Aggregator

A vulnerability was found in WP AdCenter Plugin up to 2.5.7 on WordPress. It has been classified as problematic. This affects the function wpadcenter_ad of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10113. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tripetto Plugin up to 8.0.3 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Form File Upload. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-10260. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in WP Activity Log Plugin up to 5.2.1 on WordPress. It has been rated as problematic. This issue affects the function User_id. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-10793. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Hide My WP Ghost Plugin up to 5.3.01 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10825. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Microsoft Edge. Affected by this issue is some unknown functionality. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is handled as CVE-2024-49025. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver Fox, has been uncovered, targeting healthcare services in North America. The attackers exploited Philips DICOM Viewer software to deploy malicious payloads, including a backdoor remote access tool (RAT), a keylogger, and a crypto miner. This campaign highlights the evolving tactics of […]

The post Silver Fox APT Hackers Target Healthcare Services to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group has been detected, targeting government and military entities in Ukraine and opposition groups in Belarus. The campaign, active since late 2024, employs weaponized Excel (XLS) files embedded with malicious macros to deliver malware payloads, underscoring the evolving sophistication of state-sponsored cyber-espionage […]

The post Ghostwriter Malware Targets Government Organizations with Weaponized XLS File appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The UK's Southern Water has been forced to shell out millions due to a Black Basta cyberattack, and it has come to light that the total could include a ransom payment.

The LCRYX ransomware, a malicious VBScript-based threat, has re-emerged in February 2025 after its initial appearance in November 2024. Known for encrypting files with the .lcryx extension and demanding $500 in Bitcoin for decryption, this ransomware has evolved with advanced techniques to lock down Windows systems and evade detection. Disabling System Tools and Elevating Privileges […]

The post LCRYX Ransomware Attacks Windows Machines by Blocking Registry Editor and Task Manager appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in tsMuxer nightly-2024-03-14-01-51-12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component MKV Video File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-49777. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Jobs for WordPress Plugin up to 2.7.7 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10104. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Virtuozzo Hybrid Server 1.7.1. Affected by this vulnerability is an unknown functionality. The manipulation of the argument hostname leads to cross site scripting. This vulnerability is known as CVE-2024-40579. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in unclebob FitNesse 20220319. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-39610. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in tsMuxer nightly-2024-05-12-02-01-18. This affects an unknown part of the component MOV Video File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-49778. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in tsMuxer nightly-2024-03-14-01-51-12 and classified as critical. This vulnerability affects unknown code of the component MOV Video File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2024-41209. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in tsMuxer nightly-2024-03-14-01-51-12 and classified as critical. This issue affects some unknown processing of the component TS Video File Handler. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-41206. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in FraudLabs Pro SMS Verification Plugin up to 1.10.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-51688. The attack may be launched remotely. There is no exploit available.

Recent cybersecurity investigations have uncovered a sophisticated technique employed by threat actors to evade detection during malware distribution. Attackers are leveraging ephemeral port 60102, typically reserved for temporary communications, as a service port for covert malware transmission. This approach bypasses traditional monitoring systems, which often focus on scanning standard service ports such as 80 or […]

The post Threat Actors Using Ephemeral Port 60102 for Covert Malware Communications appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.