Cybersecurity experts at OP Innovate have uncovered evidence that CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver Visual Composer, was actively exploited nearly three weeks before its public disclosure. This flaw, residing in the /developmentserver/metadatauploader endpoint, lacks proper authentication and…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Critical VMware Cloud Foundation Vulnerability Exposes Sensitive Data
Broadcom’s VMware division has disclosed three significant security vulnerabilities in its Cloud Foundation platform that could allow attackers to gain unauthorized access to sensitive information and internal services. The advisory, published today (May 20, 2025), details vulnerabilities with CVSS scores…
WordPress Plugin Flaw Puts 22,000 Websites at Risk of Cyber Attacks
A severe security flaw has been uncovered in the Motors WordPress theme, a popular choice for car dealerships and listings with over 22,000 sales on ThemeForest. Researcher Foxyyy reported a critical Privilege Escalation vulnerability through the Wordfence Bug Bounty Program,…
DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions
A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic of Korea (DPRK). This network targets remote engineering and full-stack blockchain developer roles by impersonating Polish and US nationals. The…
Critical Multer Vulnerability Puts Millions of Node.js Apps at Risk
Critical security vulnerability has been discovered in Multer, one of the most widely used Node.js middleware packages for handling file uploads. The vulnerability affects all versions from 1.4.4-lts.1 up to but not including 2.0.0, potentially exposing millions of web applications…
Windows 11 Privilege Escalation Vulnerability Let Attackers Gain Admin Access in Under 300 Milliseconds
Security researchers have uncovered a critical vulnerability in Windows 11 that allowed attackers to escalate privileges from a standard user to system-level administrator in just 300 milliseconds. The flaw, tracked as CVE-2025-24076, has been patched by Microsoft but represents a…
Microsoft Issues Urgent Patch to Resolve BitLocker Recovery Problem
Microsoft has released an emergency update to address a critical issue affecting Windows 10 devices with specific Intel processors. The update (KB5061768) fixes a problem introduced in the May 13, 2025 security update that was causing unexpected system failures and…
O2 VoLTE Flaw Allows Tracking of Customers’ Locations Through Phone Calls
Significant privacy vulnerability in O2 UK’s Voice over LTE (VoLTE) implementation was recently discovered, allowing any caller to access precise location data of call recipients. The security flaw, which exposed sensitive information through IMS (IP Multimedia Subsystem) signaling messages, has…
Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time
Socket’s Threat Research Team has uncovered a dangerous npm package named koishi-plugin-pinhaofa, masquerading as a spelling-autocorrect helper for Koishi chatbots. Marketed innocently, this plugin embeds a insidious data-exfiltration backdoor that scans every incoming message for an eight-character hexadecimal string a…
W3LL Phishing Kit Launches Active Campaign to Steal Outlook Login Credentials
Cybersecurity researchers have recently uncovered a sophisticated phishing campaign leveraging the notorious W3LL Phishing Kit. Originally identified by Group-IB in 2022, W3LL differentiates itself in the criminal ecosystem as a phishing-as-a-service (PaaS) tool, supported by a unique marketplace known as…