Aggregator

You must login to view this content

Cybersecurity researchers have identified a sophisticated new phishing campaign that exploits GitHub’s OAuth2 device authorization flow to compromise developer accounts and steal authentication tokens. This emerging threat represents a significant evolution in social engineering tactics, leveraging legitimate GitHub functionality to bypass traditional security measures and gain unauthorized access to source code repositories, CI/CD pipelines, and […]

The post New GitHub Device Code Phishing Attacks Targeting Developers to Steal Tokens appeared first on Cyber Security News.

A significant security vulnerability in HashiCorp Nomad workload orchestrator that allows attackers to escalate privileges by exploiting the Access Control List (ACL) policy lookup mechanism.  The vulnerability, tracked as CVE-2025-4922, affects both Community and Enterprise editions of Nomad across multiple versions and poses a serious risk to organizations relying on the platform’s security controls.  The […]

The post HashiCorp Nomad Vulnerability Allows Privilege Escalation via ACL Policy Lookup Exploit appeared first on Cyber Security News.

A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe service. Acer has released patched versions (4.00.3058+) to address […]

The post Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability that allows attackers to bypass AI-powered content moderation systems using minimal text modifications.  The “TokenBreak” attack demonstrates how adding a single character to specific words can fool protective models while preserving the malicious intent for target systems, exposing a fundamental weakness in current AI security implementations. Simple Character Manipulation HiddenLayer reports that […]

The post New TokenBreak Attack Bypasses AI Model’s with Just a Single Character Change appeared first on Cyber Security News.

A proof-of-concept exploit published for CVE-2025-21420, a newly discovered elevation of privilege vulnerability affecting the Windows Disk Cleanup Tool (cleanmgr.exe).  The vulnerability allows attackers to escalate privileges to SYSTEM level by exploiting improper link resolution mechanisms within the SilentCleanup scheduled task, which runs with elevated privileges on Windows systems. Windows Disk Cleanup Vulnerability The vulnerability […]

The post PoC Exploit Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability appeared first on Cyber Security News.

Discover the capabilities of Microsoft 365 Data Loss Prevention (DLP) and understand its limitations. Learn how to prevent unauthorized data access and sharing.

The post Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage appeared first on Security Boulevard.

A critical spoofing vulnerability in Microsoft Defender for Identity (MDI) allows unauthenticated attackers to escalate privileges and gain unauthorized access to Active Directory environments.  The vulnerability, designated as CVE-2025-26685, exploits the Lateral Movement Paths (LMPs) feature in the MDI sensor, enabling attackers to capture authentication credentials and potentially compromise entire organizational networks. Microsoft Defender Spoofing […]

The post Microsoft Defender Spoofing Vulnerability Allows Privilege Escalation and AD Access appeared first on Cyber Security News.