A critical pre-authentication vulnerability (CVE-2025-6709) in MongoDB Server enables unauthenticated attackers to trigger denial-of-service (DoS) conditions by exploiting improper input validation in OIDC authentication. The flaw allows malicious actors to crash database servers by sending specially crafted JSON payloads containing…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Kansas City Man Pleads Guilty After Hacking to Promote His Cybersecurity Services
A Kansas City man has pleaded guilty to federal charges after admitting he hacked into the computer systems of multiple organizations in an attempt to promote his cybersecurity services, according to the U.S. Department of Justice. Nicholas Michael Kloster, 32,…
Open VSX Marketplace Flaw Enables Millions of Developers at Risk of Supply Chain Attacks
A newly disclosed critical vulnerability in the Open VSX Registry, the open-source marketplace for Visual Studio Code (VS Code) extensions, has put millions of developers worldwide at risk of devastating supply chain attacks. The flaw, discovered by cybersecurity researchers at…
IBM WebSphere Application Server Flaw Enables Arbitrary Code Execution
A severe security flaw has been identified in IBM WebSphere Application Server, potentially allowing remote attackers to execute arbitrary code on affected systems. Tracked under CVE-2025-36038, this vulnerability stems from a deserialization of untrusted data issue, classified under CWE-502. IBM…
Iranian APT35 Hackers Targeting High-Profile Cybersecurity Experts and Professors in Israel
The Iranian threat group Educated Manticore, also tracked as APT35, APT42, Charming Kitten, or Mint Sandstorm, has intensified its cyber-espionage operations targeting Israeli cybersecurity experts, computer science professors, and journalists. Associated with the Islamic Revolutionary Guard Corps’ Intelligence Organization (IRGC-IO),…
nOAuth Exploit Enables Full Account Takeover of Entra Cross-Tenant SaaS Applications
A severe security flaw, dubbed nOAuth, has been identified in certain software-as-a-service (SaaS) applications integrated with Microsoft Entra ID, potentially allowing attackers to achieve full account takeover across tenant boundaries. Research conducted by Semperis, disclosed on June 26, 2025, revealed…
Researchers Weaponize and Obfuscate .NET Assemblies Using MacroPack
Researchers at BallisKit have introduced a sophisticated scenario within their MacroPack Pro tool to obfuscate and weaponize .NET assemblies, significantly enhancing their stealth against modern security solutions. As .NET has become a preferred language for crafting prominent offensive tools like…
Threat Actors Exploit ChatGPT, Cisco AnyConnect, Google Meet, and Teams in Attacks on SMBs
Threat actors are increasingly leveraging the trusted names of popular software and services like ChatGPT, Cisco AnyConnect, Google Meet, and Microsoft Teams to orchestrate sophisticated cyberattacks. According to a recent report by Kaspersky Lab, SMBs, often perceived as less fortified…
WhatsApp to Introduce AI-Powered Message Summaries for Faster Catch-Up
WhatsApp has announced the upcoming launch of “Message Summaries”—an AI-powered feature designed to help users quickly catch up on unread messages. Powered by Meta AI, this innovation aims to provide concise, private summaries of chats, making it easier than ever…
Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands
Cisco has issued urgent security patches addressing two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) platforms. These flaws, which both carry the highest possible CVSS severity score of 10.0, could allow unauthenticated remote…