Category: GBHackers

Critical Zip Slip Bug Enables Malicious File Manipulation on Unzip
27
Aug
2025

Critical Zip Slip Bug Enables Malicious File Manipulation on Unzip

Path traversal flaws like Zip Slip, which give hackers the ability to alter file systems while decompressing, remain a serious…

Share: X : Critical Zip Slip Bug Enables Malicious File Manipulation on UnzipFacebook : Critical Zip Slip Bug Enables Malicious File Manipulation on UnzipLinkedin : Critical Zip Slip Bug Enables Malicious File Manipulation on UnzipReddit : Critical Zip Slip Bug Enables Malicious File Manipulation on UnzipTelegram : Critical Zip Slip Bug Enables Malicious File Manipulation on UnzipWhatsApp : Critical Zip Slip Bug Enables Malicious File Manipulation on UnzipEmail : Critical Zip Slip Bug Enables Malicious File Manipulation on Unzip
Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack Campaign
27
Aug
2025

Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack Campaign

Cybersecurity researchers at Huntress identified a novel ransomware variant dubbed Cephalus, deployed in two separate incidents targeting organizations lacking robust…

Share: X : Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack CampaignFacebook : Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack CampaignLinkedin : Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack CampaignReddit : Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack CampaignTelegram : Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack CampaignWhatsApp : Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack CampaignEmail : Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack Campaign
New Cache Deception Attack Exploits Miscommunication Between Cache and Web Server
27
Aug
2025

New Cache Deception Attack Exploits Miscommunication Between Cache and Web Server

A newly documented cache deception attack leverages mismatches in path normalization and delimiter handling between caching layers and origin servers…

Share: X : New Cache Deception Attack Exploits Miscommunication Between Cache and Web ServerFacebook : New Cache Deception Attack Exploits Miscommunication Between Cache and Web ServerLinkedin : New Cache Deception Attack Exploits Miscommunication Between Cache and Web ServerReddit : New Cache Deception Attack Exploits Miscommunication Between Cache and Web ServerTelegram : New Cache Deception Attack Exploits Miscommunication Between Cache and Web ServerWhatsApp : New Cache Deception Attack Exploits Miscommunication Between Cache and Web ServerEmail : New Cache Deception Attack Exploits Miscommunication Between Cache and Web Server
Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global Organizations
27
Aug
2025

Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global Organizations

The Underground ransomware gang has been coordinating recurring attacks on enterprises throughout the globe in a worrying increase in cyber…

Share: X : Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global OrganizationsFacebook : Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global OrganizationsLinkedin : Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global OrganizationsReddit : Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global OrganizationsTelegram : Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global OrganizationsWhatsApp : Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global OrganizationsEmail : Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global Organizations
Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSS
27
Aug
2025

Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSS

Nagios has addressed a significant cross-site scripting (XSS) vulnerability in its enterprise monitoring platform Nagios XI that could allow remote…

Share: X : Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSSFacebook : Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSSLinkedin : Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSSReddit : Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSSTelegram : Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSSWhatsApp : Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSSEmail : Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSS
NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege Escalation
27
Aug
2025

NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege Escalation

NVIDIA released a security bulletin for NVIDIA® NeMo Curator addressing a high-severity vulnerability (CVE-2025-23307) that affects all prior versions of…

Share: X : NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege EscalationFacebook : NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege EscalationLinkedin : NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege EscalationReddit : NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege EscalationTelegram : NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege EscalationWhatsApp : NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege EscalationEmail : NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege Escalation
Actors Attacking Government Entities With New Tactics, Techniques, and Procedures
27
Aug
2025

Actors Attacking Government Entities With New Tactics, Techniques, and Procedures

The threat actor known as TAG-144, also referred to as Blind Eagle or APT-C-36, has been linked to five distinct…

Share: X : Actors Attacking Government Entities With New Tactics, Techniques, and ProceduresFacebook : Actors Attacking Government Entities With New Tactics, Techniques, and ProceduresLinkedin : Actors Attacking Government Entities With New Tactics, Techniques, and ProceduresReddit : Actors Attacking Government Entities With New Tactics, Techniques, and ProceduresTelegram : Actors Attacking Government Entities With New Tactics, Techniques, and ProceduresWhatsApp : Actors Attacking Government Entities With New Tactics, Techniques, and ProceduresEmail : Actors Attacking Government Entities With New Tactics, Techniques, and Procedures
New Malware Exploits TASPEN Legacy Systems to Target Indonesian Elderly
27
Aug
2025

New Malware Exploits TASPEN Legacy Systems to Target Indonesian Elderly

Threat actors are leveraging the trusted brand of Indonesia’s state pension fund, PT Dana Tabungan dan Asuransi Pegawai Negeri (Persero),…

Share: X : New Malware Exploits TASPEN Legacy Systems to Target Indonesian ElderlyFacebook : New Malware Exploits TASPEN Legacy Systems to Target Indonesian ElderlyLinkedin : New Malware Exploits TASPEN Legacy Systems to Target Indonesian ElderlyReddit : New Malware Exploits TASPEN Legacy Systems to Target Indonesian ElderlyTelegram : New Malware Exploits TASPEN Legacy Systems to Target Indonesian ElderlyWhatsApp : New Malware Exploits TASPEN Legacy Systems to Target Indonesian ElderlyEmail : New Malware Exploits TASPEN Legacy Systems to Target Indonesian Elderly
Spotify Launches Direct Messaging Feature Amid Security Concerns
27
Aug
2025

Spotify Launches Direct Messaging Feature Amid Security Concerns

Spotify this week unveiled a new Direct Messaging feature, enabling users to share songs, podcasts and audiobooks within the app. While the…

Share: X : Spotify Launches Direct Messaging Feature Amid Security ConcernsFacebook : Spotify Launches Direct Messaging Feature Amid Security ConcernsLinkedin : Spotify Launches Direct Messaging Feature Amid Security ConcernsReddit : Spotify Launches Direct Messaging Feature Amid Security ConcernsTelegram : Spotify Launches Direct Messaging Feature Amid Security ConcernsWhatsApp : Spotify Launches Direct Messaging Feature Amid Security ConcernsEmail : Spotify Launches Direct Messaging Feature Amid Security Concerns
CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits
27
Aug
2025

CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) released three Industrial Control Systems (ICS) advisories on August 26, 2025, detailing nine…

Share: X : CISA Issues New ICS Advisories on Critical Vulnerabilities and ExploitsFacebook : CISA Issues New ICS Advisories on Critical Vulnerabilities and ExploitsLinkedin : CISA Issues New ICS Advisories on Critical Vulnerabilities and ExploitsReddit : CISA Issues New ICS Advisories on Critical Vulnerabilities and ExploitsTelegram : CISA Issues New ICS Advisories on Critical Vulnerabilities and ExploitsWhatsApp : CISA Issues New ICS Advisories on Critical Vulnerabilities and ExploitsEmail : CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits
Massive WordPress Site Compromise Used to Execute Malicious Commands on Victims
27
Aug
2025

Massive WordPress Site Compromise Used to Execute Malicious Commands on Victims

A large-scale cybercrime conspiracy known as ShadowCaptcha was made public by cybersecurity researchers at Israel’s National Digital Agency. This campaign…

Share: X : Massive WordPress Site Compromise Used to Execute Malicious Commands on VictimsFacebook : Massive WordPress Site Compromise Used to Execute Malicious Commands on VictimsLinkedin : Massive WordPress Site Compromise Used to Execute Malicious Commands on VictimsReddit : Massive WordPress Site Compromise Used to Execute Malicious Commands on VictimsTelegram : Massive WordPress Site Compromise Used to Execute Malicious Commands on VictimsWhatsApp : Massive WordPress Site Compromise Used to Execute Malicious Commands on VictimsEmail : Massive WordPress Site Compromise Used to Execute Malicious Commands on Victims
IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection
27
Aug
2025

IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection

A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to…

Share: X : IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript InjectionFacebook : IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript InjectionLinkedin : IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript InjectionReddit : IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript InjectionTelegram : IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript InjectionWhatsApp : IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript InjectionEmail : IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection