The Hacker News
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse 2 Απριλίου, 2025Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull […]
- Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers 2 Απριλίου, 2025Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices. For service providers, adhering to NIST
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers 2 Απριλίου, 2025Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis
- How SSL Misconfigurations Impact Your Attack Surface 2 Απριλίου, 2025When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights how important your SSL configurations are in maintaining your web application security and
- FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites 2 Απριλίου, 2025The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them […]
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
- Firefox 137 Launches with Patches for High-Severity Security Flaws 2 Απριλίου, 2025Mozilla has officially launched Firefox 137 with crucial security fixes aimed at addressing several high-severity vulnerabilities reported by security researchers. As part of its April 1, 2025, Mozilla Foundation Security Advisory (MFSA 2025-20), the foundation detailed three significant Common Vulnerabilities and Exposures (CVEs), which could have permitted attackers to exploit users’ machines through various means, […]
- Google Cloud Platform Vulnerability Exposes Sensitive Data to Attackers 2 Απριλίου, 2025A privilege escalation vulnerability in Google Cloud Platform (GCP), dubbed “ImageRunner,” was recently discovered and fixed. The flaw, which Tenable Research brought to light, potentially allowed attackers to exploit Google Cloud Run permissions and access sensitive data stored in private container images. Discovering the ImageRunner Vulnerability The vulnerability hinged on improper permission handling for identities […]
- Apple Fined $162 Million by France Authorities for Mobile Ad Market Domination 2 Απριλίου, 2025French antitrust regulators have imposed a hefty fine of €150 million ($162.4 million) on tech giant Apple for abusing its dominant position in mobile app advertising through its App Tracking Transparency (ATT) tool. The ruling marks the first fine by regulators globally targeting Apple’s ATT feature, which controls user tracking permissions for third-party apps on […]
- 20,000 WordPress Sites at Risk of File Upload & Deletion Exploits 2 Απριλίου, 2025A critical security alert has been issued to WordPress site administrators following the discovery of two high-severity vulnerabilities in the “WP Ultimate CSV Importer” plugin. With over 20,000 active installations, the plugin’s flaws pose a significant risk to affected websites, potentially leading to complete site takeovers by attackers. CVE Identified: File Upload and Deletion Exploits […]
- Prince Ransomware – An Automated Open-Source Ransomware Builder Freely Available on GitHub 2 Απριλίου, 2025The cybersecurity landscape has witnessed a concerning development with the emergence of “Prince Ransomware,” an open-source ransomware builder that was freely accessible on GitHub until recently. This tool, written in the Go programming language, has been exploited by cybercriminals to launch sophisticated ransomware attacks with minimal technical expertise. The recent attack on Mackay Memorial Hospital […]