Aggregator

A vulnerability was found in imagisol File Uploads Addon for WooCommerce Plugin up to 1.7.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-content/uploads. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-13622. The attack may be launched remotely. There is no exploit available.

'He Is an Idiot,' Dissatisfied Hacker Writes of Boss
Two hundred thousand internal chat messages from the Russian ransomware group Black Basta have been leaked online, supposedly in reprisal for the operation targeting Russian banks. The partial logs, spanning 13 months, detail negotiations with victims, ransoms paid, internal disagreements and more.

US Technology Giant Reportedly Received UK Government Demand for Global Backdoor
Amidst the ever-rising tide of cyberattacks and data breaches, Apple is deactivating a key data security feature for all U.K. users, rather than accede to a reported demand from the British government that the technology giant give it on-demand backdoor access to any user's data in the world.

OSINT GPT: An open-source intelligence (OSINT) analysis tool leveraging GPT-powered embeddings and vector search engines for efficient data processing

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer overflow vulnerability CVE-2025-0282 in Ivanti Connect Secure, as confirmed by JPCERT/CC. This vulnerability, disclosed in January 2025, had already been actively exploited since late December 2024, prior to its public announcement. The malware, an evolved variant of the SPAWN family, integrates […]

The post SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing attackers to extract private keys used for signing SAML authentication requests. The flaw, tracked as CVE-2022-35202, stems from the use of a Java keystore accessible via WebDAV and protected by an auto-generated, low-complexity password. This vulnerability could potentially enable attackers to […]

The post Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a cyberattack on Northwestern Polytechnical University, a prominent Chinese institution specializing in aerospace and defense research. The allegations, published by organizations such as Qihoo 360 and the National Computer Virus Emergency Response Center (CVERC), claim that the NSA’s Tailored Access Operations (TAO) […]

The post NSA Allegedly Hacked Northwestern Polytechnical University, China Claims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The ACRStealer malware, an infostealer disguised as illegal software such as cracks and keygens, has seen a significant increase in its distribution since the beginning of 2025. Initially distributed in limited volumes in mid-2024, this malware has now gained traction, with February’s activity levels matching those of January, signaling a sharp upward trend. Security researchers […]

The post ACRStealer Malware Abuses Google Docs as C2 to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Stateside Has Been Claimed a Victim to INC RANSOM Ransomware

Estonia and Monaco back up their citizens' information to a data center in Luxembourg, while Singapore looks to India as its safe haven for data. But geopolitical challenges remain.

Борьба за сокращение госаппарата зашла слишком далеко?

RipperSec Targeted the Website of ClearOn

Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets. [...]

Новое подразделение получит беспрецедентные полномочия в цифровом пространстве.

Chinese cybersecurity authorities have alleged that the U.S. National Security Agency (NSA) breached Northwestern Polytechnical University (NPU), a leading institution in aerospace and defense research, in a multi-year cyber espionage campaign. According to joint reports published on February 18, 2025, by China’s National Computer Virus Emergency Response Center (CVERC) and cybersecurity firm Qihoo 360, the […]

The post China Claim That NSA Allegedly Hacked Northwestern Polytechnical University appeared first on Cyber Security News.

A Threat Actor Claims to be Selling VPN Access to an Unidentified Electronics Company in the USA

Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its

Новый закон позволяет атаковать хакеров ещё до того, как они нанесут удар.

An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it's also providing "boutique" solutions in order