Aggregator

Submit #550010 / VDB-303493

Submit #549982 / VDB-303492

Submit #549932 / VDB-303491

A vulnerability classified as problematic was found in ZoomIt ZoomSounds Plugin up to 6.91 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-0839. The attack can be initiated remotely. There is no exploit available.

Lawyer Jonathan Armstrong on Legal, Ethical Fallout From Looming 23andMe Auction
The financial collapse of personal genomics giant 23andMe raises an urgent question: What happens to your most intimate data when the company holding it goes bankrupt? Jonathan Armstrong, partner at Punter Southall Law, warns of cascading legal, ethical and security consequences.

A vulnerability classified as problematic has been found in AlThemist Lafka Plugin up to 7.1.0 on WordPress. This affects the function lafka_options_upload of the component Option Update Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-1233. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ZoomSounds Plugin up to 6.91 on WordPress. It has been rated as problematic. Affected by this issue is the function dzsap_delete_notice of the component Setting Handler. The manipulation of the argument seen leads to missing authorization. This vulnerability is handled as CVE-2024-13776. The attack may be launched remotely. There is no exploit available.

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors are leveraging fake recruitment emails to distribute malicious payloads. The attackers impersonated Dev.to, a prominent developer community, and lured victims with promises of lucrative job offers. Instead of attaching malware directly to emails, they provided a BitBucket link […]

The post Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ИИ ворвался в Minecraft как нуб, но уже через неделю копал туннели как гений.

Hotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care.

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor has been linked to ransomware campaigns, data theft, and the development of advanced malware tools, including EncryptRAT. However, critical mistakes in their operational infrastructure have […]

The post EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

If you’re part of the defense industrial base and you’re seeking CMMC certification, there’s a very good chance you’re aiming for Level 2. Level 1 is mostly meant for businesses with a focus on federal contract information but not CUI, while Level 3 is meant for businesses handling the most sensitive kinds of CUI; since […]

The post CMMC Level 2 Documentation: What Auditors Want to See appeared first on Security Boulevard.

How Digital Signatures Work

A sophisticated phishing campaign, dubbed “PoisonSeed,” has been identified targeting customer relationship management (CRM) and bulk email providers to facilitate cryptocurrency-related scams. The threat actors behind this campaign are leveraging compromised credentials to export email lists and send bulk phishing emails, aiming to compromise cryptocurrency wallets through a novel seed phrase poisoning technique. Phishing Tactics […]

The post PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation. These scams, which have been hitting users’ phones in waves, are part of a sophisticated campaign leveraging a platform called Lucid. Cybercriminals behind this scheme are exploiting legitimate communication technologies like Apple iMessage and Android RCS to […]

The post Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The State Bar of Texas has confirmed a data breach following the detection of unauthorized activity on its network earlier this year. According to an official notice, the breach occurred between January 28, 2025, and February 9, 2025, during which an unauthorized actor gained access to sensitive information stored on the organization’s systems. The intrusion […]

The post State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

As the United States approaches Tax Day on April 15, cybersecurity experts have uncovered a series of sophisticated phishing campaigns leveraging tax-related themes to exploit unsuspecting users. Microsoft has identified these campaigns as employing advanced redirection techniques such as URL shorteners and QR codes embedded in malicious attachments to evade detection. By abusing legitimate services […]

The post Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.