Apache DolphinScheduler Vulnerability Patched — Update Immediately
A low-severity security issue in Apache DolphinScheduler has been addressed in the latest release. Identified as CVE-2024-43166 and classified under...
Read more →Category: GBHackers
Over 1,100 Ollama AI Servers Found Online, 20% at Risk
More than 1,100 instances of Ollama—a popular framework for running large language models (LLMs) locally—were discovered directly accessible on the...
Read more →
CISA Alerts on TP-Link Authentication Flaw Under Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a serious security hole in certain TP-Link...
Read more →
Namespace Reuse Vulnerability Exposes AI Platforms to Remote Code Execution
A newly discovered vulnerability in the AI supply chain—termed Model Namespace Reuse—permits attackers to achieve Remote Code Execution (RCE) across...
Read more →
PagerDuty Confirms Data Breach After Salesforce Account Compromise
PagerDuty has confirmed that it experienced a data breach following a compromise of its Salesforce account. The company was first...
Read more →
Dire Wolf Ransomware Targets Windows, Wipes Logs and Backups
The recently emerged DireWolf ransomware group has launched a sophisticated new campaign targeting Windows systems worldwide, employing ruthless tactics to...
Read more →
Google Avoids Chrome Breakup but Must Share Search Data With Competitors
The U.S. District Court for the District of Columbia today imposed landmark remedies in the Justice Department’s monopolization case against...
Read more →
Empire Red Teaming Tool Updated With Enhanced Agents and API Support
The BC-SECURITY team has released a major update to its flagship offensive security framework, Empire, introducing enhanced agent capabilities and comprehensive...
Read more →
CISA Alerts on Critical SunPower Vulnerability Allowing Full Device Takeover
The Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a high-severity alert (ICSA-25-245-03) regarding a critical vulnerability in SunPower’s PVS6...
Read more →
Google Cloud & Cloudflare Missed 3-Year Phishing Campaign
An industrial-scale phishing campaign exploiting Google Cloud and Cloudflare infrastructure operated in plain sight for more than three years, targeting...
Read more →
BruteForceAI Tool Automates Login Page Detection and Attacks
A cutting-edge penetration testing tool called BruteForceAI has arrived, bringing automation and artificial intelligence to the art of login page detection and...
Read more →
IIS WebDeploy RCE Vulnerability Gets Public PoC
A newly disclosed remote code execution (RCE) vulnerability in Microsoft’s IIS Web Deploy toolchain has captured industry attention after the...
Read more →