GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Cisco Catalyst Center Vulnerability Allows Attackers to Escalate Privileges

Mayura Kathir — Fri, 14 Nov 2025 14:12:22 +0000

A critical security vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance that could enable authenticated, remote attackers to escalate their privileges to Administrator on affected systems. This vulnerability CVE-2025-20341 caused by insufficient validation of user-supplied input, underscores the urgent need for patching among organizations that use the affected platform. The vulnerability resides […]

The post Cisco Catalyst Center Vulnerability Allows Attackers to Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Multiple Cisco Unified CCX Vulnerabilities Enable Arbitrary Command Execution by Attackers

Mayura Kathir — Fri, 14 Nov 2025 13:36:02 +0000

Cisco has disclosed critical security vulnerabilities affecting Cisco Unified Contact Center Express (Unified CCX) that could enable unauthenticated, remote attackers to execute arbitrary commands, escalate privileges to root, and bypass authentication mechanisms. The vulnerabilities reside in the Java Remote Method Invocation (RMI) process and CCX Editor application, presenting severe risks to enterprise contact center deployments. […]

The post Multiple Cisco Unified CCX Vulnerabilities Enable Arbitrary Command Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

RONINGLOADER Uses Signed Drivers to Disable Microsoft Defender and Bypass EDR

Mayura Kathir — Fri, 14 Nov 2025 13:18:12 +0000

Elastic Security Labs has uncovered a sophisticated campaign deploying a newly identified loader, dubbed RONINGLOADER, that weaponizes legitimately signed kernel drivers to systematically disable Microsoft Defender and evade endpoint detection and response (EDR) tools. Attributed to the Dragon Breath APT group (APT-Q-27), this campaign demonstrates a significant evolution in attack sophistication, primarily targeting Chinese-speaking users […]

The post RONINGLOADER Uses Signed Drivers to Disable Microsoft Defender and Bypass EDR appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Exploit Rogue MCP Server to Inject Malicious Code into Cursor’s Built-In Browser

Divya — Fri, 14 Nov 2025 13:16:08 +0000

Security researchers have uncovered a critical vulnerability in Cursor, the AI-powered code editor, that allows attackers to inject malicious code through rogue Model Context Protocol (MCP) servers. Unlike VS Code, Cursor lacks integrity checks on its runtime components, making it vulnerable to tampering through MCP server registration. The attack works by registering a local MCP […]

The post Hackers Exploit Rogue MCP Server to Inject Malicious Code into Cursor’s Built-In Browser appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NVIDIA NeMo Flaw Enables Code Injection and Privilege Escalation Attacks

Divya — Fri, 14 Nov 2025 12:59:14 +0000

NVIDIA has released critical security patches addressing two high-severity vulnerabilities in its NeMo Framework that could allow attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities affect all versions of the framework before 2.5.0, and users should update to 2.5.0 immediately. CVE ID Description CVSS Score Severity CVE-2025-23361 Improper control of […]

The post NVIDIA NeMo Flaw Enables Code Injection and Privilege Escalation Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials

Mayura Kathir — Fri, 14 Nov 2025 12:54:26 +0000

Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials, recording keystrokes, and installing ransomware. Security researchers have uncovered an active malware distribution operation using Visual Basic Script attachments disguised as routine business correspondence, representing a dangerous evolution of social […]

The post Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Advanced macOS DigitStealer Uses Multi-Stage Attack Chain to Evade Detection

Mayura Kathir — Fri, 14 Nov 2025 12:31:36 +0000

Jamf Threat Labs has identified a new family of malicious stealers tracked as DigitStealer, representing a significant evolution in macOS-targeted malware. Unlike traditional infostealers that follow linear execution paths, DigitStealer introduced sophisticated multi-stage attack techniques, extensive anti-analysis checks, and novel persistence mechanisms, demonstrating the threat actors’ deep understanding of macOS architecture. The DigitStealer campaign begins […]

The post Advanced macOS DigitStealer Uses Multi-Stage Attack Chain to Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques

Mayura Kathir — Fri, 14 Nov 2025 12:07:35 +0000

A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during malware investigations. When teaching malware reverse-engineering in courses like SANS FOR610, it’s critical to addressed that reverse engineering applies to every component in the infection chain, not just PE or […]

The post Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Analysis of Multi-Stage Phishing Kits Leveraging Telegram for Credential Theft and Evasion Techniques

Mayura Kathir — Fri, 14 Nov 2025 11:28:17 +0000

Researchers at Group-IB have uncovered a sophisticated phishing framework that demonstrates how cybercriminals are industrializing credential theft through automation, evasion techniques, and Telegram-based data exfiltration. The kit targets explicitly Aruba S.p.A., an Italian IT services provider serving over 5.4 million customers, highlighting the significant financial and operational risks posed by modern phishing-as-a-service operations. The analyzed […]

The post Analysis of Multi-Stage Phishing Kits Leveraging Telegram for Credential Theft and Evasion Techniques appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kraken Ransomware Targets Windows, Linux, and VMware ESXi in Enterprise Environments

Mayura Kathir — Fri, 14 Nov 2025 10:47:22 +0000

Cisco Talos has identified an emerging threat from Kraken, a sophisticated cross-platform ransomware group that has emerged from the remnants of the HelloKitty ransomware cartel. In August 2025, the security firm observed the Russian-speaking group conducting big-game hunting and double-extortion attacks against enterprise environments worldwide. Kraken represents a significant evolution in ransomware threats due to […]

The post Kraken Ransomware Targets Windows, Linux, and VMware ESXi in Enterprise Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.