Aggregator

A vulnerability was found in Coppermine Photo Gallery and classified as problematic. This issue affects some unknown processing of the file db_input.php. The manipulation leads to information disclosure (Path). The identification of this vulnerability is CVE-2004-1986. An attack has to be approached locally. Furthermore, there is an exploit available.

奥斯卡影后朱丽安·摩尔（Julianne Moore）周日通过其 Instagram 透露，国防部经营的学校下架了她的第一本儿童图书《Freckleface Strawberry》，她对此表达了震惊。《Freckleface Strawberry》出版于 2007 年，带有半自传性质，讲述了一位长雀斑的 7 岁女孩从不喜欢雀斑到与雀斑和解的故事，她认识到每个人都是与众不同的。摩尔说她写这本书是为了告诉她的儿子以及其他儿童，我们都经历挣扎，但人性和社区把我们团结在一起。她是通过美国笔会（Pen America）得知这一消息的，一同被禁的还有 Kathleen Krull 有关已故大法官 Ruth Bader Ginsburg 的图画书《No Truth Without Ruth》以及 Ellis Nutt 的《Becoming Nicole》。

Бюджетный дефицит открывает ворота хакерам.

A vulnerability, which was classified as problematic, was found in Bukza Plugin up to 2.0.0 on WordPress. Affected is the function bukza of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-11759. It is possible to launch the attack remotely. There is no exploit available.

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable remote code execution (RCE). These attacks exploit vulnerabilities in WordPress core features and plugins, allowing hackers to gain unauthorized access, execute arbitrary code, and maintain control over compromised sites. The findings highlight the critical need for robust security measures in WordPress […]

The post Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Currently trending CVE - hypeScore: 1 - EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered, exposing enterprise networks to credential theft and lateral attacks. The flaw, discovered by Rapid7 Principal IoT Researcher Deral Heiland, enables malicious actors to intercept Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) authentication data through pass-back attacks. The vulnerabilities, […]

The post Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking its first update since 2022. This sophisticated malware continues to target macOS users by infecting Xcode projects, a critical tool for Apple developers. The latest variant introduces advanced obfuscation techniques, updated persistence mechanisms, and novel infection strategies, making it more challenging […]

The post New XCSSET Malware Targets macOS Users Through Infected Xcode Projects appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The RansomHub ransomware group has rapidly emerged as one of the most prolific cybercrime syndicates of 2024–2025. As this ransomware group done by expanding its arsenal to target Windows, VMware ESXi, Linux, and FreeBSD systems in global attacks. RansomHub ransomware group leverages advanced evasion techniques, cross-platform encryption, and vulnerabilities in enterprise infrastructure. Group-IB analysts have […]

The post RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems appeared first on Cyber Security News.

Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and organizations across Germany. This operation appears to be linked to a ransomware group employing sophisticated social engineering tactics. The attackers impersonate Microsoft Outlook support personnel, aiming to trick victims into granting access to their systems, which can lead to devastating ransomware […]

The post Beware! Fake Outlook Support Calls Leading to Ransomware Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

马斯克（Elon Musk）旗下的社交平台 X 封禁了加密消息应用 Signal.me 的链接。任何用户如果在 DM 私密消息、公开贴文或个人简介里提及 Signal.me 都会返回消息失败或账号更新失败的错误信息，其中一则错误信息声明“我们无法完成此请求，因为 X 或其合作伙伴已将此链接认定为潜在有害”。对于禁令生效前发布的 Signal.me 链接，会显示链接可能不安全的警告信息。暂时不清楚 X 何时开始封禁 Signal.me，它的竞争对手 Telegram 的链接不受影响。

A vulnerability was found in Mobatek MobaXterm up to 24.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component AES. The manipulation leads to generation of weak initialization vector. This vulnerability is known as CVE-2025-0714. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in RebelCode Spotlight Social Media Feeds Plugin up to 1.7.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is traded as CVE-2025-26758. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in webjema Notcaptcha Plugin up to 1.3.1 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-23840. The attack may be initiated remotely. There is no exploit available.

今天更新USAID员工名单到约3000人。

Китайское приложение теряет доверие из-за «жадности» к личным данным.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, tracked as CVE-2025-24200, being actively exploited in targeted attacks.  The flaw, an authorization bypass in Apple’s USB Restricted Mode, enables attackers with physical access to disable security protections on locked devices, potentially […]

The post CISA Warns of Apple iOS Vulnerability Exploited in Wild appeared first on Cyber Security News.

A vulnerability has been found in ERA404 ImageMeta Plugin up to 1.1.2 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-23845. The attack can be initiated remotely. There is no exploit available.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning of active exploitation of a critical security flaw in Apple’s iOS and iPad operating systems. Tracked as CVE-2025-24200, the vulnerability permits attackers with physical access to bypass critical security protections on locked devices, escalating risks of unauthorized data access and potential device compromise. […]

The post CISA Warns of Active Exploitation of Apple iOS & iPadOS Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors are leveraging a modified version of the SharpHide tool to create hidden registry entries, significantly complicating detection and removal efforts. This technique exploits vulnerabilities in Windows registry handling, using null-terminated strings to obscure malicious entries. The modified SharpHide has been integrated into sophisticated attack chains, enabling malware persistence while evading standard detection mechanisms. […]

The post Threat Actors Exploiting Modified SharpHide Tool to Conceal Registry Entries appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.