Oracle has addressed a significant security flaw in its Transparent Network Substrate (TNS) protocol, used for database communications, with the release of a patch on April 15, 2025. The vulnerability, tracked as CVE-2025-30733, could allow unauthenticated remote attackers to access…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Severe vBulletin Flaw Allows Remote Code Execution by Attackers
A newly discovered vulnerability in vBulletin, one of the world’s most popular commercial forum platforms, has highlighted the dangers of relying on method visibility for security. The flaw, affecting vBulletin versions 5.x and 6.x running on PHP 8.1 or later,…
ChatGPT-03 Exploited to Override Critical Shutdown Protocols
OpenAI’s latest and most advanced artificial intelligence model, codenamed “o3,” has sparked alarm in the AI safety community after researchers discovered it sabotaged a shutdown mechanism, even when explicitly instructed to allow itself to be turned off. The incident, reported…
Over 40 Malicious Chrome Extensions Impersonate Popular Brands to Steal Sensitive Data
Cybersecurity firm LayerX has uncovered over 40 malicious Chrome browser extensions, many of which are still available on the Google Chrome Web Store. These extensions, part of three distinct phishing campaigns, were designed to impersonate well-known and trusted applications and…
Nova Scotia Power Suffers Ransomware Attack; 280,000 Customers’ Data Compromised
Nova Scotia Power, the largest electricity provider in the province, confirmed on Friday, May 23, 2025, that it has been the victim of a sophisticated ransomware attack. The breach, first detected on April 25, was later traced back to March…
Linux 6.15 Launches with Major Performance and Hardware Upgrades
The Linux 6.15 kernel, released on May 25, 2025, marks a pivotal moment in open-source development, introducing several groundbreaking features and technical advancements. Most notably, this release debuts the first Rust-written Direct Rendering Manager (DRM) driver, NOVA, targeting NVIDIA RTX…
TA-ShadowCricket: Sophisticated Hacker Group Targeting Government and Enterprise Networks
A decade-long cyber espionage campaign orchestrated by the advanced persistent threat (APT) group TA-ShadowCricket has been exposed through a joint investigation by South Korea’s AhnLab and the National Cyber Security Center (NCSC). The group, previously identified as Shadow Force, has…
D-Link Routers Exposed by Hard-Coded Telnet Credential
A recently disclosed vulnerability (CVE-2025-46176) exposes critical security flaws in D-Link’s DIR-605L and DIR-816L routers, revealing hardcoded Telnet credentials that enable remote command execution. The vulnerability affects firmware versions 2.13B01 (DIR-605L) and 2.06B01 (DIR-816L), scoring 6.5 on the CVSS v3.1…
Bitwarden Flaw Allows Upload of Malicious PDFs, Posing Security Risk
A serious security vulnerability has been identified in Bitwarden, the popular password management platform, affecting versions up to 2.25.1. The flaw, designated CVE-2025-5138, allows attackers to execute cross-site scripting (XSS) attacks through malicious PDF files uploaded to the platform’s file…
Privilege Escalation Flaws Found in Tenable Network Monitor
Tenable has released version 6.5.1 of its Network Monitor, a key passive vulnerability scanning solution, to address several high-severity vulnerabilities discovered in both its codebase and bundled third-party libraries. The update comes after security researchers identified vulnerabilities in widely used…
Apache Tomcat RCE Vulnerability Exposed with PoC Released
A critical security vulnerability, tracked as CVE-2025-24813, has been discovered in Apache Tomcat, a widely used open-source Java servlet container and web server. This flaw, stemming from improper handling of file paths, particularly those containing internal dots (e.g., file.Name)—can allow…
Severe WSO2 SOAP Flaw Allows Unauthorized Password Resets for Any Use
A newly disclosed vulnerability, CVE-2024-6914, has shocked the enterprise software community, affecting a wide range of WSO2 products. The flaw, rated with a CVSS score of 9.8 (Critical), stems from an incorrect authorization mechanism in the account recovery-related SOAP admin…
Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt DNS infrastructure, manipulate Non-Human Identity (NHI) secrets, and ultimately bypass zero-trust security frameworks. This research, conducted in a controlled lab environment, highlights a sophisticated attack…
Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application for managing crypto assets via Ledger cold wallets. Since August 2024, Moonlock Lab has been tracking a malware campaign that initially focused on stealing passwords…
Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. These flaws, when chained together, allow unauthenticated remote code execution (RCE) on internet-facing systems, posing a severe risk to enterprise…
Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000
A threat actor known as #LongNight has reportedly put up for sale remote code execution (RCE) access to Burger King Spain’s backup system, leveraging vulnerabilities in the AhsayCBS platform. Priced at $4,000, this exploit offers malicious actors a potential gateway…
EU Targets Stark Industries in Cyberattack Sanctions Crackdown
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing new restrictive measures against 21 individuals and 6 entities. This latest move, part of the EU’s 17th sanctions package, reflects a significant broadening of both…
Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as an “uncensored” and “private” alternative to mainstream platforms like ChatGPT. Unlike conventional AI chatbots, Venice.ai operates using leading open-source models such as DeepSeek R1 671B,…
Hackers Expose 184 Million User Passwords via Open Directory
A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a publicly accessible database containing 184,162,718 unique logins and passwords—totaling 47.42 GB of raw credential data. The exposed records included sensitive information such as emails, usernames, passwords,…
GenAI Assistant DIANNA Uncovers New Obfuscated Malware
Deep Instinct’s GenAI-powered assistant, DIANNA, has identified a sophisticated new malware strain dubbed BypassERWDirectSyscallShellcodeLoader. This malware, reportedly crafted with the assistance of large language models (LLMs) such as ChatGPT and DeepSeek, underscores a chilling trend in cybercrime: the rise of…