Over 50,000 Azure AD Users’ Access Tokens Exposed via Unauthenticated API Endpoint
CloudSEK’s BeVigil platform has uncovered a critical security vulnerability affecting an aviation giant, where an exposed JavaScript file containing an...
Read more →Category: GBHackers
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
OpenSSH has become a standard tool for secure remote management on both Linux and Windows systems. Since its inclusion as...
Read more →
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux
Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and...
Read more →
Fake Captcha Kit Tricks Users into Executing Code via Windows Run Command
Security researchers have identified a sophisticated phishing campaign leveraging a fake CAPTCHA verification system dubbed “HuluCaptcha” that covertly executes malicious...
Read more →
Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands
On May 30, 2025, CERT Polska coordinated the public disclosure of three significant security vulnerabilities affecting preinstalled Android applications on...
Read more →
IBM DataStage Bug Exposes Database Credentials in Plain Tex
A recently disclosed vulnerability in IBM InfoSphere DataStage, tracked as CVE-2025-1499, has raised concerns across the enterprise data management sector....
Read more →
Critical MediaTek Flaws Allow Hackers to Gain Elevated Access with No User Input
MediaTek has published its latest Product Security Bulletin, revealing several security vulnerabilities affecting a wide range of its chipsets used...
Read more →
Realtek Bluetooth Driver Flaw Allows Attackers to Delete Any File on Windows Systems
A high-severity security vulnerability has been identified in the Realtek Bluetooth Host Controller Interface (HCI) Adaptor, raising significant concerns for...
Read more →
Haozi’s Plug-and-Play Phishing Attack Steals Over $280,000 from Users
Netcraft security researchers have identified a significant resurgence of the Chinese-language Haozi Phishing-as-a-Service (PhaaS) operation, distinguished by its cartoon mouse...
Read more →
CISO Roles Take on Strategic Security Leadership Roles Beyond Cybersecurity as Organizations
A comprehensive analysis of over 800 Chief Information Security Officers reveals a fundamental transformation in the cybersecurity leadership landscape, with...
Read more →
Critical Denodo Scheduler Flaw Allows Remote Code Execution by Attackers
Denodo, a provider of logical data management software, recently faced a critical security vulnerability in its Denodo Scheduler product. This...
Read more →
Critical Roundcube Flaw Allows Remote Code Execution by Attackers
Roundcube Webmail, one of the most widely used browser-based IMAP clients, has released urgent security updates for its 1.6 and...
Read more →