Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities
A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group, tracked as “Operation SyncHole,” has compromised at least six South Korean…
Category: GBHackers
Small Businesses Identified as Key Targets in Ransomware Attacks
Verizon Business’s 2025 Data Breach Investigations Report (DBIR), released on April 24, 2025, paints a stark picture of the cybersecurity landscape, drawing from an analysis…
ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools
In a alarming cybersecurity breach uncovered by Cisco Talos in 2023, a critical infrastructure enterprise fell victim to a meticulously orchestrated attack involving multiple threat…
NVIDIA NeMo Vulnerability Enables Remote Exploits
NVIDIA has issued an urgent security advisory addressing three high-severity vulnerabilities in its NeMo Framework, a platform widely used for developing AI-powered applications. The flaws,…
Multiple Cisco Tools at Risk from Erlang/OTP SSH Remote Code Execution Flaw
Cisco has issued a high-severity advisory (cisco-sa-erlang-otp-ssh-xyZZy) warning of a critical remote code execution (RCE) vulnerability in products using Erlang/OTP’s SSH server. The flaw, tracked…
Commvault RCE Vulnerability Exploited—PoC Released
Enterprises and managed service providers globally are now facing urgent security concerns following the disclosure of a major pre-authenticated remote code execution (RCE) vulnerability in…
Zyxel RCE Flaw Lets Attackers Run Commands Without Authentication
Security researcher Alessandro Sgreccia (aka “rainpwn”) has revealed a set of critical vulnerabilities in Zyxel’s USG FLEX-H firewall series that enable remote code execution (RCE)…
Hackers Use 1000+ IP Addresses to Target Ivanti VPN Vulnerabilities
A sweeping wave of suspicious online activity is putting organizations on alert as hackers ramp up their efforts to probe vulnerabilities in Ivanti Connect Secure…
Critical Langflow Flaw Enables Malicious Code Injection – Technical Breakdown Released
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score of 9.8, has been uncovered in Langflow, an open-source platform widely…
Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory
A high-severity denial-of-service (DoS) vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash servers or exhaust system memory by exploiting improperly limited output buffers.…
Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities
Google’s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of threat actors, particularly China-nexus groups. These adversaries are deploying custom malware…
GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs
Why Application Security is Non-Negotiable The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak…