The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of critical vulnerabilities in various software, particularly spotlighting an unspecified vulnerability in Oracle WebLogic Server. This announcement comes as part of CISA’s efforts to enhance…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Casio Hacked – Servers Compromised by a Ransomware Attack
Casio Computer Co., Ltd. has confirmed a significant cybersecurity breach after its servers were targeted in a sophisticated ransomware attack. The incident, which occurred on October 5, prompted an immediate forensic investigation involving external security specialists. Casio deeply regrets any…
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data
Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways, such as Stripe, on compromised or fraudulent WordPress websites. By seamlessly integrating with Telegram, PhishWP facilitates…
Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages
Over the past year, malicious actors have been abusing OAST services for data exfiltration, C2 channel establishment, and multi-stage attacks by leveraging compromised JavaScript, Python, and Ruby packages. OAST tools, initially designed for ethical researchers to perform network interactions, can…
New FireScam Android Malware Abusing Firebase Services To Evade Detection
FireScam is multi-stage malware disguised as a fake “Telegram Premium” app that steals data and maintains persistence on compromised devices and leverages phishing websites to distribute its payload and infiltrate Android devices. It is Android malware disguised as a fake…
EAGERBEE Malware Updated It’s Arsenal With Payloads & Command Shells
The Kaspersky researchers investigation into the EAGERBEE backdoor revealed its deployment within Middle Eastern ISPs and government entities of novel components, including a service injector that injects the backdoor into running services. Post-installation, EAGERBEE deploys plugins with diverse functionalities as…
Hackers Mimic Social Security Administration To Deliver ConnectWise RAT
A phishing campaign spoofing the United States Social Security Administration emerged in September 2024, delivering emails with embedded links to a ConnectWise Remote Access Trojan (RAT) installer. These emails, disguised as updated benefits statements, employed various techniques, including mismatched links…
Android Security Updates: Patch for Critical RCE Vulnerabilities
The January 2025 Android Security Bulletin has issued important updates regarding critical vulnerabilities that affect Android devices. Users are urged to ensure their devices are updated to the latest security patch level, which as per the bulletin, should be 2025-01-05…
India’s Draft Digital Personal Data Protection Rules
India has unveiled its draft Digital Personal Data Protection Rules, designed to operationalize the Digital Personal Data Protection Act, 2023 (DPDP Act). As the nation strides forward in the digital age, these rules are pivotal in creating a framework that…
Hackers Compromised Argentina’s Airport Security Payroll System
Hackers have successfully infiltrated Argentina’s Airport Security Police (PSA) payroll system, raising alarms about the safety of sensitive personnel information. This incident has revealed significant vulnerabilities in employee data management, as attackers accessed confidential salary records and tampered with pay…