CloudSEK’s BeVigil platform has uncovered a critical security vulnerability affecting an aviation giant, where an exposed JavaScript file containing an unauthenticated API endpoint led to unauthorized access to Microsoft Graph tokens with elevated privileges. This security lapse resulted in the exposure of sensitive data belonging to more than 50,000 Azure Active Directory users, highlighting significant […]
The post Over 50,000 Azure AD Users’ Access Tokens Exposed via Unauthenticated API Endpoint appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
We're two weeks in from the launch of the new HIBP, and I'm still recovering. Like literally still recovering from the cold I had last week and the consequent backlog. A major launch like this isn't just something you fire and forget; instead, it
A sophisticated malware campaign that exploits legitimate SSH clients, including both the popular PuTTY application and Windows’ built-in OpenSSH implementation, to establish persistent backdoors on compromised systems. The attack demonstrates how cybercriminals are increasingly leveraging trusted administrative tools to evade detection while maintaining unauthorized access to corporate networks. Malware Exploits OpenSSH in Windows The security […]
The post Hackers Weaponized Free SSH Client Putty to Attack Windows Systems With Malware appeared first on Cyber Security News.
Organizations worldwide are turning to micro-segmentation as a cornerstone technology to combat increasingly sophisticated cyberattacks. Adoption rates are skyrocketing as traditional perimeter-based security models prove inadequate against modern threats. Recent industry data reveals a stark reality: while 70% of cybersecurity professionals agree that micro segmentation is essential for achieving Zero Trust architecture, only 5% of […]
The post Microsegmentation Technical Deep Dive into Network Security appeared first on Cyber Security News.
Denodo, a provider of logical data management software, recently faced a critical security vulnerability in its Denodo Scheduler product. This vulnerability, tracked as CVE-2025-26147, allows authenticated users to perform remote code execution (RCE) on affected systems, posing significant risks to organizations relying on this scheduling tool for data extraction and integration jobs. Introduction to Denodo […]
The post Critical Denodo Scheduler Flaw Allows Remote Code Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A significant security vulnerability has been discovered in Denodo Scheduler, a data management software component, that allows attackers to execute remote code on affected systems. The flaw, identified as CVE-2025-26147, exploits a path traversal vulnerability in the Kerberos authentication configuration feature, potentially compromising the security of enterprise data management infrastructure. Path Traversal Vulnerability The vulnerability […]
The post Denodo Scheduler Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
A critical, unauthenticated remote code execution vulnerability in vBulletin forum software is now being actively exploited. The vulnerability, which impacts vBulletin versions 5.0.0 through 6.0.3, has been assigned CVE-2025-48827 and CVE-2025-48828 and is now being actively targeted by threat actors, marking it as a Known Exploited Vulnerability (KEV). Despite patches being available for over a […]
The post Threat Actors Actively Exploiting Critical vBulletin Vulnerability in the Wild appeared first on Cyber Security News.