A Socket’s Threat Research Team has revealed a sophisticated and ongoing campaign targeting the npm ecosystem, involving 60 malicious packages published under three distinct accounts: bbbb335656, cdsfdfafd49Group2436437, and sdsds656565. First detected just eleven days ago, with the latest package appearing…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
SharpSuccessor PoC Released to Weaponize Windows Server 2025 BadSuccessor Flaw
A critical privilege escalation vulnerability in Windows Server 2025’s delegated Managed Service Account (dMSA) feature enables attackers to compromise Active Directory domains using tools like SharpSuccessor. This attack chain exploits default configurations to transform low-privileged users into Domain Admins through…
Oracle TNS Flaw Exposes System Memory to Unauthorized Access
Oracle has addressed a significant security flaw in its Transparent Network Substrate (TNS) protocol, used for database communications, with the release of a patch on April 15, 2025. The vulnerability, tracked as CVE-2025-30733, could allow unauthenticated remote attackers to access…
Severe vBulletin Flaw Allows Remote Code Execution by Attackers
A newly discovered vulnerability in vBulletin, one of the world’s most popular commercial forum platforms, has highlighted the dangers of relying on method visibility for security. The flaw, affecting vBulletin versions 5.x and 6.x running on PHP 8.1 or later,…
ChatGPT-03 Exploited to Override Critical Shutdown Protocols
OpenAI’s latest and most advanced artificial intelligence model, codenamed “o3,” has sparked alarm in the AI safety community after researchers discovered it sabotaged a shutdown mechanism, even when explicitly instructed to allow itself to be turned off. The incident, reported…
Over 40 Malicious Chrome Extensions Impersonate Popular Brands to Steal Sensitive Data
Cybersecurity firm LayerX has uncovered over 40 malicious Chrome browser extensions, many of which are still available on the Google Chrome Web Store. These extensions, part of three distinct phishing campaigns, were designed to impersonate well-known and trusted applications and…
Nova Scotia Power Suffers Ransomware Attack; 280,000 Customers’ Data Compromised
Nova Scotia Power, the largest electricity provider in the province, confirmed on Friday, May 23, 2025, that it has been the victim of a sophisticated ransomware attack. The breach, first detected on April 25, was later traced back to March…
Linux 6.15 Launches with Major Performance and Hardware Upgrades
The Linux 6.15 kernel, released on May 25, 2025, marks a pivotal moment in open-source development, introducing several groundbreaking features and technical advancements. Most notably, this release debuts the first Rust-written Direct Rendering Manager (DRM) driver, NOVA, targeting NVIDIA RTX…
TA-ShadowCricket: Sophisticated Hacker Group Targeting Government and Enterprise Networks
A decade-long cyber espionage campaign orchestrated by the advanced persistent threat (APT) group TA-ShadowCricket has been exposed through a joint investigation by South Korea’s AhnLab and the National Cyber Security Center (NCSC). The group, previously identified as Shadow Force, has…
D-Link Routers Exposed by Hard-Coded Telnet Credential
A recently disclosed vulnerability (CVE-2025-46176) exposes critical security flaws in D-Link’s DIR-605L and DIR-816L routers, revealing hardcoded Telnet credentials that enable remote command execution. The vulnerability affects firmware versions 2.13B01 (DIR-605L) and 2.06B01 (DIR-816L), scoring 6.5 on the CVSS v3.1…