CitrixBleed 2 Vulnerability PoC Published
A newly published proof-of-concept (PoC) for the critical CitrixBleed 2 vulnerability (CVE-2025-5777) has sent shockwaves through the cybersecurity community, with experts warning of imminent mass…
Category: GBHackers
Linux Boot Vulnerability Lets Attackers Bypass Secure Boot Protections
A newly highlighted vulnerability in the Linux boot process exposes a critical weakness in the security posture of many modern distributions. Despite widespread adoption of…
New Linux EDR Evasion Tool Exploits io_uring Kernel Feature
A new tool named RingReaper is raising eyebrows among defenders and red teamers alike. By leveraging the legitimate, high-performance Linux kernel feature known as io_uring,…
ScriptCase Vulnerabilities Allow Remote Code Execution and Full Server Compromise
Two critical vulnerabilities have been discovered in ScriptCase, a popular low-code PHP web application generator, which puts thousands of servers at risk of remote code…
PoC Released for Linux Privilege Escalation Flaw in udisksd and libblockdev
Security researchers disclosed a critical local privilege escalation (LPE) vulnerability affecting Fedora, SUSE, and other major Linux distributions. The flaw, tracked as CVE-2025-6019, resides in the…
Researchers Discover New Method to Identify Azure Arc in Enterprise Environments and Maintain Persistence
Security researchers have discovered novel ways to identify and take advantage of Microsoft Azure Arc in business settings, which is a major advancement in cybersecurity…
Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware
Cybercriminals are increasingly weaponizing legitimate software installer frameworks like Inno Setup to distribute malware, turning user-friendly tools into covert vehicles for malicious payloads. Originally designed…
Next.js Vulnerability Allows Attackers to Trigger DoS via Cache Poisoning
A critical vulnerability, tracked as CVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and =15.1.0 =15.1.0,
SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are
Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s research reveals that Browser AI…
Apache APISIX Vulnerability Enables Cross-Issuer Access Under Misconfigurations
A newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway. This flaw, rated as important, could…
Malicious SEO Plugins on WordPress Can Lead to Site Takeover
A new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated…
Instagram Now Rotating TLS Certificates Daily with 1-Week Validity
Instagram has begun rotating its TLS certificates on a daily basis, with each certificate valid for just over a week. This approach, which goes far…