A critical cross-site scripting (XSS) vulnerability in the popular Jenkins Gatling Plugin allows attackers to bypass Content-Security-Policy (CSP) protections. The vulnerability, tracked as CVE-2025-5806, affects Gatling Plugin version 136.vb_9009b_3d33a_e and poses significant risks to Jenkins environments utilizing this performance testing…
Tag: Cyber Security News
Arkana Ransomware Group Allegedly Claims Breach of Ticketmaster Databases
Arkana Security Group claims to have successfully gained access to Ticketmaster’s database infrastructure and exfiltrated massive volumes of sensitive customer data. The threat actors have reportedly announced their intentions to sell comprehensive datasets containing ticket sales records, payment methodologies, customer…
Critical SOQL Injection 0-Day Vulnerability in Salesforce Affects Millions Worldwide
A critical zero-day vulnerability discovered in Salesforce‘s default controller has exposed millions of user records across thousands of deployments worldwide. The security flaw, found in the built-in aura://CsvDataImportResourceFamilyController/ACTION$getCsvAutoMap controller, allowed attackers to extract sensitive user information and document details through…
New Malware Attack Via “I’m not a Robot Check” to Trick Users into Running Malware
A sophisticated new malware attack vector that manipulates users through fake browser verification prompts designed to mimic legitimate CAPTCHA systems. This attack leverages social engineering techniques combined with clipboard manipulation and obfuscated PowerShell commands to trick victims into voluntarily executing…
PoC Exploit Released for Fortinet 0-Day Vulnerability that Allows Remote Code Execution
A new proof-of-concept (PoC) exploit for a critical zero-day vulnerability affecting multiple Fortinet products raises urgent concerns about the security of enterprise network infrastructure. The vulnerability, tracked as CVE-2025-32756, carries a maximum CVSS score of 9.8 and enables unauthenticated remote…
Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux
Kali GPT, a specialized AI model built on GPT-4 architecture, has been specifically developed to integrate seamlessly with Kali Linux, offering unprecedented support for offensive security professionals and students alike. Kali GPT represents a significant breakthrough in the integration of…
New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers
A sophisticated new information-stealing malware written in the Rust programming language has emerged, demonstrating advanced capabilities to extract sensitive data from both Chromium-based and Gecko-based web browsers. The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics,…
Hackers Using New ClickFix Technique To Exploits Human Error Via Fake Prompts
Cybersecurity researchers have identified a sophisticated new social engineering campaign that exploits fundamental human trust in everyday computer interactions. The ClickFix technique, which has been actively deployed since March 2024, represents a dangerous evolution in cybercriminal tactics that bypasses traditional…
Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User
A sophisticated malware distribution campaign has weaponized over 140 GitHub repositories to target inexperienced cybercriminals and gaming cheat users, representing one of the largest documented cases of supply chain attacks on the platform. The repositories, masquerading as legitimate malware tools…
New ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware Silently
A sophisticated new social engineering attack campaign has emerged that exploits users’ familiarity with routine security checks to deliver malware through deceptive Cloudflare verification pages. The ClickFix attack technique represents a concerning evolution in phishing methodology, abandoning traditional file downloads…