DollyWay World Domination Attack Compromises 20,000+ Sites
Since 2016, the “DollyWay World Domination” campaign has quietly compromised more than 20,000 WordPress websites worldwide, exploiting vulnerabilities in plugins...
Read more →Category: GBHackers
CISA Alerts on ConnectWise ScreenConnect Authentication Vulnerability Actively Exploited
A critical improper authentication vulnerability has been discovered in ConnectWise ScreenConnect, tracked as CVE-2025-3935 and mapped to CWE-287 (Improper Authentication)....
Read more →
North Face Fashion Brand Alerts Customers to Credential Stuffing Attack
The North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following...
Read more →
Android Security Update Addresses High-Severity Privilege Escalation Flaws
The Android Security Bulletin for June 2025, published on June 2, details a series of high-severity vulnerabilities affecting a wide...
Read more →
State-Sponsored Groups Intensify Attacks on Manufacturing Sector and OT Systems
The manufacturing sector has emerged as a prime target for cyber attackers in 2024, with a staggering 71% surge in...
Read more →
Researchers Reveal Container-Based Attacks Through Host-Based Log Analysis
Cybersecurity researchers have shed light on the often-underestimated vulnerabilities in containerized environments, emphasizing the critical role of host-based log analysis...
Read more →
New Linux PumaBot Targets IoT Devices with SSH Credential Brute-Force Attack
A new and insidious threat has surfaced in the cybersecurity landscape as Darktrace’s Threat Research team uncovers PumaBot, a Go-based...
Read more →
Russian Hacker Black Owl Targets Critical Industries to Steal Financial Data
A pro-Ukrainian hacktivist group known as BO Team, also operating under aliases such as Black Owl, Lifting Zmiy, and Hoody...
Read more →
Top Russian Dark Web Market Tools Drive Surge in Credential Theft Attacks
In a chilling revelation for cybersecurity professionals, the Russian Market has solidified its position as the leading hub for stolen...
Read more →
Aembit Extends Workload IAM to Microsoft Ecosystem, Securing Hybrid Access for Non-Human Identities
Aembit, the workload identity and access management (IAM) company, today announced a major expansion of its platform to support Microsoft...
Read more →
Apple iOS Activation Flaw Enables Injection of Unauthenticated XML Payloads
A severe vulnerability in Apple’s iOS activation infrastructure has been uncovered, posing a significant risk to device security during the...
Read more →
New Safari XSS Vulnerability Exploits JavaScript Error Handling to Run Arbitrary Code
Cross-site scripting (XSS) remains one of the most persistent threats in web security, but most discussions focus on traditional vectors....
Read more →