Aggregator

Бэкдор в моделях Go1 ‒ случайность или хитрый ход Большого Брата?

Ресурс с личными данными сотрудников DOGE становится недоступным для блокировки.

A vulnerability has been found in mihail-barinov Advanced Woo Search Plugin up to 3.28 on WordPress and classified as problematic. This vulnerability affects the function aws_search_terms of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-2302. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Ultimate Dashboard Plugin up to 3.8.7 on WordPress. This affects the function handle_module_actions of the component Plugin Activation Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-2276. It is possible to initiate the attack remotely. There is no exploit available.

Editor’s note: The current article is authored by Mohamed Talaat, a cybersecurity researcher and malware analyst. You can find Mohamed on X and LinkedIn.  In this article, we’re diving into GorillaBot, a newly discovered botnet built on Mirai’s code. It’s been spotted launching hundreds of thousands of attacks across the globe, and it’s got some […]

The post GorillaBot: Technical Analysis and Code Similarities with Mirai appeared first on ANY.RUN's Cybersecurity Blog.

On Tuesday, March 25, 2025, BlackCloak released a watershed asset in executive and public persona cybersecurity: The Digital Executive Protection (DEP) Framework & Assessment Methodology - a comprehensive standard designed to address the deeply human side of cybersecurity risk.

The post The Illusion of Safety: BlackCloak’s DEP Security Framework Exposes the Devil’s Greatest Trick appeared first on Security Boulevard.

A recent cybersecurity investigation has uncovered a previously unidentified Command and Control (C2) framework, dubbed Specter Insight C2. This discovery was made by a team of researchers who have been analyzing recent hacking campaigns, including those utilizing ClickFix tactics, as per a report shared by DFIR in X. The emergence of this new tool suggests an evolution in […]

The post New Specter Insight C2 Tool Fuels ClickFix-Based Hacking Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA released four Industrial Control Systems (ICS) advisories on March 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-084-01 ABB RMC-100
• ICSA-25-084-02 Rockwell Automation Verve Asset Manager
• ICSA-25-084-03 Rockwell Automation 440G TLS-Z
• ICSA-25-084-04 Inaba Denki Sangyo CHOCO TEI WATCHER Mini 
   

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Raspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe.

Kela researchers detect a 200%+ increase in dark web chatter about malicious AI tools

A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not

Researchers from Reversing Labs have identified two malicious Visual Studio Code (VS Code) extensions that are distributing ransomware to unsuspecting developers. The extensions, named “ahban.shiba” and “ahban.cychelloworld,” are currently under development and pose a significant threat to users who install them, as per a report shared in X. VS Code, one of the most popular […]

The post Malicious VS Code Extensions Target Developers with ShibaCoin Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated phishing campaign has been uncovered by Silent Push threat analysts, employing the browser-in-the-browser (BitB) technique to target gamers, particularly those playing Counter-Strike 2 on the Steam platform. This campaign involves creating fake but realistic browser pop-up windows that mimic legitimate login pages, aiming to deceive users into divulging their Steam account credentials. The […]

The post New Phishing Attack Uses Browser-in-the-Browser Technique to Target Gamers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

根据世界气象组织发布的《2024 年全球气候状况》报告，多项气候指标创下记录。报告确认，2024 年可能是第一个比前工业时代高出 1.5°C 的日历年，全球平均近地表温度比 1850-1900 年的平均值高出了 1.55 ± 0.13 °C。2024 年是 175 年观测记录中最暖的一年。报告显示：大气中二氧化碳浓度达到了过去80万年来的最高水平。在全球范围内，过去十年中的每一年都位列有记录以来最暖的十年。在过去的八年中，每一年都创下了海洋热含量的新纪录。北极海冰面积最小的 18 个记录都出现在过去 18 年中。南极冰盖三次最小面积均出现在过去三年中。有记录以来最大的三年冰川质量损失均发生在过去三年。自有卫星测量以来，海平面上升的速率已翻了一番。