The National Cyber Security Centre (NCSC) has issued a critical alert regarding a newly identified malware, dubbed SHOE RACK, which has been observed targeting Fortinet firewalls and other perimeter devices. Developed using the Go 1.18 programming language, this malicious software…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Critical Convoy Flaw Allows Remote Code Execution on Servers
A critical vulnerability (CVE-2025-52562) in Performave Convoy—a KVM server management panel widely used by hosting providers—enables unauthenticated attackers to execute arbitrary code on affected systems. Rated the maximum CVSS score of 10.0, this flaw exposes servers to complete compromise without…
DHS Warns of Pro-Iranian Hacktivists Targeting U.S. Networks
The Department of Homeland Security (DHS) has raised alarms over an increasing wave of low-level cyberattacks targeting U.S. networks, orchestrated by pro-Iranian hacktivist groups. This warning comes in the wake of heightened geopolitical tensions following the United States’ military strikes…
OPPO Clone Phone Vulnerability Leaks Sensitive Data via Weak WiFi Hotspot
A newly disclosed security vulnerability in OPPO’s widely used Clone Phone app has raised significant concerns over user privacy, as it exposes sensitive data through a weakly secured WiFi hotspot. The flaw, cataloged as CVE-2025-27387, has been rated as high…
North Korean Hackers Use Malicious Zoom Apps to Execute System-Takeover Attacks
Cybersecurity researchers and targeted individuals have reported a highly sophisticated scam orchestrated by suspected North Korean hackers. This attack, disguised as a legitimate Zoom meeting, leverages advanced social engineering techniques to trick professionals into compromising their systems. The campaign, which…
LapDogs Hackers Compromise 1,000 SOHO Devices Using Custom Backdoor for Stealthy Attacks
Security researchers at SecurityScorecard have uncovered a sprawling cyber-espionage campaign orchestrated by the LapDogs Operational Relay Box (ORB) Network, a sophisticated infrastructure compromising over 1,000 devices worldwide. Identified as a key tool for China-Nexus threat actors, LapDogs primarily targets Small…
Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers
The Wordfence Threat Intelligence Team uncovered a sophisticated malware campaign during a routine site cleanup, revealing a family of malicious code targeting WordPress and WooCommerce platforms. This campaign, which dates back to September 2023 as per their Threat Intelligence platform,…
Xiaomi Interoperability App Flaw Allows Unauthorized Access to User Devices
A critical security vulnerability, tracked as CVE-2024-45347, has been discovered in Xiaomi’s Mi Connect Service App, exposing millions of users to the risk of unauthorized access to their smart devices. The flaw, which received a CVSS severity score of 9.6,…
OWASP Launches AI Testing Guide to Uncover Vulnerabilities in AI Systems
As artificial intelligence (AI) becomes a cornerstone of modern industry, the Open Web Application Security Project (OWASP) has announced the release of its AI Testing Guide—a comprehensive framework designed to help organizations identify and mitigate vulnerabilities unique to AI systems.…
WinRAR Vulnerability Exploited with Malicious Archives to Execute Code
A newly disclosed vulnerability in RARLAB’s WinRAR, the widely used file compression utility for Windows, has put millions of users at risk of remote code execution (RCE) attacks. Tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (High), this…