Critical Zip Slip Bug Enables Malicious File Manipulation on Unzip
Path traversal flaws like Zip Slip, which give hackers the ability to alter file systems while decompressing, remain a serious danger in the ever-changing world…
Category: GBHackers
Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack Campaign
Cybersecurity researchers at Huntress identified a novel ransomware variant dubbed Cephalus, deployed in two separate incidents targeting organizations lacking robust access controls. This emerging threat,…
New Cache Deception Attack Exploits Miscommunication Between Cache and Web Server
A newly documented cache deception attack leverages mismatches in path normalization and delimiter handling between caching layers and origin servers to expose sensitive endpoints and…
Underground Ransomware Gang Unleashes Innovative Tactics Targeting Global Organizations
The Underground ransomware gang has been coordinating recurring attacks on enterprises throughout the globe in a worrying increase in cyber risks. They have demonstrated sophisticated…
Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSS
Nagios has addressed a significant cross-site scripting (XSS) vulnerability in its enterprise monitoring platform Nagios XI that could allow remote attackers to execute arbitrary JavaScript…
NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege Escalation
NVIDIA released a security bulletin for NVIDIA® NeMo Curator addressing a high-severity vulnerability (CVE-2025-23307) that affects all prior versions of the Curator software. The flaw,…
Actors Attacking Government Entities With New Tactics, Techniques, and Procedures
The threat actor known as TAG-144, also referred to as Blind Eagle or APT-C-36, has been linked to five distinct activity clusters operating from May…
New Malware Exploits TASPEN Legacy Systems to Target Indonesian Elderly
Threat actors are leveraging the trusted brand of Indonesia’s state pension fund, PT Dana Tabungan dan Asuransi Pegawai Negeri (Persero), or TASPEN, to deploy a…
Spotify Launches Direct Messaging Feature Amid Security Concerns
Spotify this week unveiled a new Direct Messaging feature, enabling users to share songs, podcasts and audiobooks within the app. While the move promises streamlined recommendations and…
CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) released three Industrial Control Systems (ICS) advisories on August 26, 2025, detailing nine critical vulnerabilities in INVT VT-Designer…
Massive WordPress Site Compromise Used to Execute Malicious Commands on Victims
A large-scale cybercrime conspiracy known as ShadowCaptcha was made public by cybersecurity researchers at Israel’s National Digital Agency. This campaign exploits the ClickFix technique, deploying…
IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection
A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to session hijacking, unauthorized actions, or…