Aggregator

A critical remote code execution (RCE) vulnerability in the popular “Alone” WordPress theme is being actively exploited by attackers to gain complete control of vulnerable websites.  The vulnerability, assigned CVE-2025-5394 with a maximum CVSS score of 9.8, affects over 9,000 sites using versions 7.8.3 and below of the charity-focused theme. Key Takeaways1. Critical RCE flaw […]

The post WordPress Theme RCE Vulnerability Actively Exploited to Take Full Site Control appeared first on Cyber Security News.

You must login to view this content

The maritime sector, which facilitates approximately 90% of international trade, is facing an unprecedented surge in sophisticated cyberattacks from advanced persistent threat (APT) groups, ransomware operators, and hacktivists, driven by escalating geopolitical conflicts. According to a recent Cyble intelligence report, over 100 such incidents have been documented in the past year, targeting shipping companies, ports, […]

The post APT Hackers Target Maritime and Shipping Industry for Ransomware Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Contagious Interview campaign conducted by the Lazarus Group continues to expand its capabilities. We have observed an exponential evolution in the delivery mechanisms for the campaign’s main payloads: BeaverTail, InvisibleFerret, and OtterCookie. In this article, we will discuss the innovations related to the delivery techniques used by the group and demonstrate the preservation of […]

The post Lazarus Group Enhances Malware with New OtterCookie Payload Delivery Technique appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Dropbox has announced the discontinuation of its Passwords service, giving users until October 28, 2025, to export their stored credentials before the feature is permanently shut down. The cloud storage company is phasing out the password management tool as part of its strategic focus on enhancing core product features, recommending users migrate to alternative password […]

The post Dropbox Passwords Service Ending: Export Your Vault Before Oct 28, 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

Today, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and assistance during the containment and eviction phases of incident response. This tool includes:

• Cyber Eviction Strategies Playbook Next Generation (Playbook-NG): A web-based application for next-generation operations.
• COUN7ER: A database of atomic post-compromise countermeasures users can execute based on adversary tactics, techniques, and procedures.

Together, Playbook-NG and COUN7ER create a systematic, tailored eviction plan that leverages distinct countermeasures to effectively contain and evict adversarial intrusions.

The Eviction Strategies Tool directly addresses a critical gap: the need for a clear understanding of the necessary actions to properly contain and evict adversaries from networks and devices.

CISA encourages cyber defenders to use the Eviction Strategies Tool available on the CISA Eviction Strategies Tool webpage or download it directly from GitHub at https://github.com/cisagov/playbook-ng. Check out our fact sheet for more information: Eviction Strategies Tool | CISA.

Please share your thoughts through our anonymous survey. We appreciate your feedback.

A critical security vulnerability has been discovered in the popular “Alone” WordPress theme that allows unauthenticated attackers to execute arbitrary code remotely and potentially take complete control of affected websites. The vulnerability, tracked as CVE-2025-5394, affects the charity and non-profit theme which has been sold over 9,000 times on ThemeForest. Vulnerability Details and Timeline The […]

The post WordPress Theme Security Vulnerability Enables to Execute Arbitrary Code Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.