A critical security flaw has been discovered in the widely used YONO SBI: Banking & Lifestyle app, potentially exposing millions of users to man-in-the-middle (MITM) attacks and putting sensitive financial data at risk. The vulnerability, catalogued as CVE-2025-45080, affects version 1.23.36 of the app, which is developed by the State Bank of India (SBI) and […]
The post YONO SBI Banking App Vulnerability Exposes Users to Man-in-the-Middle Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
OX Research conducted a ground-breaking study in May and June 2025 that revealed concerning security flaws in the extension verification procedures of some of the most popular Integrated Development Environments (IDEs), such as Visual Studio Code (VSCode), Visual Studio, IntelliJ IDEA, and Cursor. These tools, essential to millions of developers worldwide, rely heavily on third-party […]
The post IDE Extensions Like VSCode Allow Attackers to Bypass Trust Checks and Deliver Malware to Developer Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A sophisticated Chinese threat group identified as Houken has been exploiting multiple zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) devices to deploy advanced Linux rootkits and establish persistent access to critical infrastructure networks. The campaign, which began in September 2024, has successfully compromised organizations across governmental, telecommunications, media, finance, and transport sectors in France […]
The post Chinese Houken Hackers Exploiting Ivanti CSA Zero-Days to Deploy Linux Rootkits appeared first on Cyber Security News.
Hackers are exploiting poorly managed Linux servers, particularly those with weak SSH credentials, to install proxy tools such as TinyProxy and Sing-box. The AhnLab Security Intelligence Center (ASEC) has been closely monitoring these intrusions through honeypots mimicking vulnerable SSH services. Their findings reveal a sophisticated strategy where attackers repurpose legitimate tools for malicious intent, transforming […]
The post Hackers Target Linux SSH Servers to Deploy TinyProxy and Sing-Box Proxy Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Microsoft has announced a significant security upgrade for its Office 365 platform, introducing a new Mail Bombing Detection feature within Microsoft Defender for Office 365. This enhancement, rolling out globally from late June through early July 2025, is designed to automatically identify and block email bombing attacks—a growing threat that floods user inboxes with massive […]
The post Office 365 Introduces New Mail Bombing Detection to Shield Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Microsoft has announced it will discontinue password management features in its widely used Authenticator app, marking a significant shift in its approach to digital security. Starting July 2025, the app’s autofill capability will be disabled, and by August 2025, all saved passwords will be permanently removed from the app. A Strategic Move Toward Passwordless Security […]
The post Microsoft Ends Authenticator App’s Password Management Support From 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.