GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Widespread malware campaigns detected by side crawlers exploit vulnerabilities on multiple websites where the intrusion method remains under investigation, with no common entry point identified.  A malicious script creates unauthorized administrator accounts with the credentials ‘wpx_admin’ and a hardcoded password. Subsequently, it downloads and activates a malicious WordPress plugin, compromising the website and enabling the […]

The post 5,000 WordPress Sites Hacked in New WP3.XYZ Malware Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical zero-day vulnerability in Fortinet’s FortiOS and FortiProxy products is being actively exploited by hackers to gain super-admin privileges on affected devices. The authentication bypass flaw, tracked as CVE-2024-55591, allows remote attackers to execute unauthorized code or commands via crafted requests to the Node.js websocket module. Fortinet confirmed the exploitation of this vulnerability in […]

The post Hackers Exploiting Fortinet Zero-day Vulnerability In Wild To Gain Super-Admin Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SAP has released its January 2025 Security Patch Day updates, addressing 14 new vulnerabilities, including two critical flaws in SAP NetWeaver that could allow attackers to gain unauthorized access to affected systems. The most severe vulnerability, CVE-2025-0070, is an improper authentication issue in SAP NetWeaver ABAP Server and ABAP Platform. With a CVSS score of […]

The post Critical SAP NetWeaver Flaws Let Hackers Gain System Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft’s January 2025 Patch Tuesday has arrived with a significant security update, addressing a total of 159 vulnerabilities. This marks the largest number of CVEs addressed in a single month since at least 2017, more than doubling the usual amount fixed in January. Out of the 159 CVEs, 11 are classified as critical security flaws. […]

The post Microsoft January 2025 Patch Tuesday Comes with Fix for 159 Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. Czech cybersecurity startup Wultra has raised €3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats. The […]

The post Wultra Raises €3M to Defend Quantum Cyber Threats Targets Financial Institutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has released a significant security update for its Chrome browser, addressing 16 vulnerabilities in version 132.0.6834.83/84 for Windows, Mac, and Linux platforms. This update, which will be rolled out over the coming days and weeks. While this security update includes several critical fixes and improvements to enhance the security of the web browser. The […]

The post Chrome Security Update – Patch For 16 Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Zoom Video Communications has released a critical security update addressing multiple vulnerabilities in its suite of applications, including a high-severity flaw that could allow attackers to escalate privileges. The company urges users to update their software immediately to mitigate potential risks. The most severe vulnerability, CVE-2025-0147, is a type confusion issue affecting the Zoom Workplace […]

The post Zoom Security Update – Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Are you trying to decide between public and private cloud solutions for your business? It’s not always easy to figure out which option is the best. Both have unique benefits, and your choice can significantly impact your business. This article discusses the key differences between public and private cloud computing. Read on for the details! […]

The post What Is Public Cloud vs. Private Cloud? Pros and Cons Explained  appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical flaw in Google’s “Sign in with Google” authentication system has left millions of Americans vulnerable to potential data theft. This vulnerability mainly affects former employees of startups, especially those that have ceased operations. According to Truffle Security, the root cause stems from how Google’s OAuth login interacts with domain ownership changes. When a […]

The post Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the public internet. The attacks, observed by Arctic Wolf between November and December 2024, exploit what is believed to be a zero-day vulnerability, allowing unauthorized access and configuration changes to critical network security infrastructure. The campaign, which affected devices running firmware versions […]

The post Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass Apple’s System Integrity Protection (SIP). Known as CVE-2024-44243, this vulnerability could be exploited to load third-party kernel extensions, resulting in severe security implications for macOS users. Apple released a patch for this vulnerability as part of its December 11, 2024, security […]

The post Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new step-by-step guide designed to help organizations select and deploy secure operational technology (OT) products. The guide, titled “Secure by Demand: Priority Considerations for OT Owners and Operators when Selecting Digital Products,” highlights key security features […]

The post CISA Released A Free Guide to Enhance OT Product Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that is impacting some Microsoft 365 (M365) users. The problem, which surfaced earlier today, is preventing affected users from accessing certain M365 applications, raising concerns for businesses and individuals who rely on these services for essential operations. Microsoft flagged the issue via […]

The post Microsoft Warns of MFA Issue Affecting Microsoft 365 users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers used scheduled tasks to execute pcalua.exe to run malicious binaries and Python scripts, including the RPivot client.py script to connect to a remote server.  Evidence suggests data exfiltration to cloud storage as this APT group targets various industries and aims for […]

The post RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals are executing sophisticated phishing attacks targeting Microsoft 365 users by employing deceptive URLs that closely resemble legitimate O365 domains, creating a high degree of trust with unsuspecting victims.  The attackers leverage social engineering tactics, often claiming imminent password expiration, to induce panic and pressure users into clicking malicious links.  Upon clicking, users are redirected […]

The post Hackers Using YouTube Links and Microsoft 365 Themes to Steal Logins appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A proof-of-concept (PoC) exploit has been publicly disclosed for a critical vulnerability impacting macOS systems, identified as CVE-2024-54498. This vulnerability poses a significant security risk by allowing malicious applications to bypass the macOS Sandbox, a key security feature designed to isolate app activity and protect sensitive system resources. Details of CVE-2024-54498 The vulnerability, classified as high severity with […]

The post PoC Exploit Released for Critical macOS Sandbox Vulnerability (CVE-2024-54498) appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed security vulnerability in IBM Robotic Process Automation (RPA) has raised concerns about potential data breaches. The vulnerability, tracked as CVE-2024-51456, could allow remote attackers to exploit cryptographic weaknesses and access sensitive information. IBM has released a security bulletin detailing the issue, alongside remediation measures to address the risk. IBM Robotic Process Automation Vulnerability The vulnerability […]

The post IBM Robotic Process Automation Vulnerability Let Attackers Obtain Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database.  On checkout pages, the malware is designed to steal credit card information from users who are visiting those pages. Whenever the page for the checkout is loaded, the malware examines the URL for the […]

The post Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Malware actors leverage popular platforms like YouTube and social media to distribute fake installers. Reputable file hosting services are abused to host malware and make detection challenging.  Password protection and encoding techniques further complicate analysis and evade early sandbox detection. Once a system is compromised, malware can steal sensitive data from web browsers by exploiting […]

The post Hackers Exploiting YouTube to Spread Malware That Steals Browser Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people. The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the Daily Dot. Scholastic is a household name and a global leader in educational materials for […]

The post Furry Hacker Breaches Scholastic – Exposes Data of 8 Million People appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.