Aggregator

A Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, lurking in the Custom GPT “Actions” feature, allowed attackers to trick the system into accessing internal cloud metadata, potentially exposing sensitive Azure credentials. The bug, discovered by Open Security during casual experimentation, highlights the risks of user-controlled URL handling in AI tools. SSRF vulnerabilities […]

The post ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets appeared first on Cyber Security News.

Microsoft has disclosed a critical SQL injection vulnerability in SQL Server that could allow authenticated attackers to escalate their privileges over a network. Tracked as CVE-2025-59499 and assigned an Important severity rating, the vulnerability stems from improper neutralization of special elements in SQL commands, exposing enterprise databases to potential unauthorized administrative access. The vulnerability, disclosed […]

The post Microsoft SQL Server Vulnerability Allows Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

Microsoft has disclosed two critical security vulnerabilities affecting GitHub Copilot and Visual Studio Code that could allow attackers to bypass important security protections. Both flaws were reported on November 11, 2025, and carry “Important” severity ratings, posing immediate risks to developers using these widely adopted tools. CVE ID Affected Product Impact Type Max Severity CVSS […]

The post GitHub Copilot and Visual Studio Flaws Let Attackers Bypass Security Protections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has released a new stable Chrome update that addresses a serious flaw in its V8 JavaScript engine. The update, now available as version 142.0.7444.162/.163 for Windows, 142.0.7444.162 for Mac, and 142.0.7444.162 for Linux, will roll out to users over the coming days and weeks. CVE ID Severity Affected Component Description CVE-2025-13042 High V8 JavaScript […]

The post Chrome Security Update Fixes Improper Implementation in V8 JavaScript Engine appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Eric Parker, a recognized cybersecurity expert, has recently released a video on ClickFix attacks, their detection, analysis, and gathering threat intelligence. Here is our recap highlighting the key points and practical advice. ClickFix as the Signature Threat of 2025 In 2025 the internet saw a sharp surge in a deceptively simple but highly effective social-engineering […]

The post ClickFix Explosion: Cross-Platform Social Engineering Turns Users Into Malware Installers  appeared first on ANY.RUN's Cybersecurity Blog.

A newly identified Android remote access trojan (RAT) dubbed KomeX has surfaced on underground hacker forums, generating widespread concern within the cybersecurity community. Marketed by a threat actor under the alias “Gendirector,” KomeX is built atop the infamous BTMOB RAT codebase and presents a formidable arsenal of spying and device control features. Recognized for its […]

The post New KomeX Android RAT Advertised on Hacker Forums with Multiple Subscription Options appeared first on Cyber Security News.