Cybersecurity threats continue to evolve, with malicious actors exploiting popular platforms like Google Ads to spread malware. Recently, a sophisticated campaign targeting DeepSeek users has been uncovered, highlighting the ongoing risks associated with sponsored search results. The Threat Landscape DeepSeek,…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
CISA Adds Sitecore CMS Code Execution Vulnerability to Exploited List
The Cybersecurity and Infrastructure Security Agency (CISA) has included a critical deserialization vulnerability affecting Sitecore CMS and Experience Platform (XP). This vulnerability, tracked as CVE-2019-9874, allows unauthenticated attackers to execute arbitrary code by manipulating HTTP POST parameters, specifically the __CSRFTOKEN…
PoC Exploit Released for Ingress-NGINX RCE Vulnerabilities
A recently disclosed vulnerability in Ingress-NGINX, tracked as CVE-2025-1974, has raised concerns about the security of Kubernetes environments. This vulnerability allows for Remote Code Execution (RCE) through the validating webhook server integrated into Ingress-NGINX. A Proof of Concept (PoC) exploit…
New “ReaderUpdate” macOS Malware Evolves with Nim and Rust Variants
Security researchers at SentinelOne have discovered that ReaderUpdate, a macOS malware loader platform that has been active since at least 2020, has significantly evolved with new variants written in multiple programming languages. The malware, which previously went relatively unnoticed by…
Advanced CoffeeLoader Malware Evades Security to Deliver Rhadamanthys Shellcode
Security researchers at Zscaler ThreatLabz have identified a new sophisticated malware family called CoffeeLoader, which emerged around September 2024. This advanced loader employs numerous techniques to bypass security solutions and evade detection while delivering second-stage payloads, particularly the Rhadamanthys stealer.…
CodeQLEAKED: GitHub Supply Chain Attack Enables Code Execution via CodeQL Repositories
A recent discovery has revealed a potential supply chain attack vulnerability in GitHub’s CodeQL repositories, which could have led to wide-ranging consequences for hundreds of thousands of GitHub users. The exploit hinges on a publicly exposed secret found in a…
OpenAI Offers Up to $100,000 for Critical Infrastructure Vulnerability Reports
OpenAI has announced major updates to its cybersecurity initiatives. The company is expanding its Security Bug Bounty Program, increasing the maximum reward for critical vulnerability reports to $100,000, up from $20,000 previously. This enhanced program aims to attract top security…
Exim Use-After-Free Vulnerability Enables Privilege Escalation
A significant security threat has been uncovered in Exim, a popular open-source mail transfer agent (MTA) widely used in Linux distributions. Identified as CVE-2025-30232, this vulnerability allows for a potentially severe form of exploitation known as a use-after-free (UAF). This…
12 Cybercriminals Arrested After Ghost Communication Platform Shutdown
Law enforcement agencies have successfully dismantled a clandestine communication platform known as “Ghost,” which was used by cybercriminals to coordinate illicit activities. This significant crackdown resulted in the arrest of 12 key suspects, marking a major victory in the fight…
Splunk RCE Vulnerability Enables Remote Code Execution via File Upload
A severe vulnerability in Splunk Enterprise and Splunk Cloud Platform has been identified, allowing for Remote Code Execution (RCE) via file uploads. This exploit can be triggered by a low-privileged user, highlighting significant security risks for affected organizations. Vulnerability Overview:…