Aggregator
CVE-2024-12526 | Arena.IM Plugin up to 0.3.0 on WordPress Setting cross-site request forgery
CVE-2024-12463 | Arena.IM Plugin up to 0.3.0 on WordPress Shortcode arena_embed_amp cross site scripting
CVE-2024-11384 | Arena.IM Plugin up to 0.3.0 on WordPress cross site scripting
CVE-2024-11723 | kvCORE IDX Plugin up to 2.3.35 on WordPress cross site scripting
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension
SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using the .NET framework. This malware is notorious for its advanced obfuscation techniques, making it challenging to analyze and detect. Recently, cybersecurity researchers uncovered a new campaign where sectopRAT disguises itself as a legitimate Google Chrome extension named “Google Docs,” further amplifying […]
The post Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
6 considerations for 2025 cybersecurity investment decisions
Cybersecurity professionals may be concerned about the constantly shifting threat landscape. From the increased use of artificial intelligence (AI) by malicious actors to the expanding attack surface, cybersecurity risks evolve, and defenders need to mitigate them. Despite a period of cybersecurity budget growth between 2021 and 2022, this growth has slowed in the last few years, meaning that cybersecurity leaders need to carefully consider how their purchases improve their current security and compliance posture. To … More →
The post 6 considerations for 2025 cybersecurity investment decisions appeared first on Help Net Security.
Threat Actors Trojanize Popular Games to Evade Security and Infect Systems
A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of popular games. Exploiting the holiday season’s heightened torrent activity, the attackers distributed compromised game installers via torrent trackers. The campaign, which lasted for a month, primarily delivered the XMRig cryptominer to unsuspecting users in Russia, Brazil, Germany, Belarus, and Kazakhstan. Popular […]
The post Threat Actors Trojanize Popular Games to Evade Security and Infect Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
OpenSSH Flaws Expose Systems to Critical Attacks
New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats
A recent study by researchers from the National University of Singapore and NCS Cyber Special Ops R&D explores how the MITRE ATT&CK framework can be enhanced to address the rapidly evolving landscape of cyber threats. The research synthesizes findings from 417 peer-reviewed publications to evaluate the framework’s applications across various cybersecurity domains, including threat intelligence, […]
The post New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Compliance Isn’t Security: Why a Checklist Won’t Stop Cyberattacks
Mozilla security advisory (AV25-095)
New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation
A significant vulnerability has been identified in large language models (LLMs) such as ChatGPT, raising concerns over their susceptibility to adversarial attacks. Researchers have highlighted how these models can be manipulated through techniques like prompt injection, which exploit their text-generation capabilities to produce harmful outputs or compromise sensitive information. Prompt Injection: A Growing Cybersecurity Challenge […]
The post New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Anonymous KSA Targeted the Website of Fattah Cyber Team
Проект MorPhiC: биологи взялись за 20 тысяч неизученных генов человека
BlackLock ransomware onslaught: What to expect and how to fight it
BlackLock is on track to become the most active ransomware-as-a-service (RaaS) outfit in 2025, according to ReliaQuest. Its success is primarily due to their unusually active presence and good reputation on the ransomware-focused Russian-language forum RAMP, and their aggressive recruiting of traffers (individuals that steer victims to harmful content/software), initial access brokers (IABs), and affiliates. What is BlackLock? BlackLock (aka El Dorado or Eldorado) cropped up in early 2024. It uses custom-built ransomware that can … More →
The post BlackLock ransomware onslaught: What to expect and how to fight it appeared first on Help Net Security.
A Threat Actor is Selling Thunderbird Mailer Cluster Edition
Leveraging AI to Stay Ahead in Cybersecurity: A Conversation with Chandra Pandey and Joshua Skeens, CEO of Logically
At Seceon’s 2025 Q1 Innovation and Certification Days, Seceon CEO Chandra Pandey and Joshua Skeens, CEO of Seceon’s partner Logically (www.logically.com) engaged in an insightful discussion about AI’s transformative role in cybersecurity. As cyber threats become increasingly AI-driven, organizations must evolve their security strategies to stay ahead of attackers. The Growing AI Threat Landscape Skeens
The post Leveraging AI to Stay Ahead in Cybersecurity: A Conversation with Chandra Pandey and Joshua Skeens, CEO of Logically appeared first on Seceon Inc.
The post Leveraging AI to Stay Ahead in Cybersecurity: A Conversation with Chandra Pandey and Joshua Skeens, CEO of Logically appeared first on Security Boulevard.
Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions
A sophisticated malware campaign leveraging the Lumma InfoStealer has been identified, targeting educational institutions to distribute malicious files disguised as PDF documents. This campaign employs compromised school infrastructure to deliver weaponized LNK (shortcut) files masquerading as legitimate PDFs, initiating a multi-stage infection process. The Lumma InfoStealer, a Malware-as-a-Service (MaaS) offering, is designed to exfiltrate sensitive […]
The post Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Cybercriminals Embedded Credit Card Stealer Script Within <img> Tag
Cybersecurity researchers have uncovered a new MageCart malware campaign targeting e-commerce websites running on the Magento platform. This attack exploits <img> HTML tags to conceal malicious JavaScript skimmers, enabling cybercriminals to steal sensitive payment information while evading detection by security tools. MageCart, a term used to describe credit card skimming malware, has evolved with increasingly […]
The post Cybercriminals Embedded Credit Card Stealer Script Within <img> Tag appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.