A recently disclosed vulnerability in IBM InfoSphere DataStage, tracked as CVE-2025-1499, has raised concerns across the enterprise data management sector. The flaw centers on the cleartext storage of sensitive credential information, potentially exposing database authentication details to authenticated users. Below,…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Critical MediaTek Flaws Allow Hackers to Gain Elevated Access with No User Input
MediaTek has published its latest Product Security Bulletin, revealing several security vulnerabilities affecting a wide range of its chipsets used in smartphones, tablets, AIoT devices, smart displays, smart platforms, OTT devices, computer vision systems, audio equipment, and TVs. Device OEMs…
HuluCaptcha: Fake Captcha Kit Tricks Users into Executing Code via Windows Run Command
Security researchers have identified a sophisticated phishing campaign leveraging a fake CAPTCHA verification system dubbed “HuluCaptcha” that covertly executes malicious code through the Windows Run command. The attack chain begins with seemingly legitimate CAPTCHA challenges that, upon interaction, trigger script…
Realtek Bluetooth Driver Flaw Allows Attackers to Delete Any File on Windows Systems
A high-severity security vulnerability has been identified in the Realtek Bluetooth Host Controller Interface (HCI) Adaptor, raising significant concerns for device manufacturers and end-users. The flaw, tracked as CVE-2024-11857, was disclosed on June 2, 2025, and published in both the…
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
OpenSSH has become a standard tool for secure remote management on both Linux and Windows systems. Since its inclusion as a default component in Windows 10 version 1803, attackers have increasingly exploited its presence, leveraging it as a “Living Off…
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux
Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and…
Haozi’s Plug-and-Play Phishing Attack Steals Over $280,000 From Users
Netcraft security researchers have identified a significant resurgence of the Chinese-language Haozi Phishing-as-a-Service (PhaaS) operation, distinguished by its cartoon mouse mascot and frictionless cybercrime toolkit. The group’s cryptocurrency wallet has processed over $280,000, with substantial recent withdrawals, while thousands of…
CISO Roles Take on Strategic Security Leadership Roles Beyond Cybersecurity as Organizations
A comprehensive analysis of over 800 Chief Information Security Officers reveals a fundamental transformation in the cybersecurity leadership landscape, with CISOs increasingly assuming strategic business responsibilities that extend far beyond traditional information security functions. The fifth annual CISO Compensation and…
Over 50,000 Azure AD Users’ Access Tokens Exposed via Unauthenticated API Endpoint
CloudSEK’s BeVigil platform has uncovered a critical security vulnerability affecting an aviation giant, where an exposed JavaScript file containing an unauthenticated API endpoint led to unauthorized access to Microsoft Graph tokens with elevated privileges. This security lapse resulted in the…
Critical Denodo Scheduler Flaw Allows Remote Code Execution by Attackers
Denodo, a provider of logical data management software, recently faced a critical security vulnerability in its Denodo Scheduler product. This vulnerability, tracked as CVE-2025-26147, allows authenticated users to perform remote code execution (RCE) on affected systems, posing significant risks to…