Aggregator
慢雾:AI 安全之 MCP 安全检查清单
慢雾:AI 安全之 MCP 安全检查清单
CVE-2025-3575 | T-INNOVA Deporsite 05.29.0907 establecerUsuarioSeleccion idUsuario authorization
Security Awareness Metrics That Matter to the CISO
Security awareness has become a critical component of organizational defense strategies, particularly as companies adopt zero-trust architectures. Chief Information Security Officers (CISOs) are increasingly challenged to demonstrate the effectiveness of security awareness programs through meaningful metrics that resonate with leadership. With human error contributing to approximately 95% of data breaches, quantifying the impact of security […]
The post Security Awareness Metrics That Matter to the CISO appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
CVE-2025-3574 | T-INNOVA Deporsite 05.29.0907 obtenerFamiliaUsuario idUsuario authorization
CVE-2024-13610 | Simple Social Media Share Buttons Plugin up to 5.x on WordPress Setting cross site scripting
CVE-2024-13207 | Widget for Social Page Feeds Plugin up to 6.4.1 on WordPress cross site scripting
CVE-2025-3578 | AiDex up to 1.6 /api//message automated recognition mechanism with inadequate detection or handling of adversarial input perturbations
New ‘Waiting Thread Hijacking’ Malware Technique Evades Modern Security Measures
Security researchers have unveiled a new malware process injection technique dubbed “Waiting Thread Hijacking” (WTH), designed to execute malicious code within legitimate processes while bypassing many modern security defenses. Developed by Check Point Research, WTH represents an evolution of classic Thread Execution Hijacking, achieving stealth by avoiding notoriously suspicious API calls. Process injection techniques are […]
The post New ‘Waiting Thread Hijacking’ Malware Technique Evades Modern Security Measures appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
CVE-2025-32929 | Dmitry V. Barcode Generator for WooCommerce Plugin up to 2.0.4 on WordPress authorization
CVE-2025-1688 | Milestone Systems XProtect VMS up to 24.2 Installer missing encryption
CVE-2025-32993 | Vision Helpdesk up to 5.7.0 Forgot Password forgot-password vis_username sql injection
CVE-2025-3576 | MIT Kerberos 5 GSSAPI-protected Message weak hash
CVE-2025-3579 | AiDex up to 1.6 /api//message code injection
From ISO to NIS2 – Mapping Compliance Requirements Globally
The global regulatory landscape for cybersecurity is undergoing a seismic shift, with the European Union’s NIS2 Directive emerging as a critical framework for organizations operating within its jurisdiction. While ISO 27001 has long been the gold standard for information security management, the mandatory nature of NIS2 introduces new complexities for leaders navigating compliance across borders. […]
The post From ISO to NIS2 – Mapping Compliance Requirements Globally appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
PasivRobber Malware Emerges, Targeting macOS to Steal Data From Systems and Apps
A sophisticated new malware suite targeting macOS, dubbed “PasivRobber,” has been discovered by security researchers. Identified on March 13, 2025, after a suspicious file named “wsus” was uploaded to VirusTotal, PasivRobber is a multi-component threat designed to steal a wide range of data from infected systems and popular applications. The malware exhibits a deep understanding […]
The post PasivRobber Malware Emerges, Targeting macOS to Steal Data From Systems and Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Unmasking Xworm Payload Execution Path through Jailbreaking a Malicious JScript Loader
Security researchers are analyzing a sophisticated malware delivery mechanism that uses a JScript loader to deploy different payloads based on the victim’s geographic location. This loader initiates a complex chain involving obfuscated PowerShell scripts, ultimately executing potent malware like the XWorm Remote Access Trojan (RAT) or the Rhadamanthys information stealer. The attack often begins via […]
The post Unmasking Xworm Payload Execution Path through Jailbreaking a Malicious JScript Loader appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
«PIN-код на лбу безопаснее»: Perplexity AI оказался настоящей находкой для шпиона
ChatGPT Image Generator Abused for Fake Passport Production
OpenAI’s ChatGPT image generator has been exploited to create convincing fake passports in mere minutes, highlighting a significant vulnerability in current identity verification systems. This revelation comes from the 2025 Cato CTRL Threat Report, which underscores the democratization of cybercrime through the advent of generative AI (GenAI) tools like ChatGPT. Historically, the creation of fake […]
The post ChatGPT Image Generator Abused for Fake Passport Production appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.