Security researchers have disclosed a critical vulnerability in Kubernetes Capsule v0.10.3 and earlier versions that allows authenticated tenant users to inject arbitrary labels into system namespaces, fundamentally breaking multi-tenant isolation. The vulnerability, tracked as CVE-2025-55205 with a CVSS score of 9.9, enables attackers to bypass security boundaries and access cross-tenant resources, potentially leading to cluster-wide compromise. Vulnerability […]
The post Kubernetes Capsule Vulnerability Enables Attackers to Inject Arbitrary Labels appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram channel that claimed to represent a collective of three established cybercrime groups: Scattered Spider, ShinyHunters, and LAPSUS$. Historical exploitation of CVE-2025-31324 Earlier this year, a suspected initial access broker group abused CVE-2025-31324 – a missing … More →
The post Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) appeared first on Help Net Security.
You must login to view this content
Cybersecurity researchers have uncovered a sophisticated attack campaign where hackers exploiting a critical Apache ActiveMQ vulnerability are taking the unusual step of patching the security flaw after gaining access to victim systems. The Red Canary Threat Intelligence team observed this counterintuitive behavior across dozens of compromised cloud-based Linux servers, revealing a strategic approach to maintaining […]
The post Hackers Exploit Apache ActiveMQ Flaw to Breach Cloud Linux Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.