A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data. This vulnerability exposes users to cross-site scripting (XSS) attacks, potentially compromising sensitive information. IBM Watsonx.ai Vulnerability The issue arises from improper…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Weaponized LDAP Exploit Deploys Information-Stealing Malware
Cybercriminals are exploiting the recent critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept exploits for CVE-2024-49113 (dubbed “LDAPNightmare”). These malicious PoCs, often disguised as tools to demonstrate the vulnerability’s impact, are designed to trick security researchers and system…
QSC: Multi-Plugin Malware Framework Installs Backdoor on Windows
The QSC Loader service DLL named “loader.dll” leverages two distinct methods to obtain the path to the Core module code. It either extracts the path from the system directory “drivers\msnet” or reads and deletes a 256-byte path string from the…
Hackers Targeting Users Who Lodged Complaints On Government portal To Steal Credit Card Data
Fraudsters in the Middle East are exploiting a vulnerability in the government services portal. By impersonating government officials, they target individuals who have filed commercial complaints. Using Remote Access Software, the fraudsters can then steal credit card information and conduct…
New NonEuclid RAT Evades Antivirus and Encrypts Critical Files
A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been shown to pose a significant and ever-evolving cyber threat. The malware leverages a multifaceted approach to evade detection and maintain persistence, employing advanced techniques such…
Juniper Networks Vulnerability Let Remote Attacker Execute Network Attacks
Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved platforms. Identified as CVE-2025-21598, this flaw allows unauthenticated remote attackers to exploit a critical out-of-bounds read vulnerability in the routing protocol daemon (rpd). The vulnerability…
Beware! Fake Crowdstrike Recruitment Emails Spread Cryptominer Malware
CrowdStrike, a leader in cybersecurity, uncovered a sophisticated phishing campaign that leverages its recruitment branding to propagate malware disguised as an “employee CRM application.” This alarming attack vector begins with a fraudulent email impersonating CrowdStrike’s hiring team, coaxing recipients into…
“Siri Data Stays Private, Not Used for Ads,” Apple Says
Apple Inc. says its commitment to user privacy, emphasizing that its products, such as the digital assistant Siri, are designed to safeguard personal data from the very beginning and not used for any advertising purpose. “Apple has never used Siri…
PowerSchool Hacked – Attackers Accessed Personal Data of Students and Teachers
Walker County Schools has reported that unauthorized access to personal data belonging to students and educators was achieved through the company’s student information system vendor, PowerSchool. Superintendent Damon Raines informed the community about the breach following an email notification from…
United Nations Aviation Agency Hacked Recruitment Data Exposed
The International Civil Aviation Organization (ICAO), a United Nations agency responsible for coordinating global aviation standards, has reported a significant information security incident that has exposed the personal data of approximately 42,000 applicants. The agency is actively investigating the breach,…