Aggregator

HashiCorp disclosed a critical security flaw (CVE-2025-4922) in its Nomad workload orchestration tool on June 11, 2025, exposing clusters to privilege escalation risks through improper ACL policy enforcement. The vulnerability, rated 8.1 CVSS, enables attackers to bypass namespace restrictions via strategic job naming conventions. Technical Analysis Nomad’s Access Control List (ACL) system uses prefix-based matching […]

The post HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity professionals and business leaders are on high alert following a confirmed breach of a utility billing software provider, traced to unpatched vulnerabilities in the widely used SimpleHelp Remote Monitoring and Management (RMM) platform. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning that ransomware actors have leveraged these security gaps […]

The post Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

Security researchers at Citizen Lab have uncovered the first forensic evidence linking Paragon’s Graphite mercenary spyware to zero-click attacks on journalists’ iPhones. The campaigns exploited a now-patched iMessage vulnerability (CVE-2025-43200) to compromise devices running iOS 18.2.1, highlighting the persistent threat of state-aligned surveillance against civil society Technical Overview of the Attack Chain According to the […]

The post Graphite Spyware Uses iOS Zero-Click Flaw to Target Journalists appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.