19Articles
3Categories
2025-07-12Date
⚠️ VULNERABILITY DISCLOSURE 9[−]
12 JulCVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warnsubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.theregister.com/2025/07/11/1010_wing_ftp_bug_exploited/INFOSEC.PUB
12 JulOver 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHubCybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. "Laravel's APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e…THEHACKERNEWS.COM
12 JulHackers are exploiting critical RCE flaw in Wing FTP ServerHackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. [...]BLEEPINGCOMPUTER.COM
12 JulGPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUsNVIDIA is urging customers to enable System-level Error Correction Codes (ECC) as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units (GPUs). "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, plat…THEHACKERNEWS.COM
12 Jul KEVNow everybody but Citrix agrees that CitrixBleed 2 is under exploitsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/INFOSEC.PUB
12 JulGPUHammer: First-Ever Rowhammer Attack Targeting NVIDIA GPUsResearchers from the University of Toronto have unveiled the first successful Rowhammer attack on an NVIDIA GPU, specifically targeting the A6000 model equipped with GDDR6 memory. Dubbed “GPUHammer” in some circles, this exploit builds on the decade-old Rowhammer vuln…GBHACKERS.COM
12 JulBitcoin Depot Breach Exposes Data of 27,000 Crypto UsersBitcoin Depot, Inc., a prominent cryptocurrency ATM operator, has disclosed a data breach that compromised the personal information of approximately 27,000 users. The breach, which involved unauthorized access to sensitive customer records, underscores the persistent vulnerabilit…GBHACKERS.COM
12 JulResearchers Bypass Meta’s Llama Firewall Using Prompt Injection VulnerabilitiesResearchers at Trendyol, a leading e-commerce platform, have uncovered multiple vulnerabilities in Meta’s Llama Firewall, a suite of tools designed to safeguard large language models (LLMs) against malicious inputs. Llama Firewall incorporates components like PROMPT_GUARD f…GBHACKERS.COM
12 JulCOMmander: Network-Based Tool for COM and RPC ExploitationThe need for solutions that improve detection skills against sophisticated attacks is growing in the ever-changing cybersecurity world. COMmander emerges as a lightweight, C#-based utility designed to bolster defensive telemetry by monitoring Remote Procedure Call (RPC) and Compo…GBHACKERS.COM
🔥 INCIDENT REPORTING 3[−]
12 JulCybersecurity Month in Review: Key Insights and Emerging Threats July 11, 2025In this episode of 'Cybersecurity: Today's Month in Review,' the panel of experts, including Laura Payne, David Shipley, and new guest Tammy Harper, delve into major cybersecurity stories from the past month. Discussions range from the recent arrest of a Montreal scam operator, S…CYBERSECURITYTODAY.LIBSYN.COM
12 JulClickFix: The Emerging Technique Threat Actors Use to Dominate Targeted OrganizationsThreat actors have increasingly adopted ClickFix, a sophisticated social engineering technique that deceives users into executing malicious commands under the guise of resolving common computer issues like performance lags or pop-up errors. This method, often delivered via compro…GBHACKERS.COM
12 JulHackers Compromise WordPress GravityForms Plugin with Malicious Code InjectionHackers have targeted the popular WordPress plugin Gravity Forms, injecting malicious code into versions downloaded from the official gravityforms.com domain. The breach was first reported on July 11, 2025, when security researchers noticed suspicious HTTP requests to the domain …GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 7[−]
12 JulGrok-4 Falls to a Jailbreak Two days After Its ReleaseThe latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak. The post Grok-4 Falls to a Jailbreak Two days After Its Release appeared first on SecurityWeek .SECURITYWEEK.COM
12 JulMicrosoft Broadens Zero Trust Training to Address Network and SecOps DomainsZero Trust architectures are being adopted by enterprises globally to update their security postures in response to the fast changing cyberthreat landscape, where traditional perimeter-based defenses are becoming more and more insufficient. Zero Trust operates on the principle of…GBHACKERS.COM
12 JulHacker Returns $42 Million in Stolen Crypto in Exchange for $5 Million BountyA security flaw in the GMX V1 software was made public, causing a significant upheaval in the decentralized finance (DeFi) ecosystem and forcing immediate action to protect user assets. GMX, a prominent perpetual futures trading platform built on blockchain technology, relies on …GBHACKERS.COM
12 JulThermomix TM5 Vulnerabilities Enable Remote Takeover by AttackersResearchers have uncovered multiple vulnerabilities in the Thermomix TM5, a multifunctional kitchen appliance from Vorwerk, allowing attackers to potentially achieve remote takeover through firmware manipulation and persistent code execution. The device’s main board, powere…GBHACKERS.COM
12 JulOpenAI Set to Launch AI-Powered Web Browser in the Coming WeeksOpenAI is on the cusp of introducing a groundbreaking AI-infused web browser, slated for release in the imminent weeks, as detailed in a recent Reuters report. This innovative browser is poised to embed OpenAI’s Operator AI agent directly into its framework, enabling autono…GBHACKERS.COM
12 JulFake Gaming and AI Companies Target Windows and macOS Users with Drainer Malware AttacksThe cybersecurity company Darktrace has uncovered a persistent, intricate social engineering campaign that targets bitcoin users, building on earlier findings by Cado Security Labs in December 2024. Threat actors are fabricating elaborate startup companies themed around AI, gamin…GBHACKERS.COM
12 JulDPC Investigates TikTok Over Transfer of EU User Data to ChinaThe Data Protection Commission (DPC) has launched a formal inquiry into TikTok Technology Limited, scrutinizing the company’s practices regarding the transfer and storage of European Economic Area (EEA) users’ personal data to servers in China. This development stems …GBHACKERS.COM