Aggregator

Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware(link is external)

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months 1 week ago

Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in Cityworks, a widely used asset management system. This critical flaw has been leveraged by a group tracked as UAT-6382, assessed with high confidence to be Chinese-speaking threat actors, to target enterprise networks of local governing bodies in the United States […]

The post Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Researchers Warn of ‘Smiao Network’ Cyber Threat Against Taiwan’s Federal Staff(link is external)

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months 1 week ago

The Foundation for Defense of Democracies (FDD) and cybersecurity firm TeamT5 has exposed an intricate Chinese intelligence operation, dubbed the ‘Smiao Network,’ targeting federal workers in both the United States and Taiwan. This network, linked to the Chinese technology company Smiao Intelligence, employs deceptive online recruitment schemes to extract sensitive information from high-value professionals. Initially […]

The post Researchers Warn of ‘Smiao Network’ Cyber Threat Against Taiwan’s Federal Staff appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers(link is external)

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months 1 week ago

A sophisticated social engineering campaign that leverages the viral power of TikTok to distribute dangerous information-stealing malware, specifically Vidar and StealC. This alarming trend marks a shift in cybercriminal tactics, moving away from traditional methods like fake CAPTCHA pages to exploiting the vast user base and algorithmic reach of social media platforms. Unlike previous attacks […]

The post Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2025-4594 | Tournamatch Plugin up to 4.6.1 on WordPress Shortcode trn-ladder-registration-button cross site scripting(link is external)

VulDB Recent Entries
3 months 1 week ago
A vulnerability was found in Tournamatch Plugin up to 4.6.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function trn-ladder-registration-button of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-4594. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-45471 | measure-cold-start 1.4.1 Customer Cloud Account permission (ID 32 / EUVD-2025-16155)(link is external)

VulDB Recent Entries
3 months 1 week ago
A vulnerability was found in measure-cold-start 1.4.1 and classified as critical. This issue affects some unknown processing of the component Customer Cloud Account Handler. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2025-45471. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com

CVE-2025-2506 | EnterpriseDB pglogical/BDR PGD authorization(link is external)

VulDB Recent Entries
3 months 1 week ago
A vulnerability, which was classified as problematic, was found in EnterpriseDB pglogical and BDR PGD. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-2506. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad