Aggregator

A vulnerability was found in Tenable Network Monitor up to 6.5.0 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-24916. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenable Network Monitor up to 6.5.0 on Windows. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-24917. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in schule111 Schule up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file forgot_password.php. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-48375. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt DNS infrastructure, manipulate Non-Human Identity (NHI) secrets, and ultimately bypass zero-trust security frameworks. This research, conducted in a controlled lab environment, highlights a sophisticated attack chain targeting BIND DNS servers using a known vulnerability, CVE-2025-40775, rated as High severity with […]

The post Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The identification of this vulnerability is CVE-2025-4540. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A threat actor known as #LongNight has reportedly put up for sale remote code execution (RCE) access to Burger King Spain’s backup system, leveraging vulnerabilities in the AhsayCBS platform. Priced at $4,000, this exploit offers malicious actors a potential gateway to compromise a critical infrastructural component of the fast-food giant’s operations in Spain. 4 The […]

The post Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Alleged Sale of Web Admin Access to a Private Clinic in the USA

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. These flaws, when chained together, allow unauthenticated remote code execution (RCE) on internet-facing systems, posing a severe risk to enterprise security. EclecticIQ analysts have confirmed active exploitation in the wild since the disclosure date, with […]

The post Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Operation Endgame takes down DanaBot malware network; 300 servers neutralized, €21.2M in crypto seized, 16 charged, 20 international warrants.

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application for managing crypto assets via Ledger cold wallets. Since August 2024, Moonlock Lab has been tracking a malware campaign that initially focused on stealing passwords and wallet details but has now evolved to extract seed phrases, enabling attackers to drain […]

The post Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. "The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News. "This removes many opportunities for browsers or security

Этот Linux убивает Windows 11 её же оружием.

U.S. authorities seized the infrastructure of the DanaBot malware and charged 16 people in an action that is part of the larger Operation Endgame, a multinational initiative launched last year to disrupt and take apart global cybercriminals operations.

The post U.S. Authorities Seize DanaBot Malware Operation, Indict 16 appeared first on Security Boulevard.

Alleged Data for Sale of AT&T