-
Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. “These vulnerabilities all traced back to the same root cause: the overlooked unsafe use of ZeroMQ (ZMQ) and Python’s pickle deserialization,”
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign. The activity, detected in early September 2025 and assessed to be ongoing, has been codenamed SpearSpecter by the Israel National Digital Agency (INDA). “The
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has issued a critical security update addressing two high-severity vulnerabilities in its NeMo Framework that could allow attackers to execute malicious code and escalate privileges on affected systems.
The vulnerabilities, tracked as CVE-2025-23361 and CVE-2025-33178, both carry a CVSS score of 7.8 and affect all versions of the NeMo Framework before version 2.5.0 across all platforms.
NVIDIA NeMo Framework Vulnerabilities
The first vulnerability, CVE-2025-23361, exists in a framework script, where malicious input from an attacker may cause improper control over code generation.
The second flaw, CVE-2025-33178, resides in the Bert services component and enables code injection through malicious data.
Both vulnerabilities share the same attack vector and require local access with low privileges.
CVE ID Description CVSS Score CWE CVE-2025-23361 Improper control of code generation in framework script 7.8 CWE-94 CVE-2025-33178 Code injection in bert services component 7.8 CWE-94 Successful exploitation could result in code execution, privilege escalation, information disclosure, and data manipulation, posing significant risks to organizations using the framework.
The vulnerabilities were discovered and reported by security researchers from TencentAISec and NISL lab at Tsinghua University, highlighting the importance of collaborative security research.
All versions of the NVIDIA NeMo Framework before 2.5.0 are vulnerable, regardless of operating system or platform. Organizations using earlier software branch releases are also at risk and should upgrade immediately.
NVIDIA recommends that users clone or update to the NeMo Framework version 2.5.0 or later, available from the official NVIDIA GitHub repository and the PyPI package manager.
The company emphasizes that users on earlier branch releases should upgrade to the latest branch version.
Organizations should assess their specific configurations and apply the security update promptly to mitigate potential exploitation risks.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post NVIDIA NeMo Framework Vulnerabilities Allows Code Injection and Privilege Escalation appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The SmartApeSG campaign, also known as ZPHP or HANEY MANEY, continues to evolve its attack methods to compromise Windows systems with malicious remote access tools.
First reported in June 2024, this campaign has shifted from using fake browser update pages to deploying sophisticated ClickFix-style techniques.
The new approach tricks users into thinking they need to verify their identity through a fake CAPTCHA page, making the attack more deceptive and harder to detect.
The campaign primarily targets users who visit compromised websites displaying hidden malicious scripts. When certain conditions are met, these scripts activate and present users with a fake “verify you are human” box.
.png)
Injected SmartApeSG script in a page from the compromised site (Source – Internet Storm Center) The attackers use this clever technique to bypass user suspicion and trick them into taking actions that lead to malware installation.
Once activated, the fake CAPTCHA page initiates a chain of events designed to install NetSupport RAT on the victim’s computer.
.png)
Fake CAPTCHA page displayed by the compromised site (Source – Internet Storm Center) This remote access tool gives attackers complete control over infected machines, allowing them to steal data, monitor activity, and deploy additional malware.
Internet Storm Center security analysts identified that the attack works by injecting malicious content directly into a user’s clipboard when they click the verification box.
The injected content is a command string that uses the mshta command to retrieve and execute malicious code from attacker-controlled servers.
Multi-stage approach
This technique is particularly effective because it bypasses traditional security measures by relying on social engineering rather than software vulnerabilities.
The persistence mechanism operates through a clever Windows trick. The malicious NetSupport RAT package maintains itself on infected computers by creating a Start Menu shortcut that runs a JavaScript file stored in the AppData\Local\Temp directory.
This JavaScript file then launches the actual NetSupport RAT executable located in the C:\ProgramData\ directory. This multi-stage approach makes detection and removal more challenging for typical users.
What makes SmartApeSG particularly dangerous is the constant evolution of its infrastructure. The domains, command and control servers, and malware packages change nearly daily, making threat intelligence updates critical for security teams.
Organizations should educate users about clicking verification boxes on websites and implement network-level protections to block connections to known malicious domains associated with this campaign.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post SmartApeSG Campaign Leverages ClickFix Technique to Deploy NetSupport RAT appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance that could enable authenticated, remote attackers to escalate their privileges to Administrator on affected systems. This vulnerability CVE-2025-20341 caused by insufficient validation of user-supplied input, underscores the urgent need for patching among organizations that use the affected platform. The vulnerability resides […]
The post Cisco Catalyst Center Vulnerability Allows Attackers to Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has disclosed critical security vulnerabilities affecting Cisco Unified Contact Center Express (Unified CCX) that could enable unauthenticated, remote attackers to execute arbitrary commands, escalate privileges to root, and bypass authentication mechanisms. The vulnerabilities reside in the Java Remote Method Invocation (RMI) process and CCX Editor application, presenting severe risks to enterprise contact center deployments. […]
The post Multiple Cisco Unified CCX Vulnerabilities Enable Arbitrary Command Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic Security Labs has uncovered a sophisticated campaign deploying a newly identified loader, dubbed RONINGLOADER, that weaponizes legitimately signed kernel drivers to systematically disable Microsoft Defender and evade endpoint detection and response (EDR) tools. Attributed to the Dragon Breath APT group (APT-Q-27), this campaign demonstrates a significant evolution in attack sophistication, primarily targeting Chinese-speaking users […]
The post RONINGLOADER Uses Signed Drivers to Disable Microsoft Defender and Bypass EDR appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a critical vulnerability in Cursor, the AI-powered code editor, that allows attackers to inject malicious code through rogue Model Context Protocol (MCP) servers. Unlike VS Code, Cursor lacks integrity checks on its runtime components, making it vulnerable to tampering through MCP server registration. The attack works by registering a local MCP […]
The post Hackers Exploit Rogue MCP Server to Inject Malicious Code into Cursor’s Built-In Browser appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has released critical security patches addressing two high-severity vulnerabilities in its NeMo Framework that could allow attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities affect all versions of the framework before 2.5.0, and users should update to 2.5.0 immediately. CVE ID Description CVSS Score Severity CVE-2025-23361 Improper control of […]
The post NVIDIA NeMo Flaw Enables Code Injection and Privilege Escalation Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials, recording keystrokes, and installing ransomware. Security researchers have uncovered an active malware distribution operation using Visual Basic Script attachments disguised as routine business correspondence, representing a dangerous evolution of social […]
The post Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
