-
Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe unauthenticated remote code execution vulnerability has been discovered in XSpeeder networking devices, potentially affecting more than 70,000 publicly accessible hosts worldwide. Tracked as CVE-2025-54322, the flaw allows attackers to gain root-level access without any authentication credentials. CVE ID Vulnerability Type Severity Affected Systems Authentication Required CVE-2025-54322 Unauthenticated Root RCE Critical ~70,000+ XSpeeder SXZOS […]
The post Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Air Force leaders axe major China-focused organizational efforts
The service continues to unravel its “reoptimization for Great Power Competition” strategy.
December 2, 2025 | Thomas NovellyMost of the Air Force’s biggest programs will now be overseen by a 4-star under the deputy SecDef
The centralization of the ICBM, B-21, F-47, and Air Force One programs appears at odds with the Pentagon’s professed acquisition approach, one expert said.
November 20, 2025 | Thomas NovellyCongress supports bare minimum on Navy’s F/A-XX, while fully backing Air Force’s F-47
Appropriators and other lawmakers have pushed for the Navy’s next-gen fighter, but the latest NDAA offers only enough to keep the nascent program warm.
December 9, 2025 | Thomas NovellyNearly 300 days after purge, Pentagon taps new Air Force vice chief, JAG
Air Mobility commander nominated to be vice chief; Oklahoma Air National Guard commander to be top judge advocate general.
December 16, 2025 | Thomas NovellyUSAF plan to fly C-5, C-17s even longer elicits concern
Service says it needs to hedge against delays to planned Next-Generation Airlift plane.
November 25, 2025 | Thomas NovellyAllvin’s surprise exit signals pivot for Air Force, not Hegseth pressure: sources
Former Air Combat Commander Gen. Wilsbach tops the list of potential replacements.
August 21, 2025 | Audrey DeckerThe Air Force wants to put private AI data centers on its bases, raising security, land-use fears
The service will offer upwards of 3,000 acres across five U.S. bases to qualified developers.
October 24, 2025 | Thomas NovellyHegseth fired the Air Force’s top lawyer. The JAG who took on the job is stepping away.
It’s been eight months since the service had a Senate-confirmed leader in the role.
October 23, 2025 | Thomas NovellyAFSOC exercise brings concept created for great-power conflict to the Caribbean
Last month, U.S. forces “seized” a St. Croix airport in a demonstration of the Agile Combat Employment maneuver scheme.
September 18, 2025 | Thomas NovellyReturning the Air Force to its expeditionary roots
]]>
Agility and innovation helped win WWII. They will be essential for the next conflict.
September 17, 2025 | Lt. Gen. David A. Harris¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have disclosed critical vulnerabilities in Airoha-based Bluetooth headphones that enable attackers to compromise connected smartphones through chained exploits. The three vulnerabilities CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 affect dozens of popular headphone models from Sony, Marshall, Jabra, Bose, and other manufacturers. The vulnerabilities center on missing authentication mechanisms and exposed debugging functionality in Airoha’s custom […]
The post New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat intelligence researchers at CloudSEK have uncovered a sophisticated phishing campaign targeting Indian entities using Income Tax-themed lures, attributed to the Chinese-aligned Silver Fox APT group. The campaign employs an advanced multi-stage malware chain delivering Valley RAT, a modular remote access trojan with capabilities for long-term persistence and dynamic payload delivery. The discovery notes the […]
The post Silver Fox Hackers Target Indian Entities Using Income Tax Phishing Lures appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ubisoft faced a coordinated security crisis today as hackers exploited the critical MongoBleed vulnerability (CVE-2025-14847) to infiltrate Rainbow Six Siege servers, causing widespread account tampering and service disruptions. In-Game Chaos Unfolds According to CSN, Players worldwide reported extraordinary account modifications beginning early this morning. Thousands of gamers discovered their accounts credited with millions of R6 […]
The post Ubisoft Confirms Rainbow Six Siege Server Intrusion Linked to MongoBleed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. “A flaw
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a sophisticated Spanish-language phishing kit targeting Microsoft Outlook users, revealing what appears to be a coordinated credential-theft operation with potential AI-assisted code development. The toolkit, tracked under the operational codename “Mycelial Mage,” demonstrates evolving anti-analysis capabilities and a deliberate shift toward ephemeral exfiltration channels using Telegram and Discord. The investigation, which […]
The post AI-Powered Phishing Kit Targets Microsoft Users for Credential Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers from the Whitehat School recently completed an intensive bug-hunting project focused on identifying privilege escalation (LPE) flaws in Windows systems. The findings reveal critical vulnerabilities in two major attack surfaces: kernel drivers and named pipes areas that cybersecurity teams should prioritize immediately. The Kernel Driver Challenge Kernel drivers represent a significant security risk […]
The post Hunting Windows LPE Flaws Through Kernel Drivers and Named Pipes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
