Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Law enforcement agencies have successfully dismantled a clandestine communication platform known as “Ghost,” which was used by cybercriminals to coordinate illicit activities. This significant crackdown resulted in the arrest of 12 key suspects, marking a major victory in the fight…

Read more →

A severe vulnerability in Splunk Enterprise and Splunk Cloud Platform has been identified, allowing for Remote Code Execution (RCE) via file uploads. This exploit can be triggered by a low-privileged user, highlighting significant security risks for affected organizations. Vulnerability Overview:…

Read more →

A Pakistan-based Advanced Persistent Threat (APT) group, likely APT36, has launched a multi-platform cyberattack campaign targeting Indian users through a fraudulent website impersonating the Indian Post Office. The attack, discovered by CYFIRMA researchers, exploits both Windows and Android vulnerabilities, demonstrating…

Read more →

In a significant escalation of illicit activities, B1ack’s Stash, a notorious dark web carding marketplace, has announced plans to release an additional 4 million stolen credit card records for free. This move is part of a broader strategy to attract…

Read more →

Security researchers Dylan Tran and Jimmy Bayne have unveiled a new fileless lateral movement technique that exploits trapped Component Object Model (COM) objects in Windows systems. This method, based on research by James Forshaw of Google Project Zero, allows attackers…

Read more →

In a concerning development for cybersecurity professionals, threat actors are increasingly utilizing a powerful tool called Atlantis AIO to automate and scale credential stuffing attacks across more than 140 platforms. This multi-checker tool, designed to exploit stolen user credentials, has…

Read more →

A new malware strain called IOCONTROL has emerged, posing a significant threat to Internet of Things (IoT) devices and operational technology (OT) systems, particularly those in critical infrastructure. First observed in December 2024, IOCONTROL is allegedly created by the anti-Israeli…

Read more →

Nozomi Networks Labs has uncovered four severe vulnerabilities in the Inaba Denki Sangyo Co., Ltd. IB-MCT001, a camera widely used in Japanese production plants for recording production stoppages. These security flaws, which remain unpatched, pose significant risks to industrial environments,…

Read more →

A new wave of cyberattacks is targeting YouTube creators, leveraging fake brand collaboration offers to distribute malware. Cybersecurity firm CloudSEK has uncovered a sophisticated phishing campaign that employs the “Clickflix” technique to deceive content creators and compromise their systems. The…

Read more →

Trend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework. The vulnerability, dubbed MSC EvilTwin (CVE-2025-26633), allows attackers to execute malicious code on infected machines.…

Read more →

Both CrushFTP, a popular file transfer technology, and Next.js, a widely used React framework for building web applications, have come under scrutiny due to significant vulnerabilities. Rapid7 has highlighted these issues, emphasizing their potential impact on data security and unauthorized…

Read more →

Cloudflare experienced a significant service outage that affected several of its key offerings, including R2 object storage, Cache Reserve, Images, Log Delivery, Stream, and Vectorize. The incident, which lasted 1 hour and 7 minutes, was traced back to a faulty…

Read more →

Users of the Veeam Backup Server have encountered a significant issue following the Windows 11 24H2 update. Specifically, the update has disrupted the connection between Veeam Recovery Media and the Veeam Backup Server. This problem affects users who have created…

Read more →

Researchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab, specifically targeting industrial systems associated with ORPAK, a company involved in gas stations and oil transportation. The malware, which was uploaded to VirusTotal in January 2024 from the…

Read more →

In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and…

Read more →

A recent snag in Google’s Chrome distribution process has left Windows users unable to install the browser on their Intel and AMD systems. The issue, first reported by Windows Latest on March 25, arises when users attempt to run the ChromeSetup.exe file,…

Read more →

In a significant development, cybersecurity firm Silent Push has identified nearly 200 unique command and control (C2) domains associated with the Raspberry Robin malware. This discovery sheds new light on the infrastructure used by this sophisticated threat actor group, which…

Read more →

A critical vulnerability has been identified in NetApp’s SnapCenter Server, affecting versions before 6.0.1P1 and 6.1P1. This flaw allows an authenticated SnapCenter Server user to potentially escalate their privileges to admin on remote systems where SnapCenter plug-ins are installed. The…

Read more →

Security researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as “Black Banshee.” The group, active since at least 2012, has been observed employing advanced tactics and malicious scripts in their latest…

Read more →

A recent investigation has revealed that several Clevo-based devices are vulnerable due to a leak of Boot Guard private keys. This vulnerability was first reported on the Win-Raid forum and involves firmware updates containing sensitive Boot Guard Key Manifest (KM)…

Read more →

The cybersecurity world has been abuzz with reports of widespread reboots affecting DrayTek routers across the globe. While the exact cause of these reboots remains largely unconfirmed, GreyNoise has brought to light significant in-the-wild exploitation of several known vulnerabilities in…

Read more →

A recent analysis by Rhino Security Labs has uncovered a series of critical vulnerabilities in the Appsmith developer tool, a platform used for building internal applications such as dashboards and customer support tools. The most severe of these vulnerabilities is…

Read more →

Google has released an urgent update for its Chrome browser to patch a zero-day vulnerability known as CVE-2025-2783. This vulnerability has been actively exploited in targeted attacks, utilizing sophisticated malware to bypass Chrome’s sandbox protections.  The update, version 134.0.6998.177 for…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) released four significant Industrial Control Systems (ICS) advisories, drawing attention to potential security risks and vulnerabilities affecting various industrial control equipment. These advisories underscore the imperative for prompt action to mitigate these threats,…

Read more →

A new zero-day vulnerability has been discovered in Windows, impacting all versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into…

Read more →

The cybersecurity landscape in 2024 witnessed a significant escalation in AI-related threats, with malicious actors increasingly targeting and exploiting large language models (LLMs). According to KELA’s annual “State of Cybercrime” report, discussions about exploiting popular LLMs such as ChatGPT, Copilot,…

Read more →

In the second half of 2024, cybercriminals have increasingly leveraged legitimate Microsoft tools and browser extensions to bypass security measures and deliver malware, according to Ontinue’s latest Threat Intelligence Report. Threat actors are exploiting built-in Microsoft features like Quick Assist…

Read more →

A sophisticated phishing campaign, recently identified by LayerX Labs, has shifted its focus from Windows users to Mac users in response to enhanced security measures implemented by major browsers. Initially, this campaign targeted Windows users by masquerading as Microsoft security…

Read more →

Menlo Park, United States, March 25th, 2025, CyberNewsWire FinTech and Communications Leader, IDT Corporation partners with AccuKnox to deploy runtime security-powered CNAPP (Cloud Native Application Protection Platform) for IoT/Edge Security. AccuKnox, Inc., announced that Telecom and FinTech Leader IDT Corporation has partnered with AccuKnox…

Read more →

Researchers have introduced ARACNE, a fully autonomous Large Language Model (LLM)-based pentesting agent designed to interact with SSH services on real Linux shell systems. ARACNE is engineered to execute commands autonomously, marking a significant advancement in the automation of cybersecurity…

Read more →

Security researcher Nick Cerne from Bishop Fox has published findings comparing malware development in Rust versus traditional C/C++ languages. The research demonstrates how Rust provides inherent anti-analysis features that make malware more difficult to reverse engineer. According to Cerne’s analysis,…

Read more →

In 2024, the number of users affected by mobile banking malware skyrocketed to nearly 248,000, a staggering 3.6-fold increase from the previous year’s 69,000 affected users. This dramatic rise in malicious activity was particularly pronounced in the latter half of…

Read more →

SnakeKeylogger, a sophisticated multistage malware, has emerged as a significant threat to both individuals and businesses by targeting sensitive login credentials. This malware campaign is characterized by its stealthy in-memory execution and multi-stage infection chain, making it challenging to detect.…

Read more →

CAPE, derived from Cuckoo v1, is a sophisticated malware sandbox designed to execute malicious files in an isolated environment while capturing their dynamic behavior and collecting forensic artifacts. This platform enhances Cuckoo’s capabilities by incorporating automated dynamic malware unpacking, YARA-based…

Read more →

A recent discovery by the McAfee Mobile Research Team has highlighted a new wave of Android malware campaigns that utilize the .NET MAUI cross-platform framework to evade detection. This framework, introduced by Microsoft as a replacement for Xamarin, allows developers…

Read more →

Alisa Viejo, United States, March 25th, 2025, CyberNewsWire One Identity, a leader in unified identity security, today announced that One Identity Active Roles has been named a winner in the Hybrid Active Directory Protection category of the 2025 Cybersecurity Excellence Awards. This…

Read more →

Ramat Gan, Israel, March 25th, 2025, CyberNewsWire CYREBRO, the AI-native Managed Detection and Response (MDR), today announced its recognition as a leading detection and response startup in the Gartner report, Emerging Tech: Techscape for Detection and Response Startups. This acknowledgment…

Read more →

Tel Aviv, Israel, March 25th, 2025, CyberNewsWire ARMO CADR minimizes the cloud attack surface, detects and responds to unknown and known cyberattacks while ensuring business continuity, combining the power of CDR and ADR solutions ARMO, the leading Cloud Runtime Security company…

Read more →

A sophisticated phishing campaign has been uncovered by Silent Push threat analysts, employing the browser-in-the-browser (BitB) technique to target gamers, particularly those playing Counter-Strike 2 on the Steam platform. This campaign involves creating fake but realistic browser pop-up windows that…

Read more →

Researchers from Reversing Labs have identified two malicious Visual Studio Code (VS Code) extensions that are distributing ransomware to unsuspecting developers. The extensions, named “ahban.shiba” and “ahban.cychelloworld,” are currently under development and pose a significant threat to users who install…

Read more →

A recent cybersecurity investigation has uncovered a previously unidentified Command and Control (C2) framework, dubbed Specter Insight C2. This discovery was made by a team of researchers who have been analyzing recent hacking campaigns, including those utilizing ClickFix tactics, as per a report…

Read more →

Security Onion, a widely used open-source platform for network security monitoring, has recently released Security Onion 2.4.140. This latest update focuses on enhancing key components such as Suricata and Zeek, offering improved security and functionality to its users. Below is…

Read more →

Microsoft has launched an expanded version of its Security Copilot platform, now equipped with advanced AI agents. These agents are designed to autonomously handle critical security tasks such as phishing detection, data security, and identity management, revolutionizing how organizations protect…

Read more →

The National Institute of Standards and Technology (NIST) recently issued an update on its efforts to manage the backlog of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD). While NIST has regained its pre-summer 2024 processing speed…

Read more →

A sophisticated malware campaign has been uncovered by Cyble, targeting Polish-speaking developers with fake coding challenges. This campaign, known as “FizzBuzz to FogDoor,” exploits job seekers by disguising malware as legitimate recruitment tests on GitHub. The attackers use a GitHub…

Read more →

Rilide, a sophisticated malware, has been masquerading as a legitimate browser extension to steal sensitive information from users of Chromium-based browsers like Google Chrome and Microsoft Edge. First identified in April 2023, this malware is designed to capture screenshots, log…

Read more →

The Ukrainian State Railways, known as Ukrzaliznytsia, has experienced a massive disruption to its online services. The railway company issued a statement acknowledging an IT failure, which has temporarily suspended all online operations, impacting ticket sales and other digital services.…

Read more →

Linus Torvalds released the Linux 6.14 kernel today after an unexpected quiet day yesterday, marking a new milestone in the Linux ecosystem. This version is set to power several upcoming Linux distribution releases, including Ubuntu 25.04 and Fedora 42. Linux…

Read more →

The FBI Denver Field Office has sounded the alarm about a burgeoning scam involving purportedly free online document converter tools. This scam, which has gained traction globally, sees cybercriminals harnessing these tools to spread malware, leading to severe consequences such…

Read more →

A series of remote code execution (RCE) vulnerabilities known as “IngressNightmare” have been discovered in the Ingress NGINX Controller for Kubernetes. These vulnerabilities, identified as CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974, pose a critical threat to Kubernetes clusters, allowing attackers to gain unauthorized access to…

Read more →

A recent report from Trend Micro has revealed that a new variant of the Albabat ransomware now targets Linux and macOS platforms, marking a significant expansion in its capabilities. Previously limited to Windows systems, this updated strain demonstrates the evolving…

Read more →

A new phishing campaign targeting Japanese Pocket Card users has been uncovered by Symantec. The attackers are employing sophisticated tactics to deceive cardholders into divulging their login credentials, potentially compromising their financial accounts. Japanese Cardholders at Risk of Credential Theft…

Read more →

In a recent cybersecurity threat, hackers have been using fake Semrush ads to target Google account credentials. This campaign involves creating malicious ads that impersonate Semrush, a popular SEO and advertising platform used by many businesses, including 40% of Fortune…

Read more →

A recent development in Linux kernel security has led to the creation of a Rust-based kernel module designed to detect rootkits, a type of malware that can hide itself and other malicious activities from system administrators. This project, part of…

Read more →

Cary, NC, March 24th, 2025, CyberNewsWire INE Security, a global provider of cybersecurity training and certification, today announced its initiative to spotlight the increasing cyber threats targeting healthcare institutions. In recognition of National Physicians Week 2025, the company is drawing attention…

Read more →

A recent investigation by Group-IB has shed light on a notorious cybercriminal operating under multiple aliases, including ALTDOS, DESORDEN, GHOSTR, and 0mid16B. This individual was responsible for over 90 data breaches globally, primarily targeting companies in Asia and other regions.…

Read more →

The rapid expansion of low-Earth orbit (LEO) satellite constellations has underscored the need for secure video transmission in satellite communication systems. Applications such as remote sensing, disaster relief, and secure information exchange rely heavily on video data, which is increasingly…

Read more →

Clio is a cutting-edge, secure logging platform designed specifically for red team operations and security assessments. This collaborative tool offers real-time logging capabilities, allowing multiple users to view and edit logs simultaneously. It incorporates a row-level locking mechanism to prevent…

Read more →

CleanStack is a novel stack protection mechanism designed to combat memory corruption attacks, which have long been a significant threat to software systems. These attacks exploit vulnerabilities in low-level languages like C/C++ to execute arbitrary code or manipulate memory operations.…

Read more →

An INTERPOL-led operation, dubbed “Operation Red Card,” has resulted in the arrest of over 306 individuals suspected of involvement in various cyber crimes across seven African countries. This operation, conducted from November 2024 to February 2025, targeted mobile banking, investment,…

Read more →

VanHelsingRaaS, a newly launched ransomware-as-a-service (RaaS) program, has quickly gained traction in the cybercrime ecosystem. Introduced on March 7, 2025, this RaaS platform offers affiliates a cross-platform ransomware tool capable of targeting diverse systems, including Linux, BSD, ARM architectures, and…

Read more →

The Federal Communications Commission (FCC) has initiated a new investigation into Chinese entities previously identified as national security risks to ensure these companies are not circumventing U.S. regulations. FCC Chairman Brendan Carr announced the move today as the first major…

Read more →

A recent cyber espionage operation by a China-nexus threat actor, dubbed “Weaver Ant,” has been uncovered by Sygnia, a cybersecurity firm. This sophisticated threat actor targeted a major telecommunications company in Asia, utilizing web shells and tunneling techniques to maintain…

Read more →

A critical vulnerability in the popular WordPress plugin GamiPress has been uncovered, leaving users exposed to unauthenticated SQL injection attacks. The issue, assigned the identifier CVE-2024-13496, carries a high CVSS 3.1 score of 7.5, indicating significant potential for exploitation. CVE-2024-13496…

Read more →

Google has recently rolled out a critical security update for its Chrome browser, addressing vulnerabilities that could potentially allow attackers to execute arbitrary code. This update is part of a broader effort to ensure user safety in an increasingly threat-ridden…

Read more →

North Korea has taken a significant step in enhancing its cyber warfare capabilities by establishing a new research center, known as Research Center 227, under the military’s Reconnaissance General Bureau (RGB). This move is part of a broader strategy to…

Read more →

A new strain of malware, known as SvcStealer, has emerged as a significant threat in the cybersecurity landscape. This malware is primarily delivered through spear phishing attacks, where malicious attachments are sent via email to unsuspecting victims. The SvcStealer campaign…

Read more →

Cloudflare has unveiled AI Labyrinth, an innovative platform designed to combat AI-powered bots that relentlessly crawl and scrape data from websites without permission. By employing AI-generated content, AI Labyrinth cleverly slows down and misdirects these bots, safeguarding legitimate websites while enhancing…

Read more →

A critical security vulnerability has been discovered in the popular WordPress plugin, WP Ghost, which boasts over 200,000 active installations. This flaw, tracked as CVE-2025-26909, concerns an unauthenticated Local File Inclusion (LFI) vulnerability that could potentially lead to Remote Code…

Read more →

Chinese tech giant Baidu has faced severe scrutiny after allegations emerged that a top executive’s teenage daughter had accessed and shared personal details of internet users online. The incident has raised significant concerns about data privacy and security at one…

Read more →

A severe vulnerability has been identified in Next.js, a popular React framework used for building web applications, under the designation CVE-2025-29927. This critical flaw allows attackers to bypass security controls implemented by middleware, posing significant risks to authentication, authorization, and…

Read more →

Cloudflare has introduced a groundbreaking browser-based Remote Desktop Protocol (RDP) solution. This innovative tool allows users to securely access Windows servers directly from their web browsers, eliminating the need for native RDP clients or VPNs. Cloudflare’s browser-based RDP solution is…

Read more →

A recent phishing campaign uncovered by the Cofense Phishing Defense Center (PDC) has been exploiting fake Meta emails to deceive users into surrendering their Meta Business account credentials. The attackers initiate the phishing attempt by sending fraudulent emails disguised as…

Read more →

JumpServer, a widely used open-source Privileged Access Management (PAM) tool developed by Fit2Cloud, has been found to have critical security vulnerabilities. These flaws, recently highlighted by SonarSource’s vulnerability research team, allow attackers to bypass authentication and potentially gain full control…

Read more →

A recent article by Noah Gregory has highlighted a significant vulnerability in macOS, identified as CVE-2024-54471, which was patched in the latest security updates for macOS Sequoia 15.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1. This vulnerability could potentially expose…

Read more →

Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily…

Read more →

In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA challenges to trick users into executing malicious PowerShell commands, leading to malware infections. This tactic, highlighted in the HP Wolf Security Threat Insights Report for March…

Read more →

In a recent surge of cyber threats, threat actors have been exploiting Reddit to distribute two potent malware variants: AMOS (Atomic Stealer) and Lumma Stealer. These malware types are specifically designed to target cryptocurrency traders by offering cracked versions of…

Read more →

Recent research by Trend Micro has uncovered a significant evolution in the Albabat ransomware, which now targets not only Windows but also Linux and macOS systems. This expansion highlights the increasing sophistication of ransomware groups in exploiting multiple operating systems…

Read more →

A recent open-source investigation has uncovered one of the largest exposures of US government data to cyber threats. More than 150 government database servers are currently exposed to the internet, leaving sensitive personal and national security information at an unprecedented…

Read more →

A recent cybersecurity threat, identified as UAT-5918, has been actively targeting entities in Taiwan, particularly those in critical infrastructure sectors such as telecommunications, healthcare, and information technology. This advanced persistent threat (APT) group is believed to be motivated by establishing…

Read more →

A concerning development has emerged with the active exploitation of Apache Tomcat servers through the recently disclosed vulnerability, CVE-2025-24813. This vulnerability allows attackers to potentially execute remote code (RCE) if successfully exploited. The cybersecurity firm GreyNoise has identified multiple IPs…

Read more →

Researchers uncovered critical Remote Code Execution (RCE) vulnerabilities in the Veeam Backup & Replication solution. These vulnerabilities, which include CVE-2025-23120, exploit weaknesses in deserialization mechanisms, potentially allowing any domain user to gain SYSTEM access to Veeam backup servers. This is…

Read more →

In a recent analysis by Elastic Security Labs, a malicious driver known as ABYSSWORKER has been identified as a key component in the MEDUSA ransomware attack chain. This driver is specifically designed to disable endpoint detection and response (EDR) systems,…

Read more →

In a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to…

Read more →

The cybersecurity landscape has been recently disrupted by the emergence of the VanHelsing ransomware, a sophisticated strain identified by the CYFIRMA Research and Advisory Team. This ransomware targets Windows systems, employing advanced encryption techniques and appending a unique “.vanhelsing” extension…

Read more →

Tech giant Apple has found itself at the center of a new legal battle after a class-action lawsuit was filed in the U.S. District Court in San Jose. The suit accuses Apple of false advertising and unfair competition related to…

Read more →

Caido has unveiled version 0.47.0 of its web pentesting tool, cementing its position as a robust alternative to Burp Suite. This release is marked by several key enhancements that improve user experience and expand the tool’s capabilities in web application…

Read more →

Infosys, a leading IT services company, has announced that it has reached an agreement in principle to settle a series of class action lawsuits related to a data breach incident involving its subsidiary, Infosys McCamish Systems LLC. The proposed settlement…

Read more →

A recent vulnerability in Apache Tomcat, identified as CVE-2025-24813, has sparked concerns among cybersecurity professionals due to its potential for exploitation in unauthenticated remote code execution (RCE), severe information leakage, and malicious content injection. This vulnerability was publicly disclosed on…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories related to vulnerabilities and exploits affecting Industrial Control Systems (ICS). These advisories highlight significant security issues across various industrial equipment and software, underscoring users’ and administrators’ need for immediate…

Read more →

Cloudflare has announced that it will shift its APIs to HTTPS-only connections, effectively closing all HTTP ports. This strategic decision aims to protect sensitive data from being intercepted by unauthorized parties during transmission. The change marks a crucial step forward…

Read more →

A new malware campaign has been uncovered, involving a sophisticated stealer known as Arcane, which is distributed through YouTube videos promoting game cheats. This campaign highlights the evolving tactics of cybercriminals, who continue to exploit popular platforms to spread malware.…

Read more →

Symantec’s Threat Hunter team has identified a sophisticated custom backdoor named “Betruger” linked to a RansomHub affiliate. This newly discovered backdoor appears to be purpose-built for ransomware operations, consolidating multiple attack functions into a single tool, likely to minimize the…

Read more →

A recent cybersecurity threat has been identified, where steganographic malware is being distributed through seemingly innocuous JPEG image files. This sophisticated campaign involves luring users into downloading obfuscated JPEG files that contain hidden malicious scripts and executables. Once these files…

Read more →

A recent investigation by cybersecurity firm Nisos has uncovered a coordinated effort by North Korean IT workers to exploit GitHub for creating fake personas, enabling them to secure remote jobs in Japan and the United States. These individuals, posing as…

Read more →

Dragon RaaS, a ransomware group known for its blend of hacktivism and cybercrime, has emerged as a significant player in the “Five Families” crimeware syndicate. This group, which includes ThreatSec, GhostSec, Blackforums, and SiegedSec, has been making waves since its…

Read more →

Menlo Security, a leader in Secure Enterprise Browsers, has released its annual State of Browser Security Report, revealing a sharp rise in browser-based cyberattacks. The report highlights a 130% surge in zero-hour phishing attacks and a significant increase in the…

Read more →

Recent reports indicate that hackers are actively trying to exploit two critical vulnerabilities in the Cisco Smart Licensing Utility. These vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, were disclosed by Cisco in September. The first vulnerability involves a static credential issue,…

Read more →

A significant malware operation, dubbed “DollyWay,” has been uncovered by GoDaddy Security researchers, revealing a sophisticated campaign that has compromised over 20,000 WordPress sites globally. This operation, which began in 2016, leverages a distributed network of compromised WordPress sites as…

Read more →