GBhackers

Researchers Defeat Content Security Policy Protections via HTML Injection

Security researchers have demonstrated a method to bypass nonce-based Content Security Policy (CSP) protections using HTML injection, CSS-based nonce leakage, and browser cache manipulation.

Wing FTP Server Vulnerability Allows Full Server Takeover by Attackers

A critical vulnerability identified as CVE-2025-47812 affects Wing FTP Server versions v7.4.3 and earlier. Wing FTP released a security update on May 14, 2025, to address this issue. Proof-of-concept exploit code is publicly available.

Cl0p Ransomware’s Exfiltration Process Exposes RCE Vulnerability

A newly disclosed vulnerability in the Python-based data-exfiltration utility used by the notorious Cl0p ransomware group has exposed the cybercrime operation itself to potential attack. The vulnerability is rated 8.9 (High) on the CVSS 4.0 scale.

ModSecurity WAF Vulnerability Enables DoS Using Empty XML Elements

A newly disclosed vulnerability in ModSecurity, a widely used open-source web application firewall (WAF), exposes servers to denial-of-service (DoS) attacks by exploiting a flaw in the way the software parses empty XML elements.

Hunt Electronic DVR Vulnerability Leaves Admin Credentials Unprotected

A critical vulnerability (CVE-2025-6561) in Hunt Electronics’ hybrid DVRs (models HBF-09KD and HBF-16NK) allows unauthenticated remote attackers to access configuration files containing plaintext administrator credentials.

MOVEit Transfer Systems Hit by Wave of Attacks Using Over 100 Unique IPs

A significant surge in scanning and exploitation activity has been observed targeting Progress Software’s MOVEit Transfer platform. Over 682 unique IP addresses have been identified in scanning operations.

Kubernetes NodeRestriction Flaw Lets Nodes Bypass Resource Authorization

A vulnerability in Kubernetes, tracked as CVE-2025-4563, allows compromised nodes to bypass authorization checks for dynamic resource allocation. It can lead to privilege escalation in clusters where specific configurations are enabled.

NVIDIA Megatron LM Flaw Allows Attackers to Inject Malicious Code

NVIDIA addressed two high-severity vulnerabilities—CVE-2025-23264 and CVE-2025-23265—in open-source Megatron-LM framework, addressing . These flaws allow attackers to inject and execute malicious code via specially crafted files.

Over 2,000 Devices Compromised by Weaponized Social Security Statement Phishing Attacks

A recent phishing campaign has compromised over 2,000 devices by impersonating the U.S. Social Security Administration (SSA). The attackers used a convincing email lure to redirect victims to a fake SSA webpage hosted on Amazon Web Services (AWS).

Weaponized DMV-Themed Phishing Scam Targets U.S. Citizens to Steal Personal and Financial Data

A widespread and highly coordinated phishing campaign is targeting U.S. citizens by impersonating state Departments of Motor Vehicles (DMVs). The campaign uses smishing tactics to steal personal and financial data through fake DMV websites.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags