Security researchers have uncovered three critical vulnerabilities in Extreme Networks’ IQ Engine (HiveOS) that collectively enable authenticated attackers to escalate privileges, decrypt passwords, and execute arbitrary commands on affected systems. The flaws—tracked as CVE-2025-27229, CVE-2025-27228, and CVE-2025-27227—were disclosed through coordinated efforts led by Lukas Schauer of Bonn-Rhein-Sieg University of Applied Sciences, prompting Extreme Networks to […]
The post HiveOS Vulnerabilities Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.
For the latest discoveries in cyber research for the week of 3rd March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Orange Group has confirmed a cyberattack on its Romanian branch, in which a hacker linked to the HellCat ransomware group stole 6.5GB of data over a month. The breach exposed 380,000 email […]
The post 3rd March – Threat Intelligence Report appeared first on Check Point Research.
Google is rolling out a new privacy-focused feature called Shielded Email, designed to prevent apps and services from accessing users’ primary email addresses during sign-ups. The feature, first discovered in a Google Play Services APK teardown by Android Authority months ago, will generate unique email aliases for each app or website, shielding users’ real addresses from potential data […]
The post Google Launches Shielded Email to Keep Your Address Hidden from Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
The cybersecurity landscape of 2024 witnessed an unprecedented increase in mass internet exploitation, driven by attackers’ ability to automate vulnerability exploits within hours of disclosure. GreyNoise’s 2025 Mass Internet Exploitation Report reveals a systematic industrialization of cyberattacks, with threat actors leveraging both cutting-edge and decades-old vulnerabilities to compromise systems at scale. From ransomware campaigns to […]
The post Attackers Automating Vulnerability Exploits with Few Hours of Disclosure appeared first on Cyber Security News.
The United States has paused offensive cyber operations against Russia under an order from Defense Secretary Pete Hegseth, causing debates over geopolitical strategy and domestic cybersecurity priorities. While U.S. Cyber Command—a Unified Combatant Command overseeing military cyber operations—adheres to the directive, the Cybersecurity and Infrastructure Security Agency (CISA) insists its defensive posture remains unchanged. The […]
The post U.S. Halts Cyber Operations Targeting Russia appeared first on Cyber Security News.
Unit 42, the threat intelligence team at Palo Alto Networks, has identified a sophisticated threat actor group named JavaGhost that has evolved from website defacement to executing persistent phishing campaigns using compromised AWS environments. The group, active since at least 2022, exploits overly permissive Amazon Identity and Access Management (IAM) permissions to leverage victims’ Simple […]
The post JavaGhost Leveraging Amazon IAM Permissions To Trigger Phishing Attack appeared first on Cyber Security News.