Over 200,000 websites have been left vulnerable to Cross-Site Scripting (XSS) attacks due to a flaw in the Ultimate Member plugin for WordPress. This vulnerability, discovered by a researcher known as stealthcopter, underscores the ongoing risks in the digital ecosystem…
Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Hackers Deliver MSIX Malware in The Lure of Freemium Productivity App
Cybercriminals usually use free apps to take advantage of the large number of people who use them freely. The broader user base serves as a larger attack surface that ensures the effective distribution of malware. In addition, this could happen…
KrustyLoader Backdoor Attack Both Windows & Linux Systems
Recent developments within the cybersecurity landscape have included the emergence of KrustyLoader, a sophisticated Rust-based backdoor that has caught the attention of multiple industry experts. This malware, which boasts Windows and Linux variants, has been implicated in a series of…
BianLian Hackers Hijacked TeamCity Servers To Install GO Backdoor
BianLian attackers exploited a TeamCity vulnerability (CVE-2024-27198 or CVE-2023-42793) to gain initial access and move laterally within the network. They deployed a PowerShell backdoor disguised as legitimate tools that use two-layer obfuscation with encryption and string substitution to communicate with…
Hackers Compromised TeamCity Server To Install BianLian’s GO Backdoor
BianLian attackers exploited a TeamCity vulnerability (CVE-2024-27198 or CVE-2023-42793) to gain initial access and move laterally within the network. They deployed a PowerShell backdoor disguised as legitimate tools that use two-layer obfuscation with encryption and string substitution to communicate with…
WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack
A recent surge in attacks from a new malware campaign exploits a known vulnerability in the WordPress plugin Popup Builder, infecting over 3,300 websites with XSS attacks. A recent Balada Injector campaign discovered in January exploited a cross-site scripting (XSS) vulnerability tracked…
CyberGate RAT Mimic as Dorks Tool to Attack Cybersecurity Professionals
Threat actors target a niche group of internet users, security researchers, penetration testers, and even cybercriminals. The weapon of choice is malicious software known as CyberGate Remote Access Trojan (RAT), which has been lurking in the cyber realm for several…
CyberGate RAT Mimic as Dorks to Attack Cybersecurity Professionals
Threat actors target a niche group of internet users, security researchers, penetration testers, and even cybercriminals. The weapon of choice is malicious software known as CyberGate Remote Access Trojan (RAT), which has been lurking in the cyber realm for several…
Multiple QNAP Vulnerabilities Let Attackers Inject Malicious Codes
QNAP has disclosed a series of vulnerabilities within its operating systems and applications that could potentially allow attackers to compromise system security and execute malicious commands. These vulnerabilities, identified as CVE-2024-21899, CVE-2024-21900, and CVE-2024-21901, pose significant risks to users of…
PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability
A Proof of Concept (PoC) exploit has been released for a vulnerability in the OpenEdge Authentication Gateway and AdminServer. This vulnerability, CVE-2024-1403, affects multiple versions of the OpenEdge platform and could potentially allow unauthorized access to sensitive systems. Understanding the…