A critical vulnerability in Cato Networks’ widely used macOS VPN client has been disclosed, enabling attackers with limited access to gain full control over affected systems. Tracked as ZDI-25-252 (CVE pending), the flaw highlights mounting risks for enterprises relying on remote-access tools…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Cybercriminals Trick Tenants into Sending Rent to Fraudulent Accounts
Proofpoint, a leading cybersecurity firm, has identified and named a new financially motivated Business Email Compromise (BEC) threat actor, dubbed TA2900, actively targeting individuals in France and occasionally Canada. This actor employs sophisticated social engineering tactics, sending French-language emails centered…
Researchers Turned Azure Storage Wildcards into a Stealthy Internal SOCKS5 Backdoor
Security researchers at Quarkslab have developed a new covert channel technique that exploits Microsoft’s recommended Azure Storage firewall configurations to bypass network restrictions. Their proof-of-concept tool, named “ProxyBlob,” leverages Azure Blob Storage to create a SOCKS5 proxy, allowing attackers to…
Over 90% of Cybersecurity Leaders Worldwide Report Cloud-Targeted Cyberattacks
A groundbreaking report from Rubrik Zero Labs, titled The State of Data Security: A Distributed Crisis, reveals a staggering reality for global IT and cybersecurity leaders: 90% of surveyed professionals have experienced cyberattacks within the last year, with many facing…
Ruby on Rails Vulnerability Allows CSRF Protection Bypass
A critical vulnerability in Ruby on Rails’ Cross-Site Request Forgery (CSRF) protection mechanism has been identified, affecting all versions since the 2022/2023 “fix” and persisting in the current implementation. This flaw undermines the framework’s ability to secure applications against CSRF…
New WordPress Malware Disguised as Anti-Malware Plugin Takes Full Control of Websites
The Wordfence Threat Intelligence team has identified a new strain of WordPress malware that masquerades as a legitimate plugin, often named ‘WP-antymalwary-bot.php.’ First detected on January 22, 2025, during a routine site cleanup, this malware exhibits advanced capabilities, enabling attackers…
Microsoft Telnet Server Flaw Lets Attackers Bypass Guest Login Restrictions
A newly disclosed vulnerability in Microsoft’s Telnet Server component is making headlines after researchers revealed that attackers could exploit the flaw to bypass established guest login restrictions. Security analysts warn that the flaw could pave the way for unauthorized access…
Firefox 138 Launches with Patches for Several High-Severity Flaws
Mozilla has officially released Firefox 138, marking a significant update focused on user security. The new version addresses multiple high-severity vulnerabilities, following the Mozilla Foundation Security Advisory 2025-28. The Firefox browser continues its tradition of proactive security practices, ensuring users…
Anthropic Report Reveals Growing Risks from Misuse of Generative AI Misuse
A recent threat report from Anthropic, titled “Detecting and Countering Malicious Uses of Claude: March 2025,” published on April 24, has shed light on the escalating misuse of generative AI models by threat actors. The report meticulously documents four distinct…
AWS Defaults Open Stealthy Attack Paths Enabling Privilege Escalation and Account Compromise
A recent investigation by security researchers has exposed critical vulnerabilities in the default IAM roles of several Amazon Web Services (AWS) offerings, including SageMaker, Glue, and EMR, as well as open-source projects like Ray. These roles, often automatically created or…