gbhackers

Critical Convoy Flaw Allows Remote Code Execution on Servers

A critical vulnerability (CVE-2025-52562) in Performave Convoy, a KVM server management panel used by hosting providers, allows unauthenticated remote attackers to execute arbitrary PHP code on affected systems.

Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers

A sophisticated malware campaign has been uncovered targeting WordPress and WooCommerce platforms. The campaign involves over 20 malware variants focused on credit card skimming, credential theft, ad fraud, and further payload distribution.

Xiaomi Interoperability App Flaw Allows Unauthorized Access to User Devices

A critical vulnerability, tracked as CVE-2024-45347, has been identified in Xiaomi’s Mi Connect Service App, exposing millions of users to the risk of unauthorized access. The flaw is rated 9.6 on the CVSS scale.

WinRAR Vulnerability Exploited with Malicious Archives to Execute Code

A critical vulnerability in RARLAB’s WinRAR for Windows, tracked as CVE-2025-6218 with a CVSS score of 7.8 (High), allows attackers to execute arbitrary code by tricking users into opening specially crafted archive files.

Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass

Two critical vulnerabilities—CVE-2025-2171 and CVE-2025-2172—were discovered in Aviatrix Controller. These flaws enable full system compromise through an authentication bypass followed by command injection, affecting versions 7.2.5012.

Notepad++ Vulnerability Allows Full System Takeover — PoC Released

A critical privilege escalation vulnerability, CVE-2025-49144, has been identified in Notepad++ v8.8.1. This flaw allows attackers to gain full system control through a supply-chain attack by exploiting insecure search paths in the installer.

NCSC Issues Alert on 'UMBRELLA STAND' Malware Targeting Fortinet FortiGate Firewalls

The NCSC issued an alert regarding a newly discovered malware dubbed UMBRELLA STAND, which targets internet-facing Fortinet FortiGate 100D firewalls. This malware is designed to establish persistent access to embedded network devices.

Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation

Security researchers have identified critical vulnerabilities in Amazon Elastic Kubernetes Service (EKS) that could expose AWS credentials and enable privilege escalation. These flaws arise from misconfigured containers and excessive privileges.

Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages

A critical cryptographic vulnerability in the open-source Meshtastic project exposes users to message decryption and node hijacking risks. The issue affects multiple hardware platforms, increasing the scope of potential exposure.

OpenVPN Driver Vulnerability Let Attackers Crash Windows Systems

OpenVPN 2.7_alpha2 introduces significant security and architectural enhancements. Most notably, it addresses CVE-2025-50054, a critical Windows driver vulnerability that could allow local attackers to crash systems.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags