian Ghouls’ APT Group Targets Organizations
The Advanced Persistent Threat (APT) group known as “Librarian Ghouls,” also tracked as “Rare Werewolf” and “Rezet,” has been actively targeting organizations across Russia and the Commonwealth of Independent States (CIS) with highly sophisticated malware deployment campaigns. Active through May…
Exploitation of Critical Wazuh Server RCE Vulnerability Leads to Mirai Variant Deployment
The Akamai Security Intelligence and Response Team (SIRT) has uncovered active exploitation of a critical remote code execution (RCE) vulnerability in Wazuh servers, identified as CVE-2025-24016 with a CVSS score of 9.9. Disclosed in February 2025, this vulnerability affects Wazuh…
Vulnerability in DanaBot Malware C2 Server Leaks Threat Actor Usernames and Crypto Keys
A severe vulnerability in the command-and-control (C2) infrastructure of the notorious DanaBot malware has been uncovered, potentially exposing critical data belonging to threat actors. Researchers have identified a misconfiguration in the server setup that inadvertently leaks usernames and cryptographic keys…