A recent malware distribution scheme has been uncovered on SourceForge, the popular software hosting and distribution platform. Cybercriminals have leveraged SourceForge’s subdomain feature to deceive users with fake downloads of software applications, embedding malicious files into the infection chain. This…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Shopware Security Plugin Vulnerability Enables SQL Injection Attacks
A recently disclosed SQL injection vulnerability in older versions of the Shopware platform has raised concerns among online shop operators. Although Shopware has addressed the issue in its latest release (version 6.5.8.13), it has been revealed that the fix provided…
Hackers Conceal NFC Carders Behind Apple Pay and Google Wallet
In a disturbing evolution of financial fraud, cybercriminals are leveraging advanced techniques to exploit mobile payment systems such as Apple Pay and Google Wallet. Once reliant on magnetic stripe card cloning, fraudsters have adapted to breakthroughs in card security technology…
Vidar Stealer Uses New Deception Technique to Hijack Browser Cookies and Stored Credentials
Vidar Stealer a notorious information-stealing malware has adopted a deceptive method to disguise itself as Microsoft’s BGInfo application. By exploiting a legitimate tool widely used by IT professionals to display system details, attackers have demonstrated advanced techniques to evade detection…
Zoom Workplace Apps Vulnerability Enables Malicious Script Injection Through XSS Flaws
A newly disclosed vulnerability in Zoom Workplace Apps (tracked as CVE-2025-27441 and CVE-2025-27442) allows attackers to inject malicious scripts via cross-site scripting (XSS) flaws, posing risks to millions of users globally. The medium-severity vulnerability, with a CVSS score of 4.6,…
Fortinet Warns of Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products
Fortinet has revealed and resolved several vulnerabilities within its range of products, such as FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiVoice, FortiWeb, and FortiSwitch. These weaknesses vary from inadequate filtering of log outputs to unconfirmed password modifications and poorly secured credentials. The…
Ivanti Released Security Update With The Fixes for Critical Endpoint Manager RCE Vulnerabilities
Ivanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing multiple vulnerabilities in its Endpoint Manager (EPM) products. The updates for EPM 2024 SU1 and EPM 2022 SU7 resolve six critical and medium-severity flaws that could…
CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in CrushFTP, a popular file transfer server solution. Identified as CVE-2025-31161, the vulnerability allows attackers to bypass authentication, posing significant risks to organizations relying…
Over 5,000 Ivanti Connect Secure Devices Exposed to RCE Vulnerabilities
Over 5,000 Ivanti Connect Secure devices remain vulnerable to a critical remote code execution (RCE) flaw, according to data from the Shadowserver Foundation. The vulnerability, tracked as CVE-2025-22457, stems from a stack-based buffer overflow issue, enabling unauthenticated attackers to execute arbitrary…
Threat Actors Exploit CI/CD Environments to Gain Unauthorized Access to Restricted Resources
Recent research by Unit 42 highlights critical vulnerabilities in the use of OpenID Connect (OIDC) within continuous integration and continuous deployment (CI/CD) environments. OIDC, an extension of the OAuth protocol, is widely adopted for secure authentication and authorization, playing a…