Aggregator

A vulnerability classified as problematic was found in vcita Online Booking & Scheduling Calendar Plugin up to 4.5.1 on WordPress. This vulnerability affects the function vcita_save_user_data_callback of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9872. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in edgarrojas PDF Builder for WooCommerce Plugin up to 1.2.136 on WordPress. This issue affects some unknown processing. The manipulation of the argument page leads to cross site scripting. The identification of this vulnerability is CVE-2024-11276. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in martinnguyen1990 Next-Cart Store to WooCommerce Migration Plugin up to 3.9.2 on WordPress. Affected is an unknown function. The manipulation of the argument page leads to cross site scripting. This vulnerability is traded as CVE-2024-11687. It is possible to launch the attack remotely. There is no exploit available.

In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access.

A vulnerability was found in SAP Message Server. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument group leads to heap-based buffer overflow. This vulnerability was named CVE-2007-3624. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Palo Alto Cloud NGFW, PAN-OS and Prisma Access and classified as problematic. This vulnerability affects unknown code of the component Management Web Interface. The manipulation leads to file inclusion. This vulnerability was named CVE-2025-0111. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in imagisol File Uploads Addon for WooCommerce Plugin up to 1.7.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-content/uploads. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-13622. The attack may be launched remotely. There is no exploit available.

'He Is an Idiot,' Dissatisfied Hacker Writes of Boss
Two hundred thousand internal chat messages from the Russian ransomware group Black Basta have been leaked online, supposedly in reprisal for the operation targeting Russian banks. The partial logs, spanning 13 months, detail negotiations with victims, ransoms paid, internal disagreements and more.

US Technology Giant Reportedly Received UK Government Demand for Global Backdoor
Amidst the ever-rising tide of cyberattacks and data breaches, Apple is deactivating a key data security feature for all U.K. users, rather than accede to a reported demand from the British government that the technology giant give it on-demand backdoor access to any user's data in the world.

OSINT GPT: An open-source intelligence (OSINT) analysis tool leveraging GPT-powered embeddings and vector search engines for efficient data processing

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer overflow vulnerability CVE-2025-0282 in Ivanti Connect Secure, as confirmed by JPCERT/CC. This vulnerability, disclosed in January 2025, had already been actively exploited since late December 2024, prior to its public announcement. The malware, an evolved variant of the SPAWN family, integrates […]

The post SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing attackers to extract private keys used for signing SAML authentication requests. The flaw, tracked as CVE-2022-35202, stems from the use of a Java keystore accessible via WebDAV and protected by an auto-generated, low-complexity password. This vulnerability could potentially enable attackers to […]

The post Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a cyberattack on Northwestern Polytechnical University, a prominent Chinese institution specializing in aerospace and defense research. The allegations, published by organizations such as Qihoo 360 and the National Computer Virus Emergency Response Center (CVERC), claim that the NSA’s Tailored Access Operations (TAO) […]

The post NSA Allegedly Hacked Northwestern Polytechnical University, China Claims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The ACRStealer malware, an infostealer disguised as illegal software such as cracks and keygens, has seen a significant increase in its distribution since the beginning of 2025. Initially distributed in limited volumes in mid-2024, this malware has now gained traction, with February’s activity levels matching those of January, signaling a sharp upward trend. Security researchers […]

The post ACRStealer Malware Abuses Google Docs as C2 to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Stateside Has Been Claimed a Victim to INC RANSOM Ransomware

Estonia and Monaco back up their citizens' information to a data center in Luxembourg, while Singapore looks to India as its safe haven for data. But geopolitical challenges remain.

Борьба за сокращение госаппарата зашла слишком далеко?

RipperSec Targeted the Website of ClearOn

Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets. [...]

Новое подразделение получит беспрецедентные полномочия в цифровом пространстве.