A critical vulnerability in Insyde H2O UEFI firmware (tracked as CVE-2025-XXXX) allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. This flaw exposes millions of devices to pre-boot malware and kernel-level rootkits…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Outlook Vulnerability Allows Remote Execution of Arbitrary Code by Attackers
Microsoft confirmed a critical security vulnerability (CVE-2025-47176) in Microsoft Office Outlook, enabling attackers to execute arbitrary code. Despite the “Remote Code Execution” title, the attack vector is local, requiring attackers to run code from a user’s own machine. However, the…
Windows Common Log File System Driver Flaw Allows Attackers to Escalate Privileges
Microsoft addressed a critical security flaw (CVE-2025-32713) in the Windows Common Log File System (CLFS) driver during its June 2025 Patch Tuesday. The heap-based buffer overflow vulnerability enables local attackers to escalate privileges to SYSTEM-level access, posing significant risks to…
Windows Task Scheduler Flaw Allows Attackers to Escalate Privileges
A critical elevation of privilege vulnerability has been identified in the Windows Task Scheduler service, tracked as CVE-2025-33067. Officially published on June 10, 2025, by Microsoft as the assigning CNA (CVE Numbering Authority), this flaw allows attackers to potentially gain…
Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers
Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025 Patch Tuesday updates, posing significant risks to organizations and individuals who depend on the widely used productivity software. The vulnerabilities,…
CoreDNS Vulnerability Allows Attackers to Exhaust Server Memory via Amplification Attack
A high-severity vulnerability (CVE-2025-47950) in CoreDNS’s DNS-over-QUIC (DoQ) implementation enables remote attackers to crash DNS servers through stream amplification attacks. Patched in v1.21.2, this flaw highlights risks in modern protocol adoption for cloud-native systems Goroutine Proliferation in DoQ Implementation The…
Apache CloudStack Flaw Allows Attackers to Execute Privileged Actions
Apache CloudStack, a leading open-source cloud management platform, has announced the immediate availability of new Long-Term Support (LTS) releases—version 4.19.3.0 and 4.20.1.0—to address multiple critical security vulnerabilities. The advisory, published by PMC member Pearl Dsilva on June 10, 2025, highlights…
HPE Aruba Network Flaw Exposes Sensitive Data to Potential Hackers
HPE Aruba Networking has issued a critical security advisory regarding a high-severity vulnerability in its Private 5G Core Platform. Tracked as CVE-2025-37100, the flaw enables unauthorized access to sensitive system files, posing a significant risk to enterprise confidentiality and infrastructure…
Insyde UEFI Flaw Enables Digital Certificate Injection via NVRAM Variable
A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. Dubbed Hydroph0bia, this flaw enables pre-boot execution of unsigned code, posing severe risks to…
Multiple Chrome Flaws Enable Remote Code Execution by Attackers
Google Chrome’s Stable channel is being updated to version 137.0.7151.103 for Windows and Mac, with Linux receiving version 137.0.7151.103 as well. The rollout will take place gradually over the coming days and weeks, ensuring smooth deployment and minimal disruption for…