Microsoft IIS Web Deploy Vulnerability Allows Remote Code Execution
Microsoft has disclosed a critical security vulnerability in its Internet Information Services (IIS) Web Deploy tool that could allow attackers to execute arbitrary code remotely…
Category: GBHackers
EncryptHub Turns Brave Support Into a Dropper; MMC Flaw Completes the Run
Trustwave SpiderLabs researchers have uncovered a sophisticated EncryptHub campaign that ingeniously abuses the Brave Support platform to deliver malicious payloads, leveraging the recently disclosed CVE-2025-26633…
Splunk Publishes Defender’s Guide to Spot ESXi Ransomware Early
Splunk has released a comprehensive defender’s guide aimed at helping cybersecurity teams detect and prevent ransomware attacks targeting ESXi infrastructure before they can cause widespread…
Attackers Need Just One Vulnerability to Own Your Rooted Android
Android privilege escalation has been transformed by rooting frameworks such as KernelSU, APatch, and SKRoot, which use advanced kernel patching techniques to enable unauthorized code…
Proxyware Campaign Piggybacks on Popular YouTube Video Download Services
The AhnLab Security Intelligence Center (ASEC) has uncovered fresh instances of proxyware distribution by threat actors leveraging deceptive advertising on freeware sites. Building on prior…
Critical WordPress Plugin Vulnerability Puts 70,000+ Sites at Risk of Remote Code Execution
A severe security vulnerability has been discovered in a popular WordPress plugin used by over 70,000 websites worldwide, potentially exposing them to complete takeover by…
Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public
Security researchers have disclosed critical vulnerabilities in Xerox FreeFlow Core that enable unauthenticated remote attackers to execute arbitrary code on vulnerable systems. The proof-of-concept exploits…
CISA Alerts on N-able N-Central Deserialization and Injection Flaw Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent alerts regarding two critical vulnerabilities in N-able N-Central that are currently being actively exploited, prompting…
Infamous XZ Backdoor Found Hidden in Docker Images for Over a Year
Security researchers at Binarly have discovered that the sophisticated supply chain hack still exists in publicly accessible Docker images on Docker Hub, more than a…
Emerging AI-Driven Phishing Trends Reshape Cybercrime Tactics
Artificial intelligence (AI) in advances and adaptive social engineering techniques have led to a significant revolution in phishing and scams within the continually changing realm…
Google’s Android pKVM Framework Achieves SESIP Level 5 Certification
Google has revealed that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework (AVF), has achieved SESIP Level 5 certification, marking a major…
Adobe’s August 2025 Patch Tuesday Fixes 60 Vulnerabilities Across Multiple Products
Adobe has rolled out its August 2025 Patch Tuesday updates, addressing a total of 60 vulnerabilities across a wide array of products, including key creative…