Aggregator

The State Bar of Texas has confirmed a data breach following the detection of unauthorized activity on its network earlier this year. According to an official notice, the breach occurred between January 28, 2025, and February 9, 2025, during which an unauthorized actor gained access to sensitive information stored on the organization’s systems. The intrusion […]

The post State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

As the United States approaches Tax Day on April 15, cybersecurity experts have uncovered a series of sophisticated phishing campaigns leveraging tax-related themes to exploit unsuspecting users. Microsoft has identified these campaigns as employing advanced redirection techniques such as URL shorteners and QR codes embedded in malicious attachments to evade detection. By abusing legitimate services […]

The post Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

​Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. [...]

A sophisticated browser-based malware delivery method, dubbed ClickFix, has emerged as a significant threat to cybersecurity. Leveraging deceptive prompts like “Fix Now” and “Bot Verification,” ClickFix tricks users into executing malicious commands by exploiting familiar system actions. This technique bypasses conventional download workflows, relying on clipboard hijacking and user interaction to stage and execute malware. […]

The post Beware of Clickfix: ‘Fix Now’ and ‘Bot Verification’ Lures Deliver and Execute Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The release of DeepSeek-R1, a 671-billion-parameter large language model (LLM), has sparked significant interest due to its innovative use of Chain-of-Thought (CoT) reasoning. CoT reasoning enables the model to break down complex problems into intermediate steps, enhancing performance on tasks such as mathematical problem-solving. However, this transparency comes with unintended vulnerabilities. By explicitly sharing its […]

The post DeepSeek-R1 Prompts Abused to Generate Advanced Malware and Phishing Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike conventional supply chain attacks that rely on deception or typosquatting, disgrasya was overtly malicious, leveraging PyPI as a distribution platform to reach a broad audience of fraudsters. The package specifically […]

The post Malicious PyPI Package Targets E-commerce Sites with Automated Carding Script appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly discovered credit card skimming campaign, dubbed “RolandSkimmer,” is exploiting browser extensions to exfiltrate sensitive financial data. This advanced malware has been observed targeting users primarily in Bulgaria and operates across popular web browsers, including Chrome, Edge, and Firefox. The campaign leverages deceptive techniques to establish persistence, evade detection, and steal payment information. Attack […]

The post New Credit Card Skimming Campaign Uses Browser Extensions to Steal Financial Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Drive Products Falls Victim to INTERLOCK Ransomware: 1690 GB of Sensitive Data Exfiltrated

前言 CVE-2021-3156 是 sudo 的一个堆溢出漏洞，可以用来进行本地提权。 漏洞影响版本为 1.8.2-1.8.31sp12, 1.9.0-1.9.5sp1，sudo >=1.9.5sp2 的版本则不受影响。 环境搭建 有人制作好了 Docker 镜像，可以直接拿来用：hub.docker.com/r/chenaotian/cve-2021-3156 docker pull chenaotian/cve-2021-3156 docker run -d -ti --rm -h sudodebug --name sudodebug --cap-add=SYS_PTRACE ch...

Microsoft’s approach offers a compelling opportunity to secure AI, leverage AI-driven security tools and establish a self-reinforcing ecosystem where AI agents effectively collaborate within defined organizational boundaries

The post AI Security Got Complicated Fast. Here’s How Microsoft is Simplifying It appeared first on Security Boulevard.

Учёные придумали, как сделать Марс уютнее Земли.

A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. [...]

A vulnerability was found in Woffice CRM Plugin up to 5.4.21 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2025-2798. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MultiVendorX Plugin up to 4.2.19 on WordPress. It has been classified as critical. Affected is the function delete_table_rate_shipping_row. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-2789. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Broadstreet Plugin up to 1.51.1 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-32270. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in www.15.to QR Code Tag for WC Plugin up to 1.9.36 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-32268. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in weDevs WP Project Manager Plugin up to 2.6.22 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-32280. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Freetobook Responsive Widget Plugin up to 1.1 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-32273. It is possible to initiate the attack remotely. There is no exploit available.