A severe security flaw has been identified in the TI WooCommerce Wishlist plugin, a widely used WordPress extension with over 100,000 active installations. This plugin enables WooCommerce store owners to integrate wishlist functionality into their online shops, often alongside other…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
APT36 and Sidecopy Hackers Target India’s Critical Infrastructure with Malware Attacks
Seqrite Labs, India’s largest malware analysis facility, has uncovered a sophisticated campaign dubbed Operation Sindoor, orchestrated by Pakistan-aligned threat groups APT36 and Sidecopy. Launched on May 7, 2025, this state-sponsored Advanced Persistent Threat (APT) activity, combined with coordinated hacktivist operations,…
Hackers Exploit Craft CMS Vulnerability to Inject Cryptocurrency Miner Malware
Threat actors have exploited a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-32432, in the Craft Content Management System (CMS). Discovered by Orange Cyberdefense in mid-February 2025 and publicly disclosed on April 25, 2025, this flaw carries a maximum…
Velvet Chollima APTHackers Target Government Officials Using Weaponized PDFs
The DPRK-linked Velvet Chollima Advanced Persistent Threat (APT) group has launched a sophisticated cyberattack campaign targeting South Korean government officials, as well as NGOs, government agencies, and media organizations across North America, South America, Europe, and East Asia. Initiated in…
Iranian Cybergroup Toufan Targets Organizations to Steal Login Credentials
A pro-Palestinian cybergroup called Cyber Toufan, which means “cyber storm,” has become a serious threat to Israeli groups in the changing digital battlefield of the Israel-Gaza war. Over the past year, this ideologically driven group has orchestrated over 100 breaches,…
Windows 11 Notepad Introduces AI-Powered Writing with Copilot Integration
Microsoft’s venerable Notepad, a staple of Windows since the 1980s, is undergoing its most significant transformation yet. With the latest Windows 11 Insider builds, Notepad now features integrated generative AI, turning the once-basic text editor into a creative and technical…
Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches
At this year’s Pwn2Own Berlin, security researchers successfully demonstrated two new zero-day exploits against Mozilla Firefox, targeting the browser’s content process. The vulnerabilities—CVE-2025-4918 and CVE-2025-4919—were both found in Firefox’s JavaScript engine and allowed out-of-bounds memory access, raising the risk of…
Adidas Customer Information Compromised Through Third-Party Vendor
German sportswear giant Adidas has confirmed a data breach after cybercriminals accessed customer data through a third-party customer service provider. The breach, disclosed on May 23, 2025, did not involve sensitive information such as passwords or payment details but did…
Silver RAT Malware Employs New Anti-Virus Bypass Techniques to Execute Malicious Activities
A newly identified strain of malware, dubbed Silver RAT, has emerged as a significant threat to cybersecurity, leveraging sophisticated anti-virus bypass techniques to infiltrate and compromise Windows-based systems. This remote access trojan (RAT), believed to be crafted by a highly…
Multiple Vulnerabilities in Hardy Barth EV Station Allow Unauthenticated Network Access
Critical security flaws have been identified in the eCharge Hardy Barth cPH2 and cPP2 charging stations, specifically affecting firmware version 2.2.0. These vulnerabilities, discovered by Stefan Viehböck of SEC Consult Vulnerability Lab, expose electric vehicle (EV) charging infrastructure to severe…
GIMP Image Editor Vulnerability Allows Remote Attackers to Execute Arbitrary Code
Two major security vulnerabilities have been found in the widely used GIMP image editing software, potentially allowing remote attackers to execute arbitrary code on affected systems, according to security researchers. The vulnerabilities, labeled CVE-2025-2760 and CVE-2025-2761, each have a high…
Researchers Uncover macOS ‘AppleProcessHub’ Stealer: TTPs and C2 Server Details Revealed
Researchers have identified a novel information-stealing malware dubbed ‘AppleProcessHub,’ designed to infiltrate Apple systems and exfiltrate sensitive user data. This discovery sheds light on an evolving threat landscape where macOS, often considered a secure platform, is increasingly becoming a target…
Red Hat and AMD Team Up to Boost AI Processing Power and Performance
Red Hat, Inc., the global leader in open source solutions, has announced a strategic collaboration with AMD, a pioneer in high-performance and adaptive computing, to revolutionize the way organizations build, deploy, and manage artificial intelligence (AI) workloads. This partnership aims…
New Android Malware GhostSpy Grants Attackers Full Control Over Infected Devices
A chilling new Android malware, dubbed GhostSpy, has emerged as a significant threat to mobile security, according to a detailed report by CYFIRMA. This high-risk malware employs advanced evasion, persistence, and surveillance techniques to seize complete control over infected devices.…
Siemens SiPass Flaw Allows Remote Attackers to Cause DoS Conditions
Siemens has released a security advisory (SSA-041082) concerning a critical out-of-bounds read vulnerability, tracked as CVE-2022-31812, affecting all SiPass integrated versions before V2.95.3.18. The flaw, if exploited, could allow unauthenticated remote attackers to trigger a denial of service (DoS) condition,…
Arm Mali GPU Vulnerability Enables Bypass of MTE and Arbitrary Kernel Code Execution
A critical vulnerability, identified as CVE-2025-0072, has been discovered in the Arm Mali GPU driver, posing a significant threat to devices with newer Mali GPUs utilizing the Command Stream Frontend (CSF) architecture, including Google’s Pixel 7, 8, and 9 series.…
Hackers Exploit HTTP/2 Flaw to Launch Arbitrary Cross-Site Scripting Attacks
A groundbreaking study from Tsinghua University and Zhongguancun Laboratory has uncovered critical vulnerabilities in modern web infrastructure, revealing that HTTP/2 server push and Signed HTTP Exchange (SXG) features can be exploited to bypass the Same-Origin Policy (SOP)—a cornerstone of web…
Critical GitHub MCP Server Vulnerability Allows Unauthorized Access to Private Repositories
A critical vulnerability in the widely-used GitHub MCP integration, boasting over 14,000 stars on GitHub, has been uncovered by Invariant Labs, posing a severe risk to users’ private repository data. This flaw, identified through Invariant’s automated security scanners, enables attackers…
How Google Meet Pages Are Exploited to Deliver PowerShell Malware
A new wave of cyberattacks exploits user trust in Google Meet by deploying meticulously crafted fake meeting pages that trick victims into running malicious PowerShell commands. This campaign, dubbed ClickFix, leverages advanced social engineering tactics, bypassing traditional security measures and…
Fake DigiYatra Apps Target Indian Users to Steal Financial Data
Threat actors have been exploiting the trust in India’s digital public infrastructure by setting up a deceptive phishing site, digiyatra[.]in, impersonating the DigiYatra Foundation. This fraudulent website, still live at the time of reporting, is being used to harvest personal…