Cybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Weaponized VS Code Impersonate Zoom App Steals Cookies From Chrome
A newly identified extension for Visual Studio Code (VS Code) has been found to impersonate a legitimate Zoom application, enabling cybercriminals to steal sensitive cookies from Google Chrome. This incident marks a significant escalation in the tactics employed by malicious…
PoC Exploit Released for TP-Link Code Execution Vulnerability(CVE-2024-54887)
A security researcher, exploring reverse engineering and exploit development, has successfully identified a critical vulnerability in the TP-Link TL-WR940N router, specifically affecting hardware versions 3 and 4 with all firmware up to the latest version. This vulnerability, which has been…
Brave Browser Vulnerability Allows Malicious Website Appears as Trusted One
A security vulnerability has been identified in Brave Browser, potentially allowing malicious websites to masquerade as trusted ones during file upload or download operations. The issue, tracked under CVE-2025-23086, affects specific versions of the Brave browser on desktop platforms, creating…
Critical SUSE Linux Distro Injection Vulnerability Allow Attackers Exploits “go-git” Library
A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications. This issue affects all versions before 5.13.0 and is characterized by an argument injection vulnerability, enabling potential attackers…
Gootloader Malware Employs Blackhat SEO Techniques To Attack Victims
The Gootloader malware family employs sophisticated social engineering tactics to infiltrate computers. By leveraging compromised legitimate WordPress websites, Gootloader’s operators manipulate Google search results to redirect users to a deceptive online message board. They link the malware to a simulated…
Beware! Fake SBI Reward APK Attacking Users to Deliver Android Malware
A recent phishing campaign has targeted customers of SBI Bank through a deceptive message circulating in WhatsApp groups. The message falsely claims that the recipient’s SBI reward points, amounting to Rs 9,980, will expire unless they download a purported “SBI…
Apache CXF Vulnerability Triggers DoS Attack
Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services. This issue, documented as CVE-2025-23184, poses a significant risk as it can lead to a Denial of Service (DoS) attack…
Microsoft Rolls Out New Administrator Protection Feature Under Windows Security
Microsoft has announced the release of Windows 11 Insider Preview Build 27774 to the Canary Channel. This build comes packed with enhancements, including a significant new feature aimed at bolstering system security—Administrator Protection. The highlight of this update is the…
New Contacto Ransomware Evades AV Detection & Uses Windows Console for Execution
In early January 2025, a new ransomware strain identified as Contacto surfaced, showcasing advanced techniques designed to bypass conventional security measures. This analysis provides insights into its operational mechanisms, particularly suited for professionals venturing into ransomware analysis. Operational Mechanisms Upon…