The Hacker News
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation 17 Ιανουαρίου, 2025Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report. "An attacker
- Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation 17 Ιανουαρίου, 2025Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis. "These […]
- How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal? 17 Ιανουαρίου, 2025Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,
- U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs 17 Ιανουαρίου, 2025The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation […]
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass 17 Ιανουαρίου, 2025Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly […]
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
- AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV 17 Ιανουαρίου, 2025Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific versions of its native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon NICE DCV. Identified as CVE-2025-0500 and CVE-2025-0501, these vulnerabilities present significant risks, compelling AWS to recommend urgent updates to protect user data. Overview of the Vulnerabilities CVE-2025-0500 CVE-2025-0500 […]
- FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages 17 Ιανουαρίου, 2025Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing campaigns are delivered via Telegram and use unique URLs to route users to credential-capturing counterfeit login pages. These pages masquerade as popular services and steal login credentials along with multifactor authentication tokens via HTTP POST requests to adversary-controlled backend servers. […]
- New Tool Unveiled to Scan Hacking Content on Telegram 17 Ιανουαρίου, 2025A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking AI module designed to monitor and analyze content on Telegram. Known as the Apparatus Sapiens AI module, this innovative tool can search through both open and closed chats, communities, and groups on the messaging platform, identifying potentially malicious content at an […]
- PoC Exploit Released for Ivanti Connect Secure RCE Vulnerability 17 Ιανουαρίου, 2025A serious security flaw has been identified in Ivanti Connect Secure, designated as CVE-2025-0282, which enables remote unauthenticated attackers to execute arbitrary code. As of January 8, 2025, Ivanti has acknowledged the existence of this stack-based buffer overflow vulnerability found in versions before 22.7R2.5. This vulnerability is particularly concerning due to its high attack vector stemming from […]
- Let’s Encrypt Unveils Six-Day Certificate and IP Address Options for 2025 17 Ιανουαρίου, 2025Let’s Encrypt has announced plans to introduce six-day certificate options and support for IP address certificates in 2025. This initiative is part of the organization’s ongoing commitment to fortify the Web Public Key Infrastructure (PKI), making secure connections more accessible and manageable for users. Announcing Short-Lived Certificates Beginning this year, Let’s Encrypt will offer certificates […]
