Over 100,000 WordPress Sites Exposed to Privilege Escalation via MCP AI Engine
The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed on over 100,000 WordPress websites.…
Category: GBHackers
Silver Fox APT Uses Weaponized Medical Software to Deploy Remote Access Tools and Disable AV
The China-based advanced persistent threat (APT) group Silver Fox, also known as Void Arachne or The Great Thief of Valley, has been identified as the…
Gamers Targeted! Fake Minecraft Mods Enable Attackers to Take Control of Your System
Minecraft, the wildly popular sandbox game with over 200 million monthly active players, has become the latest hunting ground for cybercriminals. Check Point Research recently…
Qilin Ransomware Rises as Major Threat, Demanding $50M in Ransom
The global cybersecurity landscape is facing a seismic shift as the Qilin ransomware group, also known as Agenda, has surged to the forefront of digital…
Viasat Targeted in Cyberattack by Salt Typhoon APT Group
Viasat Inc., a leading U.S. satellite and wireless communications provider, has been identified as the latest victim in a sweeping cyberespionage campaign attributed to the…
Android Spyware SpyNote Masquerading as Google Translate Found in Open Directories
Our team stumbled upon a disturbing array of SpyNote spyware samples lurking in open directories across the internet. These misconfigured digital repositories, often overlooked as…
Krispy Kreme Data Breach Exposes Customer Personal Information
Krispy Kreme Doughnut Corporation has confirmed a significant data breach that exposed the personal information of over 160,000 individuals following a ransomware attack in late…
jQuery Migrate Library Compromised to Steal Logins via Parrot Traffic Direction System
Security researchers from the Trellix Advanced Research Centre have uncovered a sophisticated malware campaign exploiting the widely trusted jQuery Migrate library, a backward compatibility plugin…
Hackers Deploy Amatera Stealer Using Advanced Web Injection and Anti-Analysis Techniques
Proofpoint has uncovered a rebranded and significantly enhanced information stealer named Amatera Stealer, derived from the previously known ACR Stealer. Identified in early 2025, this…
Hackers Use VBScript Files to Deploy Masslogger Credential Stealer Malware
Seqrite Labs has uncovered a sophisticated variant of the Masslogger credential stealer malware being distributed through VBScript Encoded (.VBE) files. This advanced threat, which likely…
How Attackers Gain Control of Federation Server’s Private Key
The Golden SAML assault is a lesser-known but much more dangerous threat in a world where password-based hacks breach millions of accounts every month. Unlike…
Sophisticated Phishing Attack Uses ASP Pages to Target Prominent Russia Critics -Google
Google Threat Intelligence Group (GTIG), in collaboration with external partners, has uncovered a sophisticated phishing campaign orchestrated by a Russia state-sponsored cyber threat actor, tracked…