Data breach at Serviceaide, Inc., a technology vendor for Catholic Health, exposed sensitive information belonging to approximately 480,000 patients. The incident, caused by an improperly secured Elasticsearch database, left names, Social Security numbers, medical records, and login credentials publicly accessible…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Security Flaw in WordPress Plugin Puts 22,000 Websites at Risk of Cyber Attacks
Critical security vulnerability has been discovered in Motors, a popular WordPress theme with over 22,000 sales, potentially exposing thousands of websites to complete takeover. Security researchers at Wordfence identified an unauthenticated privilege escalation vulnerability that allows attackers to change passwords…
Threat Actors Deploy Bumblebee Malware via Poisoned Bing SEO Results
A newly identified cyberattack campaign has revealed the persistent and evolving threat of Bumblebee malware, a sophisticated downloader first discovered in 2022 and linked to ransomware groups like Conti. According to a recent report by Cyjax, threat actors have orchestrated…
Qilin Exploits SAP Zero-Day Vulnerability Weeks Ahead of Public Disclosure
Cybersecurity experts at OP Innovate have uncovered evidence that CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver Visual Composer, was actively exploited nearly three weeks before its public disclosure. This flaw, residing in the /developmentserver/metadatauploader endpoint, lacks proper authentication and…
Critical VMware Cloud Foundation Vulnerability Exposes Sensitive Data
Broadcom’s VMware division has disclosed three significant security vulnerabilities in its Cloud Foundation platform that could allow attackers to gain unauthorized access to sensitive information and internal services. The advisory, published today (May 20, 2025), details vulnerabilities with CVSS scores…
WordPress Plugin Flaw Puts 22,000 Websites at Risk of Cyber Attacks
A severe security flaw has been uncovered in the Motors WordPress theme, a popular choice for car dealerships and listings with over 22,000 sales on ThemeForest. Researcher Foxyyy reported a critical Privilege Escalation vulnerability through the Wordfence Bug Bounty Program,…
DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions
A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic of Korea (DPRK). This network targets remote engineering and full-stack blockchain developer roles by impersonating Polish and US nationals. The…
Critical Multer Vulnerability Puts Millions of Node.js Apps at Risk
Critical security vulnerability has been discovered in Multer, one of the most widely used Node.js middleware packages for handling file uploads. The vulnerability affects all versions from 1.4.4-lts.1 up to but not including 2.0.0, potentially exposing millions of web applications…
Windows 11 Privilege Escalation Vulnerability Let Attackers Gain Admin Access in Under 300 Milliseconds
Security researchers have uncovered a critical vulnerability in Windows 11 that allowed attackers to escalate privileges from a standard user to system-level administrator in just 300 milliseconds. The flaw, tracked as CVE-2025-24076, has been patched by Microsoft but represents a…
Microsoft Issues Urgent Patch to Resolve BitLocker Recovery Problem
Microsoft has released an emergency update to address a critical issue affecting Windows 10 devices with specific Intel processors. The update (KB5061768) fixes a problem introduced in the May 13, 2025 security update that was causing unexpected system failures and…
O2 VoLTE Flaw Allows Tracking of Customers’ Locations Through Phone Calls
Significant privacy vulnerability in O2 UK’s Voice over LTE (VoLTE) implementation was recently discovered, allowing any caller to access precise location data of call recipients. The security flaw, which exposed sensitive information through IMS (IP Multimedia Subsystem) signaling messages, has…
Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time
Socket’s Threat Research Team has uncovered a dangerous npm package named koishi-plugin-pinhaofa, masquerading as a spelling-autocorrect helper for Koishi chatbots. Marketed innocently, this plugin embeds a insidious data-exfiltration backdoor that scans every incoming message for an eight-character hexadecimal string a…
W3LL Phishing Kit Launches Active Campaign to Steal Outlook Login Credentials
Cybersecurity researchers have recently uncovered a sophisticated phishing campaign leveraging the notorious W3LL Phishing Kit. Originally identified by Group-IB in 2022, W3LL differentiates itself in the criminal ecosystem as a phishing-as-a-service (PaaS) tool, supported by a unique marketplace known as…
Tor Browser 14.5.2 Released: Bug Fixes and Enhanced Features
Tor Project has launched Tor Browser 14.5.2, a significant update addressing security vulnerabilities, refining cross-platform functionality, and enhancing build system reliability. This release integrates critical Firefox security patches, resolves longstanding privacy-related bugs, and implements infrastructural improvements to streamline future development.…
Critical pfSense Firewall Flaws Enable Attackers to Inject Malicious Code
Security researchers have uncovered three critical vulnerabilities in pfSense firewall software that could allow attackers to inject malicious code, corrupt configurations, and potentially gain unauthorized access to systems. These vulnerabilities were responsibly disclosed to Netgate, the company behind pfSense, between…
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
Cybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The flaws CVE-2025-4427 and CVE-2025-4428 enable authentication…
Microsoft 365 Users Targeted by Tycoon2FA Linked Phishing Attack to Steal Credentials
A new wave of targeted phishing campaigns, linked to the Tycoon2FA group, has been identified specifically targeting Microsoft 365 users. Security researchers have observed that these campaigns are leveraging an innovative tactic: the use of malformed URLs containing backslash characters,…
New Hannibal Stealer Uses Stealth and Obfuscation to Evade Detection
A newly identified piece of malware, dubbed the “Hannibal Stealer,” has emerged as a significant cybersecurity threat due to its advanced stealth mechanisms and obfuscation techniques designed to bypass modern detection systems. This modular .NET info-stealer and credential harvester demonstrates…
New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials
A newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom meeting invitations from colleagues. This deceptive tactic leverages the familiarity and trust associated with workplace communications to lure victims into a trap designed to steal their…
Cache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel Base
Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization (KASLR) on fully updated Windows 11 PCs, which is a startling discovery for cybersecurity aficionados and Windows kernel developers. KASLR, a critical security mechanism, randomizes the…