Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors to remotely compromise affected devices. The vulnerability, identified as CVE-2024-11237, affects TP-Link VN020 F3v(T) routers running firmware version TT_V6.2.1021, which are primarily deployed through Tunisie…

Read more →

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious e-commerce websites, leveraging multiple SEO malware families to achieve their goal. Three distinct threat actor groups were identified, each employing a unique malware family, with…

Read more →

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers in Europe and the USA during the Black Friday shopping season.  The campaign leveraged the legitimate payment processor Stripe to steal victims’ Cardholder Data (CHD)…

Read more →

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022 by employing sophisticated social engineering techniques to infiltrate target networks, often leveraging advanced malware to compromise systems undetected.  Once inside, Black Basta extorts victims with…

Read more →

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building web applications. The vulnerability allows unauthorized access by exploiting improperly validated inputs, potentially leading to privilege escalation, data tampering, or full system compromise. Given Laravel’s…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, CVE-2024-9463 and CVE-2024-9465, are reportedly actively exploited by malicious cyber…

Read more →

A critical vulnerability has been discovered in the popular “Really Simple Security” WordPress plugin, formerly known as “Really Simple SSL,” putting over 4 million websites at risk. The flaw, identified as CVE-2024-10924, exposes websites using the plugin to potential remote attacks,…

Read more →

Daren Li, 41, a dual citizen of China and St. Kitts and Nevis, and a resident of China, Cambodia, and the United Arab Emirates, pleaded guilty today to one count of conspiracy to commit money laundering for his role in…

Read more →

Google has once again raised the bar for mobile security by introducing two new AI-powered real-time protection features for Android users. With a strong commitment to user privacy and safety, these innovative tools aim to shield users from scams, fraud,…

Read more →

Google Cloud has announced a significant step forward in its commitment to transparency and security by stating it will begin issuing Common Vulnerabilities and Exposures (CVEs) for critical vulnerabilities found in its cloud services. This move, which underscores Google’s dedication…

Read more →

GitLab has rolled out critical security updates to address multiple vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE), fixing issues that could lead to unauthorized access to Kubernetes clusters and other potential exploits. The latest patch versions, 17.5.2,…

Read more →

A newly discovered zero-day vulnerability, CVE-2024-43451, has been actively exploited in the wild, targeting Windows systems across various versions. This critical vulnerability, uncovered by the ClearSky Cyber Security team in June 2024, has been linked to attacks aimed specifically at Ukrainian…

Read more →

If you’re looking to make some extra cash or to start a business, you should consider online reselling. Online reselling is growing rapidly at 11% each year- according to ThredUp.  When partaking in online reselling it is important to have…

Read more →

Keeping track of who has access and managing their permissions has gotten a lot more complicated because there are so many users, devices, and systems involved. Using automation for managing who can access what helps companies stay secure, work more…

Read more →

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple products, including FortiAnalyzer, FortiClient, FortiManager, and FortiOS. These vulnerabilities could allow attackers to perform unauthorized operations, escalate privileges, or hijack user sessions. Below are detailed descriptions…

Read more →

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community websites to deliver Cobalt Strike malware, according to a recent investigation by Recorded Future’s Insikt Group. According to a report from Recorded Future, the investigation revealed…

Read more →

Ivanti, the well-known provider of IT asset and service management solutions, has issued critical security updates for its products Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC). These updates address multiple vulnerabilities, including medium, high, and critical…

Read more →

The Chrome team has officially announced the release of Chrome 131 for Windows, Mac, and Linux. The new version, Chrome 131.0.6778.69 for Linux and 131.0.6778.69/.70 for Windows and Mac is set to roll out to users over the coming days…

Read more →

In a critical security disclosure, it has been revealed that thousands of end-of-life (EOL) D-Link DSL-6740C routers are vulnerable to password change attacks. The vulnerability tracked as CVE-2024-11068 has been rated as critical by the TWCERT/CC, with an alarming CVSS score…

Read more →

Navigating the world of cryptocurrencies can feel like unlocking a new frontier. I remember my first foray into crypto wallet management, and the thrill of securing my digital assets was exhilarating. With the rapid growth of digital currencies, managing a…

Read more →