A critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK version 4.3.46. This vulnerability arises from the use of a hardcoded decryption key within the application. It allows malicious actors to access sensitive data and execute…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF
Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the ChatGPT Next Web, popularly known as NextChat. This vulnerability has raised concerns within the cybersecurity community due to its potential for exploitation through Server-Side Request Forgery…
I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks
I-O DATA DEVICE, INC. has announced that several critical vulnerabilities in their UD-LT1 and UD-LT1/EX routers are being actively exploited. These vulnerabilities pose significant risks to users, necessitating urgent attention and action. Below is a detailed look at each vulnerability,…
Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification
A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially allowing attackers to bypass image signature verification. This flaw, which affects several Cisco product lines, could enable unauthorized users to load unverified software onto affected devices.…
Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data
Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte of sensitive data. Emerging in June 2024, Brain Cipher has quickly established a reputation for its aggressive cyberattacks, with a notable incident involving According to statements…
Weaponized Word Documents Attacking Windows Users to Deliver NetSupport & BurnsRAT
The threat actors distributed malicious JS scripts disguised as legitimate business documents, primarily in ZIP archives with names like “Purchase request” or “Request for quote.” They enriched their phishing emails with authentic-looking documents like passports, tax registrations, and company cards,…
Hackers Exploit Docker Remote API Servers To Inject Gafgyt Malware
Attackers are exploiting publicly exposed Docker Remote API servers to deploy Gafgyt malware by creating a Docker container using a legitimate “alpine” image to deploy the malware and infect the victim system with Gafgyt botnet malware. It allows attackers to…
Cloudflare Developer Domains Abused For Cyber Attacks
Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host phishing sites, as attackers leverage Cloudflare’s trusted infrastructure, global CDN, and free hosting to quickly set up and deploy convincing phishing sites. Automatic SSL/TLS encryption enhances…
New TLDs Such as .shop, .top and .xyz Leveraged by Phishers
Phishing attacks have surged nearly 40% in the year ending August 2024, with a significant portion of this increase linked to new generic top-level domains (gTLDs) like .shop, .top, and .xyz. These domains, known for their minimal registration requirements and…
PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts
Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated learning (FL) to improve the efficiency and privacy of training large language models (PLMs) on specific tasks. However, this approach introduces a new security risk called…