Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Microsoft Teams users across the globe are experiencing significant disruptions in file-sharing capabilities due to an unexpected outage, impacting workplace communication and collaboration. A wave of reports began surfacing from organizations and individuals unable to share files within Microsoft Teams—the…

Read more →

A sophisticated new malware suite targeting macOS, dubbed “PasivRobber,” has been discovered by security researchers. Identified on March 13, 2025, after a suspicious file named “wsus” was uploaded to VirusTotal, PasivRobber is a multi-component threat designed to steal a wide…

Read more →

The global regulatory landscape for cybersecurity is undergoing a seismic shift, with the European Union’s NIS2 Directive emerging as a critical framework for organizations operating within its jurisdiction. While ISO 27001 has long been the gold standard for information security…

Read more →

Security researchers have unveiled a new malware process injection technique dubbed “Waiting Thread Hijacking” (WTH), designed to execute malicious code within legitimate processes while bypassing many modern security defenses. Developed by Check Point Research, WTH represents an evolution of classic…

Read more →

Security awareness has become a critical component of organizational defense strategies, particularly as companies adopt zero-trust architectures. Chief Information Security Officers (CISOs) are increasingly challenged to demonstrate the effectiveness of security awareness programs through meaningful metrics that resonate with leadership.…

Read more →

Cloud computing has transformed the way organizations operate, offering unprecedented scalability, flexibility, and cost savings. However, this rapid shift to the cloud has also introduced new security challenges, with misconfigurations emerging as one of the most significant and persistent threats.…

Read more →

Cybersecurity researchers have uncovered a sophisticated JScript-to-PowerShell loader delivering XWorm RAT and Rhadamanthys Stealer through a geofenced, multi-stage execution chain. The attack leverages obfuscation, geolocation checks, and fileless techniques to evade detection. Attack Chain Breakdown Stage 1: JScript Loader Activation The campaign begins with…

Read more →

Everyday internet searches, a routine activity for billions, harbor a hidden risk: cybercriminals are increasingly manipulating search engine results to lure unsuspecting users into traps designed to steal credit card details and other sensitive information. This manipulation often involves pushing…

Read more →

As organizations accelerate their adoption of cloud technologies, the need for robust cloud security has never been more urgent. Cloud environments offer scalability, flexibility, and cost savings, but they also introduce new security challenges that traditional on-premises solutions may not…

Read more →

Paragon Software’s widely used Hard Disk Manager (HDM) product line has been found to contain five severe vulnerabilities in its kernel-level driver, BioNTdrv.sys, enabling attackers to escalate privileges to SYSTEM-level access or trigger denial-of-service (DoS) attacks. The flaws, now patched, were actively exploited…

Read more →

The Hertz Corporation has confirmed that sensitive personal information belonging to customers of its Hertz, Dollar, and Thrifty brands was compromised after hackers targeted a vendor’s file transfer platform. The breach has sparked concerns about identity theft and privacy, prompting…

Read more →

Traditional passwords have been the cornerstone of digital security for six decades, but their reign is coming to an end. As cyber threats become increasingly sophisticated and our digital footprints expand, the limitations of password-based authentication including vulnerability to phishing,…

Read more →

Over 100,000 WordPress websites have been exposed to a critical security vulnerability, following the public disclosure of a flaw in the popular SureTriggers plugin (version 1.0.78 and below) on April 10, 2025. Exploitation attempts were observed within just four hours…

Read more →

A critical 0-day vulnerability has been disclosed in CentreStack, a popular enterprise cloud storage and collaboration platform, which could allow attackers to execute arbitrary code remotely on affected web servers. The vulnerability, tracked as CVE-2025-30406, leverages a flaw in the…

Read more →

Over 100,000 WordPress websites have been exposed to a critical security vulnerability, following the public disclosure of a flaw in the popular SureTriggers plugin (version 1.0.78 and below) on April 10, 2025. Exploitation attempts were observed within just four hours…

Read more →

A newly disclosed vulnerability in Apache Roller, the popular open-source blog server, could allow attackers to bypass critical access controls and retain unauthorized access to accounts even after password changes. The flaw, tracked as CVE-2025-24859, was announced by the Apache Roller…

Read more →

A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest. The attack, which began surfacing in March 2025 and primarily targets the finance and professional…

Read more →

A security flaw in Samsung’s Quick Share feature for the Galaxy S24 series has been disclosed, enabling attackers to create arbitrary files on vulnerable devices. Tracked as CVE-2024-49421, the vulnerability highlights risks in the popular file-sharing tool preinstalled on Samsung’s flagship…

Read more →

Zero Trust Solutions is a modern cybersecurity framework built on the principle of “never trust, always verify.” Unlike traditional perimeter-based security models, Zero Trust assumes that threats can originate both inside and outside an organization’s network. It enforces strict access…

Read more →

Across the globe, a new kind of threat is targeting the very institutions dedicated to shaping the future: schools, colleges, and universities. In 2024, experts warn that educational organizations have become prime targets for online threat actors, including nation-state-backed hackers…

Read more →

The landscape of Governance, Risk, and Compliance (GRC) is undergoing a profound transformation as organizations face mounting pressures from regulatory bodies, evolving cyber threats, and the growing importance of Environmental, Social, and Governance (ESG) factors. In 2025, the convergence of…

Read more →

Early-stage startups face unique cybersecurity challenges that established enterprises have already addressed through years of investment and experience. For Chief Information Security Officers (CISOs) stepping into leadership roles at young companies, the landscape presents both opportunity and complexity. With limited…

Read more →

The National Social Security Fund (CNSS) of Morocco has confirmed that initial checks on leaked documents circulating on social media have revealed that much of the information is false, inaccurate, or incomplete. Officials state these documents originated from a cyber…

Read more →

As businesses worldwide embrace digital transformation, the European Union’s General Data Protection Regulation (GDPR), enacted in 2018, remains a cornerstone of data privacy and security. A recent safety report highlighting the rapid advancement of artificial intelligence (AI) has renewed focus…

Read more →

A new wave of cyber espionage attacks has brought BPFDoor malware into the spotlight as a stealthy and dangerous tool for compromising networks. According to security experts at Trend Micro, BPFDoor is a state-sponsored backdoor attributed to the advanced persistent…

Read more →

Cybersecurity researchers at Cisco Talos have uncovered a large-scale smishing campaign targeting toll road users across the United States. The campaign, which has been active since October 2024, impersonates toll road payment services, luring unsuspecting victims into revealing their personal…

Read more →

A significant security vulnerability has been identified in IBM Aspera Faspex 5, a popular file exchange solution. The flaw, designated as CVE-2025-3423, allows attackers to inject malicious JavaScript into the web interface, potentially compromising sensitive user data. Vulnerability Details The…

Read more →

VMware has announced that ESXi 8.0 Update 3e, the latest version of its industry-leading hypervisor, is now available for download at no cost. Released on April 10, 2025, this update is packed with enhancements, critical fixes, and new features, solidifying VMware’s dominance…

Read more →

In a concerning report from cybersecurity firm TeamT5, it has been revealed that a Chinese Advanced Persistent Threat (APT) group leveraged critical vulnerabilities in Ivanti Connect Secure VPN appliances to launch a global cyberattack. The breach affected nearly 20 industries…

Read more →

The U.S. Department of Justice has launched a landmark initiative to block foreign adversaries—including China, Russia, and Iran—from exploiting commercial channels to access sensitive American data. The Data Security Program (DSP), enacted under Executive Order 14117, establishes stringent controls over…

Read more →

A North Korean state-sponsored threat group known as “Slow Pisces” has been orchestrating sophisticated cyberattacks targeting developers in the cryptocurrency sector using malware-laced coding challenges. This campaign employs deceptive tactics and advanced malware techniques designed to infiltrate systems, steal critical…

Read more →

A chilling new development in the cybersecurity landscape has emerged, as a threat actor has reportedly advertised an alleged zero-day exploit targeting Fortinet’s FortiGate firewalls on a prominent dark web forum. This exploit purportedly enables unauthenticated remote code execution (RCE)…

Read more →

A new Remote Access Trojan (RAT) known as “GYware” is being marketed on a popular hacker forum at an affordable price of $35 per month. The malware, which is described by its creator as the “best of 2025,” reportedly boasts…

Read more →

In an era where instant messaging apps like WhatsApp, Telegram, Signal, iMessage, Viber, and WeChat dominate personal and professional communication, digital privacy and security have never been more critical. To help users keep their accounts secure and private, cybersecurity experts…

Read more →

Hackers are exploiting what’s known as “Dangling DNS” records to take over corporate subdomains, posing significant threats to organizations’ security frameworks. This attack vector has been increasingly noted by security teams, highlighting the need for constant vigilance in DNS configuration…

Read more →

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the Google Play Store to distribute Android malware. These websites, hosted on newly registered domains, create a façade of credible application installation pages, enticing victims with…

Read more →

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search engine results, pushing malicious websites to the top where unsuspecting users are likely to click. In recent years, this tactic, often known as SEO poisoning…

Read more →

The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of industries across the globe. In March 2025, this group alone managed to compromise 84 organizations, while new groups like Arkana and CrazyHunter have introduced sophisticated…

Read more →

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware, signaling its resurgence with attacks targeting Windows, Linux, and ESXi environments. HelloKitty ransomware, initially appearing in October 2020 as a fork of DeathRansom, has evolved…

Read more →

The notorious Tycoon 2FA phishing kit continues its evolution with new strategies designed to slip past endpoint detection systems. This development was highlighted in a recent analysis, showcasing several sophisticated techniques aimed at thwarting detection and analysis. Obfuscation with Invisible…

Read more →

Threat actors are using open-source software (OSS) repositories to install malicious code into trusted applications, particularly targeting cryptocurrency software. The ReversingLabs (RL) research team has identified a pattern where attackers upload seemingly legitimate packages to repositories like npm, which then…

Read more →

Enterprises are facing heightened cyber threats as attackers increasingly target network infrastructure, particularly routers, following a trend noted in Forescout Research Vedere Labs’ 2025 report on the riskiest connected devices. The Forescout report reveals a significant shift in the cybersecurity…

Read more →

Semiconductor companies, pivotal in the tech industry for their role in producing components integral to everything from consumer electronics to critical defense systems, are under siege from sophisticated cyber threats. These firms design, manufacture, and sell semiconductors, crucial elements with…

Read more →

Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious endeavors. Email bombing, known also as a “spam bomb,” involves flooding a target’s email inbox with a massive volume of emails, overwhelming the recipient and…

Read more →

INE Security Highlights How Practical, immersive training environments help defense contractors meet DoD cybersecurity requirements Defense contractors are facing increased pressure to meet the Department of Defense’s stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines. INE Security,…

Read more →

Sensata Technologies Holding PLC, a global leader in sensor solutions and electrical protection, is currently grappling with the fallout of a ransomware attack that has disrupted its operations and compromised sensitive files. The breach, first reported on April 6, 2025,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten new Industrial Control Systems (ICS) advisories to address critical vulnerabilities and exploits that could impact key industrial systems. Released on April 10, 2025, these advisories provide crucial insights into ongoing…

Read more →

Cybersecurity experts at Sublime have uncovered a complex malware campaign revolving around TROX Stealer, an information stealer that employs urgency to deceive victims. This malware, first detected in December 2024, highlights an intricate attack chain designed to extract sensitive data…

Read more →

Microsoft has fortified its Exchange Server and SharePoint Server security by integrating advanced Antimalware Scan Interface (AMSI) capabilities. This measure, aimed at countering sophisticated attack vectors, represents a crucial step to safeguard on-premises infrastructure that serves as the backbone of…

Read more →

A severe security flaw enabling unauthenticated remote code execution (RCE) with root privileges has been uncovered in select Calix networking devices, raising alarms for organizations using legacy hardware. The vulnerability resides in TCP port 6998 and impacts end-of-life (EOL) devices…

Read more →

Smishing Triad, a Chinese eCrime group, has launched an extensive operation targeting users across more than 121 countries. This campaign, primarily focused on stealing banking credentials, has evolved to include diverse industries, from postal and logistics to finance and retail…

Read more →

A vulnerability in AMD CPUs has been uncovered, enabling attackers with administrative privileges to bypass microcode signature verification and execute malicious code. Designated as CVE-2024-36347 (CVSS score: 6.4, Medium), the flaw impacts multiple generations of AMD EPYC™ server processors and select consumer…

Read more →

A critical unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-22457, has been disclosed by Ivanti, sparking concerns across the cybersecurity industry. The flaw, which affects several Ivanti products, allows attackers to execute arbitrary code remotely, potentially compromising sensitive enterprise environments. Researchers, including the Rapid7…

Read more →

A recent cybersecurity revelation has demonstrated how researchers successfully bypassed Windows Defender antivirus mechanisms using advanced techniques involving XOR encryption and direct system calls. This breakthrough has sparked discussions about the effectiveness of traditional antivirus measures against increasingly sophisticated attack…

Read more →

A newly disclosed vulnerability affecting Jenkins Docker images has raised serious concerns about network security. The vulnerability, stemming from the reuse of SSH host keys, could allow attackers to impersonate Jenkins build agents and hijack sensitive network traffic. Vulnerability Details…

Read more →

Microsoft has released an urgent patch for Office 2016 to address a critical issue causing key applications like Word, Excel, and Outlook to crash unexpectedly. The new update, KB5002623, was issued on April 10, 2025, following widespread reports of performance…

Read more →

The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been observed targeting a Western country’s military mission located within Ukraine, employing an updated, PowerShell-based version of its GammaSteel infostealer malware. This campaign, which began in…

Read more →

AhnLab Security Intelligence Center (ASEC) has unearthed a complex cyber campaign in which attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware to unsuspecting Korean users. This operation has employed cracked software and torrents as vectors for spreading…

Read more →

RansomHub, a leading Ransomware-as-a-Service (RaaS) group that emerged in early 2024, has found itself grappling with internal turmoil. The instability came to light on April 1st, 2025, when several of its client chat portals, critical for ransomware negotiations, went offline,…

Read more →

A Cisco’s Smart Install protocol (CVE-2018-0171), first patched in 2018, remains a pervasive threat to global network infrastructure due to widespread misconfigurations and exploitation by state-sponsored threat actors. The flaw allows unauthenticated attackers to execute arbitrary code on Cisco switches…

Read more →

The threat actor known as GOFFEE has launched a series of targeted attacks against critical sectors within the Russian Federation, utilizing advanced malware and phishing techniques. The group’s latest campaign involves the deployment of PowerModul, a PowerShell-based implant, to escalate…

Read more →

A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave over 100,000 websites at risk. The issue, discovered by security researcher mikemyers, allows attackers to create rogue administrative users on sites where the plugin is not…

Read more →

AI has recently been added to the list of things that keep cybersecurity leaders awake. The increasing popularity of and easy access to large language models (LLMs), such as ChatGPT, DeepSeek, and Gemini, have enabled threat actors to scale and…

Read more →

A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing…

Read more →

SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client. These vulnerabilities, identified via several Common Vulnerabilities and Exposures (CVEs), could allow malicious actors to exploit privilege management flaws, trigger local privilege escalation, or manipulate…

Read more →

Dell Technologies has issued an urgent security advisory to its users, warning of several critical vulnerabilities in its PowerScale OneFS operating system. These flaws, if exploited, could allow attackers to take over high-privileged user accounts, bypass authorization controls, and disrupt…

Read more →

A critical security vulnerability has been discovered in the Langflow AI Builder, a popular tool for creating agentic AI workflows. The flaw, tracked as CVE-2025-3248, enables unauthenticated remote attackers to compromise servers running Langflow, potentially leading to full server control.  Security…

Read more →

Cybersecurity researchers are raising alarms about Cable, a potent open-source post-exploitation toolkit designed to exploit Active Directory (AD) vulnerabilities. With 298 GitHub stars and 33 forks since its release, this .NET-based tool is rapidly gaining traction among threat actors for its…

Read more →

A critical vulnerability has been discovered in TP-Link’s Smart Hub, potentially exposing users’ Wi-Fi credentials to malicious actors. This flaw could allow attackers to gain unauthorized access to sensitive information, posing significant risks to affected users. The vulnerability, identified as CVE-2025-0072,…

Read more →

A hacker operating under the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, a leading e-commerce platform used globally to power online stores. The breach, allegedly carried out on April 6, 2025, has reportedly compromised sensitive…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts regarding two actively exploited vulnerabilities in the Linux Kernel. The flaws, tagged as CVE-2024-53197 and CVE-2024-53150, both reside in the USB-audio driver. These vulnerabilities could potentially allow attackers to manipulate…

Read more →

In a major victory against cybercrime, law enforcement agencies across North America and Europe have dismantled the infrastructure behind the Smokeloader malware, a notorious pay-per-install (PPI) botnet service. This decisive action, a continuation of the groundbreaking Operation Endgame from May…

Read more →

The cybersecurity realm has encountered a formidable adversary with the emergence of CatB ransomware, also known as CatB99 or Baxtoy. First identified in late 2022, this strain has caught the eye of security analysts due to its sophisticated evasion techniques…

Read more →

AkiraBot, identified by SentinelLABS, represents a sophisticated spam bot framework that targets website chats and contact forms to promote low-quality SEO services. Since its inception in September 2024, AkiraBot has impacted over 420,000 unique domains, successfully spamming at least 80,000…

Read more →

Southeast Asian Advanced Persistent Threat (APT) group OceanLotus, also known as APT32, has been identified as employing GitHub to conduct a sophisticated poison attack against Chinese cybersecurity professionals. The ThreatBook Research and Response Team has meticulously analyzed this incident, which…

Read more →

A newly disclosed denial-of-service (DoS) vulnerability in Palo Alto Networks’ PAN-OS software enables attackers to force firewalls into repeated reboots using maliciously crafted packets. Tracked as CVE-2025-0128, the flaw impacts SCEP (Simple Certificate Enrollment Protocol) authentication and poses significant risks to…

Read more →

A sophisticated new red team technique dubbed “RemoteMonologue” has emerged, enabling attackers to remotely harvest NTLM credentials without deploying malicious payloads or accessing the Local Security Authority Subsystem Service (LSASS). As traditional methods of credential theft face increasing scrutiny from…

Read more →

The open-source Linux firewall solution, IPFire, has officially released its latest version, IPFire 2.29 – Core Update 193. This landmark update introduces cutting-edge post-quantum encryption capabilities for IPsec tunnels, along with extensive system upgrades to bolster security, performance, and hardware optimization for…

Read more →

Palo Alto Networks has disclosed a medium-severity vulnerability (CVE-2025-0127) in its PAN-OS software, enabling authenticated administrators on VM-Series firewalls to execute arbitrary commands with root privileges. The flaw, discovered internally, affects specific legacy PAN-OS versions and requires immediate patching for impacted users.…

Read more →

The OpenSSH team has announced the release of OpenSSH 10.0 on April 9, marking an important milestone for one of the most widely-used open-source tools in secure communications. With significant protocol changes, security advancements, and new features, this version aims to provide…

Read more →

Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal underground, revealing the intricate web of tools, techniques, and cultural elements defining this notorious cybercrime ecosystem. The report highlights the sophistication and resilience of this…

Read more →

Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow—a…

Read more →

The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting scope since late December 2024. Initially, the group focused on infiltrating India’s government, defense, maritime sectors, and university students. Recent developments indicate an inclusion of…

Read more →

The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as Scattered Spider. Active since at least 2022, this group has been consistently refining its strategies for system compromise, data exfiltration, and identity theft. Silent Push…

Read more →

Threat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic, costing businesses millions. This type of fraud involves artificially triggering SMS verification requests by creating numerous synthetic identities or using automated bots, thereby inflating the…

Read more →

North Korean threat actors have demonstrated their adept use of social engineering techniques combined with Python scripting to infiltrate secure networks. The Democratic People’s Republic of Korea (DPRK) operatives are leveraging the accessibility and power of Python to craft initial…

Read more →

GreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video Recorders (DVRs). The surge in malicious activity, peaking on April 3, 2025, with over 2,500 unique IP addresses, suggests a new variant of the notorious Mirai…

Read more →

In a disturbing escalation of cyber threats, a new malware campaign dubbed ‘HollowQuill’ has been identified targeting academic institutions and government agencies worldwide. This sophisticated attack leverages weaponized PDF documents to infiltrate systems, using a combination of social engineering and…

Read more →

Microsoft has disclosed a new security vulnerability in Windows operating systems, tracked as CVE-2025-29809. This flaw, classified with Important severity, impacts the Kerberos authentication protocol, potentially enabling attackers to bypass critical security features. The vulnerability stems from weaknesses described under CWE-922: Insecure Storage of…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert highlighting a critical vulnerability in Gladinet CentreStack, a cloud-based enterprise file-sharing platform. The issue, tracked as CVE-2025-30406, involves the use of a hard-coded cryptographic key that could enable attackers to…

Read more →

The cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors. Hellcat, which emerged in mid-2024, now employs a sophisticated blend of psychological manipulation, zero-day vulnerabilities, and…

Read more →

Ransomware attacks have continued their relentless assault on organizations worldwide, with a focus on data exfiltration and subsequent blackmail through leak site posts. Rapid7 Labs’ analysis of internal and public data provides insights into the evolving landscape of ransomware threats.…

Read more →

Microsoft has uncovered a sophisticated ransomware campaign exploiting a zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824. The vulnerability allows attackers to escalate privileges from a standard user account to SYSTEM level, enabling widespread deployment…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a critical vulnerability in the Microsoft Windows Common Log File System (CLFS) Driver. The vulnerability, tracked as CVE-2025-29824, poses a significant security risk by allowing…

Read more →

GCHQ’s National Cyber Security Centre (NCSC), in collaboration with international and industry partners, has issued a global alert regarding two dangerous spyware applications – MOONSHINE and BADBAZAAR – aiming to help vulnerable communities protect themselves from digital surveillance. The NCSC…

Read more →

A critical flaw in Apache mod_auth_openidc (versions ≤2.4.16.10) allows unauthenticated attackers to bypass authentication and access protected resources. The bug, CVE-2025-31492, patched in version 2.4.16.11, affects systems using OIDCProviderAuthRequestMethod POST without an application-level gateway or load balancer. Technical Breakdown The vulnerability stems from improper…

Read more →

Microsoft has disclosed an active exploitation of a zero-day vulnerability in the Windows Common Log File System (CLFS) driver, tracked as CVE-2025-29824. The flaw, classified as an Elevation of Privilege (EoP) vulnerability, has been assigned a CVSS score of 7.8, indicating its significant security…

Read more →

Google has rolled out a critical update for its Chrome browser, addressing a high-severity vulnerability that could allow remote code execution. The flaw, identified as CVE-2025-3066, targets Chrome’s Site Isolation feature, underscoring the importance of regular browser updates in protecting…

Read more →

In today’s digital era, organizations face an ever-growing threat landscape, with cyberattacks, data breaches, and system failures becoming increasingly common. Incident response has emerged as a vital component of cybersecurity strategies, ensuring businesses can effectively detect, manage, and recover from…

Read more →

Elastic, the company behind Kibana, has released critical security updates to address a high-severity vulnerability identified as CVE-2024-12556. The flaw, referred to as “Kibana Prototype Pollution,” could allow attackers to execute arbitrary code by exploiting a combination of unrestricted file…

Read more →