Aggregator

A vulnerability has been found in ABB AC500 V3 up to 3.7.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2024-12429. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Link Whisper Free Plugin up to 0.7.7 on WordPress. This issue affects some unknown processing. The manipulation leads to file and directory information exposure. The identification of this vulnerability is CVE-2025-22306. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in FilaThemes Education LMS Plugin up to 0.0.7 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-22334. It is possible to launch the attack remotely. There is no exploit available.

X0Frankenstein Claims to have Leaked the Data of Health Pantry

Новая разработка готова к использованию в реальных боевых задачах.

Sunflower Medical Group Has Been Claimed a Victim to RHYSIDA Ransomware

The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.

Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways, such as Stripe, on compromised or fraudulent WordPress websites.  By seamlessly integrating with Telegram, PhishWP facilitates real-time data exfiltration, including credit card details, personal information, and even 3DS authentication codes.  This […]

The post New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI

Lake Shore Public Schools Has Been Claimed a Victim to 8BASE Ransomware

在最坚硬的石头上刻一朵小花

在最坚硬的石头上刻一朵小花

在最坚硬的石头上刻一朵小花

在最坚硬的石头上刻一朵小花

A vulnerability classified as problematic was found in themebon Ultimate Image Hover Effects Plugin up to 1.1.2 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-22585. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Joomla up to 3.10.19/4.4.9/5.2.2. This affects an unknown part of the component View Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-40749. The attack needs to be initiated within the local network. There is no exploit available.

StarsX Team Defaced Four Different Websites

Eclypsium Report Describes BIOS/UEFI Issues in Illumina iSeq 100 Firmware
Certain vulnerabilities in device maker Illumina's iSeq 100 DNA gene sequencer could allow hackers to overwrite the system's firmware to render the device unusable or to install a firmware implant for ongoing attacker persistence, said researchers at Eclypsium who identified the flaws.

Unified Extended Access Management Platform Gains Key Integrations and Workflows
The addition of Trelica allows 1Password to accelerate its extended access management roadmap by 18 months. The acquisition emphasizes simplicity for end users while unifying SaaS visibility, device management and identity security under a single solution.