A critical security flaw in Zoho’s widely used identity management solution, ADSelfService Plus, has been patched after researchers discovered it could enable attackers to hijack user sessions and compromise sensitive enrollment data. Tracked as CVE-2025-1723, the high-severity vulnerability underscores the risks…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
PoC Released for HPE Remote Support Tool Vulnerability Allowing Remote Code Execution
Security researchers have released proof-of-concept (PoC) exploit code for critical vulnerabilities in Hewlett Packard Enterprise’s (HPE) Insight Remote Support (IRS) tool, including an unauthenticated XML External Entity (XXE) injection flaw (CVE-2024-53675) and a path traversal-based remote code execution (RCE) vulnerability (CVE-2024-53676). These flaws affect…
NVIDIA Issues Warning About Severe Security Flaws Enabling Code Attacks
NVIDIA has issued an urgent security bulletin urging customers using its Hopper HGX 8-GPU High-Performance Computing (HMC) systems to immediately install firmware updates addressing two critical vulnerabilities. Released on February 28, 2025, the patches target flaws that could allow attackers to execute…
Windows KDC Proxy RCE Vulnerability Allows Remote Server Takeover
A recently patched remote code execution (RCE) vulnerability in Microsoft Windows’ Key Distribution Center (KDC) Proxy implementation allows unauthenticated attackers to take control of vulnerable servers through manipulated Kerberos authentication traffic. Designated CVE-2024-43639 and rated 9.8 CVSS, this critical flaw stems from…
Chrome 134 Launches with Patches for 14 Crash-Inducing Vulnerabilities
Google has rolled out Chrome 134 to the stable channel for Windows, macOS, and Linux, addressing 14 security vulnerabilities—including high-severity flaws that could enable remote code execution or crashes. The update, version 134.0.6998.35 for Linux, 134.0.6998.35/36 for Windows, and 134.0.6998.44/45 for…
Pathfinder AI – Hunters Announces New AI Capabilities for Smarter SOC Automation
Pathfinder AI expands Hunters’ vision for AI-driven SOCs, introducing Agentic AI for autonomous investigation and response. Hunters, the leader in next-generation SIEM, today announced Pathfinder AI, a major step toward a more AI-driven SOC. Building on Copilot AI, which is…
LLMjacking – Hackers Abuse GenAI With AWS NHIs to Hijack Cloud LLMs
In a concerning development, cybercriminals are increasingly targeting cloud-based generative AI (GenAI) services in a new attack vector dubbed “LLMjacking.” These attacks exploit non-human identities (NHIs) machine accounts and API keys to hijack access to large language models (LLMs) hosted…
Google Secretly Tracks Android Devices Even Without User-Opened Apps
A recent technical study conducted by researchers at Trinity College Dublin has revealed that Google collects and stores extensive user data on Android devices, even when pre-installed Google apps are never opened. The findings indicate that cookies, device identifiers, and…
GrassCall Malware Targets Job Seekers to Steal Login Credentials
A newly identified cyberattack campaign, dubbed GrassCall, is targeting job seekers in the cryptocurrency and Web3 sectors through fake job interviews. Attributed to the Russian-speaking cybercriminal group “Crazy Evil,” the campaign uses fraudulent job postings on platforms like LinkedIn, WellFound,…
Researchers Unveil APT28’s Advanced HTA Trojan Obfuscation Tactics
Security researchers have uncovered sophisticated obfuscation techniques employed by APT28, a Russian-linked advanced persistent threat (APT) group, in their HTA (HTML Application) Trojan. The analysis, part of an ongoing investigation into APT28’s cyber espionage campaigns targeting Central Asia and Kazakhstan,…