The Progress WhatsUp Gold team confirmed the existence of critical vulnerabilities in all versions of their software released before 2024.0.0. If exploited, these vulnerabilities could allow attackers to inject SQL commands, posing significant security risks to users. Although there have…
Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Chrome Zero-day Vulnerability Actively Exploited in the Wild
Google has announced the release of Chrome 128 to the stable channel for Windows, Mac, and Linux. This update, Chrome 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac addresses a critical zero-day vulnerability actively exploited in the wild. The…
New Styx Stealer Attacking Users to Steal Login Passwords
A new cybersecurity threat, known as Styx Stealer, has emerged. It targets users by stealing sensitive data such as saved passwords, cookies, and autofill information from popular web browsers. This malware affects Chromium and Gecko-based browsers and extends its reach…
MegaMedusa, Highly Scalable Web DDoS Attack Tool Used By Hacker Groups
RipperSec, a pro-Palestinian, pro-Muslim Malaysian hacktivist group, has rapidly grown since its Telegram inception in June 2023. Leveraging a community of over 2,000 members, they conduct cyberattacks, including data breaches, defacements, and DDoS attacks, and their primary tool is MegaMedusa,…
Backdoor MIFARE Smart Cards Exposes User-Defined Keys On Cards
Researchers analyze the security of MIFARE Classic cards, focusing exclusively on card-only attacks. They uncover multiple new attack vectors by examining the CRYPTO-1 algorithm, existing vulnerabilities, and a novel countermeasure. Through a combination of reverse engineering, cryptanalysis, and experimental analysis,…
Digital Wallets Bypassed To Allow Purchase With Stolen Cards
Digital wallets enable users to securely store their financial information on smart devices and perform financial transactions without any hassle. These wallets offer enhanced security compared to traditional payment methods, as these wallets encrypt payment data. Since smartphone adoption has…
2GB variant of Raspberry Pi Launched for Just $50
Raspberry Pi has announced the launch of a new 2GB variant of the Raspberry Pi 5, priced at an affordable $50. This release makes powerful computing accessible to a wider audience, fulfilling the original Raspberry Pi dream of providing an…
Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites
A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform. This vulnerability, CVE-2024-5932, exposes over 100,000 WordPress sites to potential remote code execution (RCE) attacks. The vulnerability was responsibly disclosed by a security…
Autodesk AutoCAD Vulnerability Let Attackers Execute Arbitrary Code
Autodesk has disclosed a critical vulnerability in its AutoCAD software, which could allow malicious actors to execute arbitrary code. This vulnerability, CVE-2024-7305, identified in the AdDwfPdk.dll component, is triggered when a specially crafted DWF (Design Web Format) file is parsed.…
Lazarus Hacker Group Exploited Microsoft Windows Zero-day
The notorious Lazarus hacker group has been identified as exploiting a zero-day vulnerability in Microsoft Windows, specifically targeting the Windows Ancillary Function Driver for WinSock (AFD.sys). This vulnerability, cataloged as CVE-2024-38193, was discovered by researchers Luigino Camastra and Milanek in…