Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

CISA Issues Alert on Active Exploits of Windows CLFS Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a critical vulnerability in the Microsoft Windows Common Log File System (CLFS) Driver. The vulnerability, tracked as CVE-2025-29824, poses a significant security risk by allowing…

Read more →

NCSC Issues Alert on MOONSHINE and BADBAZAAR Mobile Malware

GCHQ’s National Cyber Security Centre (NCSC), in collaboration with international and industry partners, has issued a global alert regarding two dangerous spyware applications – MOONSHINE and BADBAZAAR – aiming to help vulnerable communities protect themselves from digital surveillance. The NCSC…

Read more →

Apache mod_auth_openidc Flaw Lets Unauthenticated Users Access Protected Data

A critical flaw in Apache mod_auth_openidc (versions ≤2.4.16.10) allows unauthenticated attackers to bypass authentication and access protected resources. The bug, CVE-2025-31492, patched in version 2.4.16.11, affects systems using OIDCProviderAuthRequestMethod POST without an application-level gateway or load balancer. Technical Breakdown The vulnerability stems from improper…

Read more →

Windows CLFS 0-Day Vulnerability Exploited in the Wild

Microsoft has disclosed an active exploitation of a zero-day vulnerability in the Windows Common Log File System (CLFS) driver, tracked as CVE-2025-29824. The flaw, classified as an Elevation of Privilege (EoP) vulnerability, has been assigned a CVSS score of 7.8, indicating its significant security…

Read more →

Chrome Use-After-Free Vulnerability Enables Remote Code Attacks

Google has rolled out a critical update for its Chrome browser, addressing a high-severity vulnerability that could allow remote code execution. The flaw, identified as CVE-2025-3066, targets Chrome’s Site Isolation feature, underscoring the importance of regular browser updates in protecting…

Read more →

20 Best Incident Response Tools in 2025

In today’s digital era, organizations face an ever-growing threat landscape, with cyberattacks, data breaches, and system failures becoming increasingly common. Incident response has emerged as a vital component of cybersecurity strategies, ensuring businesses can effectively detect, manage, and recover from…

Read more →

Kibana Releases Security Patch to Fix Code Injection Vulnerability

Elastic, the company behind Kibana, has released critical security updates to address a high-severity vulnerability identified as CVE-2024-12556. The flaw, referred to as “Kibana Prototype Pollution,” could allow attackers to execute arbitrary code by exploiting a combination of unrestricted file…

Read more →

AWS Systems Manager Plugin Flaw Allows Arbitrary Code Execution

A recently discovered vulnerability in the AWS Systems Manager (SSM) Agent, a cornerstone of Amazon Web Services (AWS) used for managing EC2 instances and on-premises servers, has raised critical security concerns. This security flaw, identified as a Path Traversal vulnerability,…

Read more →