Critical HIKVISION applyCT Flaw Allows Remote Code Execution
A newly disclosed vulnerability, tracked as CVE-2025-34067, has been identified in HIKVISION’s widely deployed security management platform, applyCT (also known as...
Read more →Category: GBHackers
Massive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit Users
HUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google...
Read more →
Researchers Defeat Content Security Policy Protections via HTML Injection
In a breakthrough that challenges the perceived safety of nonce-based Content Security Policy (CSP), security researchers have demonstrated a practical...
Read more →
Catwatchful Android Spyware Leaks Credentials of 62,000+ Users
A major security lapse has exposed the credentials of over 62,000 users of Catwatchful, a full-featured Android spyware app that...
Read more →
Multiple PHP Vulnerabilities Enables SQLi and DoS Attacks – Update Now
Security researchers have disclosed two significant vulnerabilities in PHP, the popular server-side scripting language, that could allow attackers to launch...
Read more →
New “123 | Stealer” Malware Rented on Dark Web for $120/Month
A new credential-stealing malware, dubbed “123 | Stealer,” has surfaced on underground cybercrime forums, with the threat actor known as #koneko offering...
Read more →
Let’s Encrypt Expands to Issue SSL/TLS Certificates for IP Addresses
Let’s Encrypt, a leading certificate authority (CA) known for providing free SSL/TLS certificates since 2015, has issued its first-ever certificate...
Read more →
Apache Tomcat and Camel Vulnerabilities Actively Targeted in Cyberattacks
The Apache Foundation disclosed several critical vulnerabilities affecting two of its widely used software platforms, Apache Tomcat and Apache Camel,...
Read more →
Azure API Vulnerabilities Expose VPN Keys and Grant Over-Privileged Access via Built-In Roles
Token Security experts recently conducted a thorough investigation that exposed serious security weaknesses in Microsoft Azure’s Role-Based Access Control (RBAC)...
Read more →
Beware of Fake Chinese E-Commerce Sites Imitating Apple, Wrangler, and Exploiting Payment Services like MasterCard and PayPal
A sophisticated phishing campaign, initially spotlighted by Mexican journalist Ignacio Gómez Villaseñor, has evolved into a sprawling global threat, as...
Read more →
New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks
NSFOCUS Fuying Lab’s Global Threat Hunting System has discovered a new botnet family called “hpingbot” that has been quickly expanding...
Read more →
Threat Actors Exploit .COM TLD to Host Widespread Credential Phishing Sites
Threat actors have dramatically increased their exploitation of the cybersecurity sector, which is a disturbing development. Spain’s country code TLD,...
Read more →