54Articles
7Categories
2025-05-26Date
🚨 CISA KEV 1[−]
26 May KEVCISA flags Commvault zero-day as part of wider SaaS attack campaignThe US Cybersecurity and Infrastructure Security Agency (CISA) has warned about threat actors abusing Commvault’s SaaS cloud application, Metallic, to access its clients’ critical application secrets. According to a CISA advisory, threat actors may have accessed client secrets fr…CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
26 MaySevere WSO2 SOAP Flaw Allows Unauthorized Password Resets for Any UseA newly disclosed vulnerability, CVE-2024-6914, has shocked the enterprise software community, affecting a wide range of WSO2 products. The flaw, rated with a CVSS score of 9.8 (Critical), stems from an incorrect authorization mechanism in the account recovery-related SOAP admin …GBHACKERS.COM
26 MayApache Tomcat RCE Vulnerability Exposed with PoC ReleasedA critical security vulnerability, tracked as CVE-2025-24813, has been discovered in Apache Tomcat, a widely used open-source Java servlet container and web server. This flaw, stemming from improper handling of file paths, particularly those containing internal dots (e.g., file.N…GBHACKERS.COM
26 MayBitwarden Flaw Allows Upload of Malicious PDFs, Posing Security RiskA serious security vulnerability has been identified in Bitwarden, the popular password management platform, affecting versions up to 2.25.1. The flaw, designated CVE-2025-5138, allows attackers to execute cross-site scripting (XSS) attacks through malicious PDF files uploaded to…GBHACKERS.COM
26 MayD-Link Routers Exposed by Hard-Coded Telnet CredentialA recently disclosed vulnerability (CVE-2025-46176) exposes critical security flaws in D-Link’s DIR-605L and DIR-816L routers, revealing hardcoded Telnet credentials that enable remote command execution. The vulnerability affects firmware versions 2.13B01 (DIR-605L) and 2.0…GBHACKERS.COM
26 MayOracle TNS Flaw Exposes System Memory to Unauthorized AccessOracle has addressed a significant security flaw in its Transparent Network Substrate (TNS) protocol, used for database communications, with the release of a patch on April 15, 2025. The vulnerability, tracked as CVE-2025-30733, could allow unauthenticated remote attackers to acc…GBHACKERS.COM
26 MayCVE Rebooted: Dumpster Fire or Fresh Start? 😬🔥Cyber pros are watching closely as the CVE board attempts to rebuild its vulnerability tracking system — but is it innovation or just a slow-motion disaster? 😬 In this clip, Adrian Sanabria and Katie Moussouris break down what might be the start of a total CVE and NVD overhaul. W…YOUTUBE.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
26 MaySieben gängige Wege, ein Smartphone zu hackenAngriffsvektoren gibt es etliche, doch wenn der Mensch aufpasst, lassen sich viele neutralisieren. Tero Vesalainen – shutterstock.com Mobiltelefone gelten gemeinhin zwar als sicherer als PCs, sind aber dennoch anfällig für Angriffe – insbesondere durch Social Engineering und ande…CSOONLINE.COM
26 MayUnraveling Cyber Threats: Ransomware, Kidnapping, and Record-Breaking DDoS AttacksIn this episode of Cybersecurity Today, host David Shipley dives into several alarming cyber incidents. The show starts with Nova Scotia Power's confirmation of a ransomware attack that forced the shutdown of customer-facing systems and led to data being published on the dark web…CYBERSECURITYTODAY.LIBSYN.COM
26 MayThe 7 unwritten rules of leading through crisisVirtually all enterprises have some form of crisis management plan in place. Yet simply creating a crisis management program isn’t enough. What’s often more important are the unwritten rules that help ensure the program is executed effectively when crisis hits. Whether you’re fac…CSOONLINE.COM
26 MayPrivilege Escalation Flaws Found in Tenable Network MonitorTenable has released version 6.5.1 of its Network Monitor, a key passive vulnerability scanning solution, to address several high-severity vulnerabilities discovered in both its codebase and bundled third-party libraries. The update comes after security researchers identified vul…GBHACKERS.COM
26 MayTA-ShadowCricket: Sophisticated Hacker Group Targeting Government and Enterprise NetworksA decade-long cyber espionage campaign orchestrated by the advanced persistent threat (APT) group TA-ShadowCricket has been exposed through a joint investigation by South Korea’s AhnLab and the National Cyber Security Center (NCSC). The group, previously identified as Shadow Forc…GBHACKERS.COM
26 MayReality check on SOC AI; Enterprise News; runZero and Imprivata RSAC interviews - HD M... - ESW #408Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these v…YOUTUBE.COM
26 MayLinux 6.15 Launches with Major Performance and Hardware UpgradesThe Linux 6.15 kernel, released on May 25, 2025, marks a pivotal moment in open-source development, introducing several groundbreaking features and technical advancements. Most notably, this release debuts the first Rust-written Direct Rendering Manager (DRM) driver, NOVA, target…GBHACKERS.COM
26 MayOpen MPIC project defends against BGP attacks on certificate validationBorder Gateway Protocol (BGP ) hijacking has long represented a critical vulnerability in the internet’s infrastructure, allowing attackers to silently redirect traffic between endpoints. The risk is so great the U.S. government has even branded it as a national security concern …NETWORKWORLD.COM
26 MayChatGPT-03 Exploited to Override Critical Shutdown ProtocolsOpenAI’s latest and most advanced artificial intelligence model, codenamed “o3,” has sparked alarm in the AI safety community after researchers discovered it sabotaged a shutdown mechanism, even when explicitly instructed to allow itself to be turned off. The incident, reported b…GBHACKERS.COM
26 MaySevere vBulletin Flaw Allows Remote Code Execution by AttackersA newly discovered vulnerability in vBulletin, one of the world’s most popular commercial forum platforms, has highlighted the dangers of relying on method visibility for security. The flaw, affecting vBulletin versions 5.x and 6.x running on PHP 8.1 or later, allowed attac…GBHACKERS.COM
26 MayNIST proposes new metric to gauge exploited vulnerabilities - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/05/26/nist-likely-exploited-vulnerabilities/SH.ITJUST.WORKS
26 MayCISO's Guide To Web Privacy Validation And Why It's ImportantAre your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s guide provides a practical roadmap for continuous web privacy validation that’s aligned with real-world practices. – Download the full guide here. Web Privacy: From Legal Requirement …THEHACKERNEWS.COM
26 MayBreaking RSA encryption just got 20x easier for quantum computersA quantum computer with one million noisy qubits running for one week can theoretically crack RSA-2048 bit encryption, representing twenty times fewer qubits than Google’s 2019 estimate, according to new research from Google Quantum AI. The findings sharply compress the timeline …CSOONLINE.COM
26 MaySharpSuccessor PoC Released to Weaponize Windows Server 2025 BadSuccessor FlawA critical privilege escalation vulnerability in Windows Server 2025’s delegated Managed Service Account (dMSA) feature enables attackers to compromise Active Directory domains using tools like SharpSuccessor. This attack chain exploits default configurations to transform low-pri…GBHACKERS.COM
26 MayHow scammers exploit genuine Microsoft business notificationsHow malicious actors exploit Microsoft business notifications by embedding their own contact details, and how you can protect yourself against this threat.KASPERSKY.COM
26 MayRemote Prompt Injection in GitLab Duo Leads to Source Code Theftsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duoINFOSEC.PUB
26 MayHow a Simple Security Gap Could Threaten Entire NationsA single security gap could jeopardize an entire nation’s critical infrastructure. 🚨 With a new bill in Congress aiming to extend Vulnerability Disclosure Programs (VDPs) from federal agencies to government contractors, cybersecurity professionals are on high alert. Ilona Cohen e…YOUTUBE.COM
26 MayFake DigiYatra Apps Target Indian Users to Steal Financial DataThreat actors have been exploiting the trust in India’s digital public infrastructure by setting up a deceptive phishing site, digiyatra[.]in, impersonating the DigiYatra Foundation. This fraudulent website, still live at the time of reporting, is being used to harvest pers…GBHACKERS.COM
26 MayMeteobridge Web Interface Vulnerability Let Attackers Inject Commands RemotelyONEKEY Research Lab has uncovered a severe command injection vulnerability in the MeteoBridge firmware, a compact device designed to connect personal weather stations to public weather networks like Weather Underground. This flaw, identified through ONEKEY’s recently introduced b…GBHACKERS.COM
26 MayIntercept and Monitor TLS Traffic with mitmproxy Using Podman - Infosec.Pubsubmitted by starkzarn to cybersecurity 1 points | 0 comments https://infosec.pub/post/28887455SH.ITJUST.WORKS
📢 SECURITY ADVISORIES 6[−]
26 MayThreat Actors Deploy Database Client Tools on Targeted Systems to Exfiltrate Sensitive DataCybersecurity experts have noted an increase in data breaches where threat actors are directly querying internal databases to steal sensitive information. Unlike traditional malware-based attacks, these adversaries are leveraging legitimate database client tools such as DBeaver, …GBHACKERS.COM
🔥 INCIDENT REPORTING 9[−]
26 MayNova Scotia Power Confirms Ransomware Attack, 280k Notified of Data BreachNova Scotia Power has finally admitted that the recent cyberattack was a ransomware attack, but it hasn’t paid the hackers. The post Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
26 MayBSI warnt vor Cyberattacken auf EnergieversorgungDie BSI-Präsidentin Claudia Plattner fordert einen besseren IT-Schutz für die Energieversorgung in Deutschland. elxeneize – shutterstock.com Die Energieversorgung in Deutschland braucht aus Sicht der Präsidentin des Bundesamtes für Sicherheit in der Informationstechnik (BSI), Cla…CSOONLINE.COM
26 May⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEsCyber threats don't show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late. For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting early signs of trouble before they become real threats. This update is designed to …THEHACKERNEWS.COM
26 MayKundendaten von Adidas gestohlenBei einem Cyberangriff auf einen Dienstleister sind Kundendaten von Adidas abgeflossen. Sergey Kohl – shutterstock.com Medienberichten zufolge sind Kundendaten von Adidas in die Hände eines Hackers gelangt. Demnach erfolgte der Zugriff über einen Dienstleister für den Kundenservi…CSOONLINE.COM
26 MayNova Scotia Power Suffers Ransomware Attack; 280,000 Customers’ Data CompromisedNova Scotia Power, the largest electricity provider in the province, confirmed on Friday, May 23, 2025, that it has been the victim of a sophisticated ransomware attack. The breach, first detected on April 25, was later traced back to March 19, when threat actors gained unauthori…GBHACKERS.COM
26 MaySuspected InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwordssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.websiteplanet.com/news/infostealer-breach-report/INFOSEC.PUB
26 May60 Malicious npm Packages Exfiltrate Hostnames, IP Addresses, and DNS Server DetailsA Socket’s Threat Research Team has revealed a sophisticated and ongoing campaign targeting the npm ecosystem, involving 60 malicious packages published under three distinct accounts: bbbb335656, cdsfdfafd49Group2436437, and sdsds656565. First detected just eleven days ago, with …GBHACKERS.COM
26 MayHackers Reportedly Selling Over 500 Stolen Crypto Databases on Dark-Web ForumsA hackers has made news by allegedly selling a ZIP archive containing more than 500 compromised databases, which seems to be a serious blow to the cybersecurity of several cryptocurrency companies. This clandestine operation, taking place on dark-web forums, showcases the growing…GBHACKERS.COM
26 MaySVG Steganography, (Mon, May 26th)Didier recently published several diaries related to steganography. I have to admit that steganography isn&#;x26;#;39;t exactly my favorite topic. It is one of those "neat" infosec toys, but its applicability is limited. Data exfiltration usually does …ISC.SANS.EDU
🕵️ THREAT INTELLIGENCE 7[−]
26 MayOver 40 Malicious Chrome Extensions Impersonate Popular Brands to Steal Sensitive DataCybersecurity firm LayerX has uncovered over 40 malicious Chrome browser extensions, many of which are still available on the Google Chrome Web Store. These extensions, part of three distinct phishing campaigns, were designed to impersonate well-known and trusted applications and…GBHACKERS.COM
26 MayFBI Warns of Silent Ransom Group Targeting Law Firms via Scam Callssubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/fbi-silent-ransom-group-law-firms-via-scam-calls/SH.ITJUST.WORKS
26 MayMultiple French govt institutions’ emails, passwords exposed, hackers claimsubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/french-government-email-data-leak/SH.ITJUST.WORKS
26 MayChatGPT Deep Research Now Integrates with Dropbox and OneDrive to Retrieve DataChatGPT has rolled out a beta feature called Deep Research Connectors, designed to integrate seamlessly with third-party applications such as Dropbox, Microsoft OneDrive, GitHub, Microsoft SharePoint, and Box. Announced this week, this feature enables users to access and analyze …GBHACKERS.COM
26 MayFBI Issues on Silent Ransom Group Using Fake IT Support Calls to Target VictimsThe Federal Bureau of Investigation (FBI) has issued a critical alert regarding the escalating activities of the cyber threat actor known as Silent Ransom Group (SRG), also identified under aliases such as Luna Moth, Chatty Spider, and UNC3753. Since emerging in 2022, SRG has gai…GBHACKERS.COM
26 MayKatz Stealer Targets Chrome, Edge, Brave, and Firefox to Steal Login CredentialsKatz Stealer has emerged as a potent credential-stealing malware-as-a-service, targeting popular web browsers such as Chrome, Edge, Brave, and Firefox. This multi-feature stealer conducts extensive system reconnaissance and data theft by extracting saved passwords, cookies, and s…GBHACKERS.COM
26 MayChoosing Cybersecurity Is Like Choosing the Harp… Heavy, Loud & UnforgettableEver met a cybersecurity expert who picked their path like a harpist on a subway? 😂 In this hilarious behind-the-scenes moment, Doug White and Aaran Leyland joke about how some career choices—like cybersecurity or playing the harp—aren’t exactly the “easy to carry on a bus” kind.…YOUTUBE.COM
📡 INFOSEC NEWS 5[−]
26 MayOpenAI plans to ship an interesting ChatGPT product by 2026OpenAI is planning to ship a new ChatGPT-powered product by 2026, but we aren't looking at yet another model. [...]BLEEPINGCOMPUTER.COM
26 MayGoogle claims users find ads in AI search 'helpful'Google AI mode and AI Overviews now have ads, which, according to the search engine giant, are "helpful." [...]BLEEPINGCOMPUTER.COM
26 MayVote for the sessions you want to see at TechCrunch Disrupt 2025We were thrilled by the remarkable interest in speaking at TechCrunch Disrupt 2025, taking place October 27–29 at Moscone West in San Francisco. After an in-depth review process, we’ve selected 20 exceptional finalists—10 for breakout sessions and 10 for roundtables. Now, we’re p…TECHCRUNCH.COM
26 MayOver 70 Malicious npm and VS Code Packages Found Stealing Data and CryptoAs many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts, come with…THEHACKERNEWS.COM
26 MayWhy Blindly Scaling Can Destroy Your Business – She Explains!She just dropped a truth bomb about why blindly scaling a business can lead to disaster! 🚨 Most companies think they need to grow non-stop, but what if that’s actually the wrong move? She explains why knowing when to scale is just as important as how to scale. Don’t let your busi…YOUTUBE.COM