Aggregator

In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA challenges to trick users into executing malicious PowerShell commands, leading to malware infections. This tactic, highlighted in the HP Wolf Security Threat Insights Report for March 2025, involves directing potential victims to malicious websites where they are prompted to complete verification […]

The post Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily targeting the financial and hospitality sectors. The Anubis Backdoor represents a significant evolution in FIN7’s […]

The post Researchers Uncover FIN7’s Stealthy Python-Based Anubis Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent article by Noah Gregory has highlighted a significant vulnerability in macOS, identified as CVE-2024-54471, which was patched in the latest security updates for macOS Sequoia 15.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1. This vulnerability could potentially expose system passwords, emphasizing the importance of updating macOS devices to the latest versions. Background and […]

The post Researchers Reveal macOS Vulnerability Exposing System Passwords appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Matthew Weiss, former football coach for the University of Michigan and the Baltimore Ravens, for almost 10 years accessed the social media and other online accounts of thousands of student athletes and downloaded personal information and intimate images, said prosecutors who indicted for illegal computer access and identity theft.

The post Ex-Michigan, Ravens Football Coach Charged with Hacking Athlete Accounts appeared first on Security Boulevard.

JumpServer, a widely used open-source Privileged Access Management (PAM) tool developed by Fit2Cloud, has been found to have critical security vulnerabilities. These flaws, recently highlighted by SonarSource’s vulnerability research team, allow attackers to bypass authentication and potentially gain full control over the JumpServer infrastructure. JumpServer acts as a centralized gateway to internal networks, offering features […]

The post JumpServer Flaws Allow Attackers to Bypass Authentication and Gain Full Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Metaproducts Offline Explorer 1.3 and classified as critical. Affected by this issue is some unknown functionality of the component Drive Letter Handler. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2001-0038. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2017-20093. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Download Manager Plugin up to 3.2.38 on WordPress. It has been rated as problematic. This issue affects the function uniqid of the component Master Key Handler. The manipulation leads to inadequate encryption strength. The identification of this vulnerability is CVE-2022-0828. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Download Manager Plugin up to 3.2.42 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file ~/src/Package/views/shortcode-iframe.php. The manipulation of the argument frameid leads to cross site scripting. This vulnerability is known as CVE-2022-1985. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in Download Manager Plugin up to 3.2.46 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument file[files][] leads to cross site scripting. This vulnerability was named CVE-2022-2101. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Download Manager Plugin up to 3.2.44 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Restrictions Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2022-2362. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in W3 Eden Download Manager Plugin up to 3.2.48 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2022-34347. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in W3 Eden Download Manager Plugin up to 3.2.48 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-34658. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in W3 Eden Download Manager Plugin up to 3.2.48 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2022-36288. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Download Manager Plugin up to 3.2.50 on WordPress. It has been rated as critical. This issue affects the function deleteFiles of the file ~/Admin/Menu/Packages.php. The manipulation leads to file inclusion. The identification of this vulnerability is CVE-2022-2431. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Download Manager Plugin up to 3.2.49 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument file[package_dir] leads to deserialization. This vulnerability is handled as CVE-2022-2436. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Download Manager Plugin up to 3.2.61 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2022-4476. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Operation Zero正在寻找流行通讯应用Telegram的漏洞，并为此悬赏高达400万美元。

A recent phishing campaign uncovered by the Cofense Phishing Defense Center (PDC) has been exploiting fake Meta emails to deceive users into surrendering their Meta Business account credentials. The attackers initiate the phishing attempt by sending fraudulent emails disguised as official Instagram notifications, alerting users that their advertising accounts have been temporarily suspended due to […]

The post Hackers Use Fake Meta Emails to Steal Ad Account Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.