-
Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD’s importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making it the ultimate target. For attackers, it represents the holy grail: compromise Active
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have identified a growing trend in Windows-targeted attacks that exploit fundamental operating system features to force machines into surrendering valuable credentials without requiring user interaction or system vulnerabilities. Known as authentication coercion, this attack method manipulates legitimate Remote Procedure Call (RPC) protocols to trick computers into authenticating to attacker-controlled systems, potentially compromising entire […]
The post Authentication Coercion: How Windows Machines Are Tricked into Leaking Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The English-speaking cybercriminal ecosystem known as “The COM” has evolved from a niche underground culture into a sophisticated, professional service-oriented economy that orchestrates some of the world’s most disruptive cyberattacks. Over the past decade, this decentralized network has transformed from its origins in OG username trading forums into a full-spectrum criminal supply chain targeting multinational […]
The post English-Speaking Cybercriminal Network ‘The COM’ Drives Global Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tor Browser 15.0.1 is now available for download, bringing essential security patches and bug fixes to users across all platforms.
The latest release includes critical security updates from Firefox 140.5.0esr, addressing multiple vulnerabilities that could impact browser security and user privacy.
The update upgrades the Tor Browser to Firefox 140.5.0esr and includes critical security fixes from Firefox 145.
Users on Windows, macOS, and Linux will benefit from the upgraded Firefox engine, which resolves several security concerns identified in the Mozilla security advisories.
Tor Browser 15.0.1 Released
The issue with the default zoom resetting to 100% has been fixed, addressing a common disappointment for users who prefer their own zoom levels. The upgrade message notification on the about: tor page now displays correctly.
Linux users will notice improved text rendering with the restoration of Noto CJK fonts, replacing Jigmo due to readability concerns, affecting the self-upgrade window.
Android users benefit from an updated GeckoView to version 140.5.0esr and a critical fix ensuring the extension update job functions properly on mobile devices.
Tor Browser 15.0.1 updates NoScript to version 13.4, enhancing script management and security. A new feature adds the “No AI” version of DuckDuckGo to the list of available search engines, giving privacy-conscious users another search option that respects their data.
The development team also improved the search engine sorting mechanism, switching from alphabetical arrangement to the intended order for better usability.
Users can download Tor Browser 15.0.1 from the official Tor Project website and distribution directory, report any bugs, or provide suggestions for future improvements through their support channels.
This release highlights our commitment to user privacy and security in a challenging digital environment. Users are strongly recommended to update immediately to ensure they have the latest security patches and improvements.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Tor Browser 15.0.1 Released With Fix for Multiple Security Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Authentication coercion represents a sophisticated and evolving threat targeting Windows and Active Directory environments across organizations globally.
This attack method exploits the fundamental communication mechanisms embedded within every Windows operating system, manipulating machines into automatically transmitting sensitive credentials to attacker-controlled infrastructure.
The emergence of this threat vector reflects a significant shift in how threat actors adapt their strategies to bypass increasingly sophisticated defense mechanisms.
The attack’s sophistication lies in its ability to leverage legitimate Windows functionality against itself. Attackers establish malicious listeners designed to appear as trusted resources within an organization’s network.
When a compromised or targeted machine attempts to connect to what it believes is a legitimate server, it automatically sends hashed credentials to the attacker.
This process occurs through Remote Procedure Call (RPC) functions, which serve as the backbone for inter-process communication across Windows and Active Directory infrastructure.
The attack requires no special permissions, making it accessible to threat actors operating with minimal technical expertise once proof-of-concept tools become available.
Recent threat intelligence indicates this attack method poses significant risks due to its widespread exploitation capabilities.
Palo Alto Networks security analysts identified authentication coercion techniques being weaponized through rare and lesser-known RPC protocols, allowing attackers to evade traditional detection mechanisms.
The security researchers noted this represents a concerning trend where threat actors deliberately misuse obscure RPC functions to avoid triggering conventional monitoring alerts.
The technical mechanics of authentication coercion center on RPC message protocols and their parameter handling.
.webp)
Simplified authentication coercion attack scenario (Source – Palo Alto Networks) Remote Procedure Call functions are designed for both local and remote system communication, with many accepting Universal Naming Convention (UNC) paths as parameters.
When attackers craft malicious RPC requests containing attacker-controlled UNC paths, the targeted machine’s automatic authentication behavior becomes weaponized.
For instance, the ElfrOpenBELW function within the MS-EVEN EventLog Remoting Protocol can be exploited in this manner, though this particular interface rarely appears in normal organizational network traffic.
Authentication coercion mechanisms
A detailed analysis of authentication coercion mechanisms reveals multiple exploitation vectors through different protocols.
The MS-RPRN Print System Remote Protocol, MS-EFSR Encrypting File System Remote Protocol, MS-DFSNM Distributed File System Namespace Management Protocol, and MS-FSRVP File Server Remote VSS Protocol all present exploitable opnums that threat actors leverage.
.webp)
A summary of the attack stages seen on a customer network (Source – Palo Alto Networks) Well-documented tools including PrinterBug, PrintNightmare, PetitPotam, DFSCoerce, and ShadowCoerce demonstrate how readily available exploit frameworks simplify execution of these attacks.
The impact of successful authentication coercion extends far beyond simple credential theft. Organizations face complete domain compromise scenarios where attackers steal NTLM hashes of critical infrastructure including Domain Controllers and Certificate Authority servers.
These credentials enable lateral movement, privilege escalation through DCSync attacks, and establishment of persistent access mechanisms.
In documented incidents, threat actors have executed NTLM relay attacks leveraging stolen machine account hashes against certificate authorities, creating pathways for long-term persistence and sensitive data exfiltration.
Organizations must implement robust detection strategies focusing on anomalous RPC traffic patterns, including unusual source-destination combinations, suspicious UNC path parameters, and calls targeting rarely-used interfaces.
Critical preventive measures include enforcing SMB signing across domains, disabling unused RPC services on critical assets, implementing Extended Protection for Authentication, and utilizing Windows RPC filters through netsh utilities.
Modern endpoint detection and response platforms provide behavioral analysis capabilities essential for identifying these subtle attack patterns before successful credential harvesting occurs.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post Authentication Coercion Attack Tricks Windows Machines into Revealing Credentials to Attack-controlled Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, lurking in the Custom GPT “Actions” feature, allowed attackers to trick the system into accessing internal cloud metadata, potentially exposing sensitive Azure credentials.
The bug, discovered by Open Security during casual experimentation, highlights the risks of user-controlled URL handling in AI tools.
SSRF vulnerabilities occur when applications blindly fetch resources from user-supplied URLs, enabling attackers to coerce servers into querying unintended destinations. This can bypass firewalls, probe internal networks, or extract data from privileged services.
As cloud adoption grows, SSRF’s dangers amplify; major providers like AWS, Azure, and Google Cloud expose metadata endpoints, such as Azure’s at http://169.254.169.254, which contain instance details and API tokens.
The Open Web Application Security Project (OWASP) added SSRF to its Top 10 list in 2021, underscoring its prevalence in modern apps.
The researcher, experimenting with Custom GPTs, a premium ChatGPT Plus tool for building tailored AI assistants, noticed the “Actions” section. This lets users define external APIs via OpenAPI schemas, allowing the GPT to call them for tasks like weather lookups.
The interface includes a “Test” button to verify requests and supports authentication headers. Spotting the potential for SSRF, the researcher tested by pointing the API URL to Azure’s Instance Metadata Service (IMDS).
Initial attempts failed because the feature enforced HTTPS URLs, while IMDS uses HTTP. Undeterred, the researcher bypassed this using a 302 redirect from an external HTTPS endpoint (via tools like ssrf.cvssadvisor.com) to the internal metadata URL. The server followed the redirect, but Azure blocked access without the “Metadata: true” header.
Further probing revealed a workaround: the authentication settings allowed custom “API keys.” Naming one “Metadata” with value “true” injected the required header.
Success! The GPT returned IMDS data, including an OAuth2 token for Azure’s management API (requested via /metadata/identity/oauth2/token?resource=https://management.azure.com/).
This token granted direct access to OpenAI’s cloud environment, enabling resource enumeration or escalation.
The impact was severe. In cloud setups, such tokens could pivot to full compromise, as seen in past Open Security pentests where SSRF led to remote code execution across hundreds of instances.
For ChatGPT, it risked leaking production secrets, though the researcher noted it wasn’t the most catastrophic they’d found.
Reported promptly to OpenAI’s Bugcrowd program, the vulnerability was assigned high severity and received a swift patch. OpenAI confirmed the fix, preventing further exploitation.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a critical SQL injection vulnerability in SQL Server that could allow authenticated attackers to escalate their privileges over a network. Tracked as CVE-2025-59499 and assigned an Important severity rating, the vulnerability stems from improper neutralization of special elements in SQL commands, exposing enterprise databases to potential unauthorized administrative access. The vulnerability, disclosed […]
The post Microsoft SQL Server Vulnerability Allows Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two critical security vulnerabilities affecting GitHub Copilot and Visual Studio Code that could allow attackers to bypass important security protections. Both flaws were reported on November 11, 2025, and carry “Important” severity ratings, posing immediate risks to developers using these widely adopted tools. CVE ID Affected Product Impact Type Max Severity CVSS […]
The post GitHub Copilot and Visual Studio Flaws Let Attackers Bypass Security Protections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released a new stable Chrome update that addresses a serious flaw in its V8 JavaScript engine. The update, now available as version 142.0.7444.162/.163 for Windows, 142.0.7444.162 for Mac, and 142.0.7444.162 for Linux, will roll out to users over the coming days and weeks. CVE ID Severity Affected Component Description CVE-2025-13042 High V8 JavaScript […]
The post Chrome Security Update Fixes Improper Implementation in V8 JavaScript Engine appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
