CrowdStrike npm Packages Hit by Supply Chain Attack
A new supply chain attack has compromised multiple npm packages maintained by the crowdstrike-publisher account, marking a worrying continuation of the so-called “Shai-Halud attack.” Developers…
Category: GBHackers
Las Vegas, United States, September 16th, 2025, CyberNewsWire
Seraphic today announced at Fal.Con 2025 that its Secure Enterprise Browser (SEB) solution is now available for purchase in the CrowdStrike Marketplace, a one-stop destination…
APT28 Exploits Signal Messenger to Deploy eardShell and Covenant Malware
Sekoia.io’s Threat Detection and Response (TDR) team has uncovered a sophisticated campaign by APT28 that weaponizes Signal Messenger to deploy two previously undocumented malware families—BeardShell…
LG WebOS TV Vulnerability Enables Full Device Takeover by Bypassing Authentication
A security vulnerability has been discovered in LG WebOS TV systems that allows attackers to gain complete control over affected devices by bypassing authentication mechanisms.…
Windows Users Hit by VenomRAT in AI-Driven RevengeHotels Attack
RevengeHotels, also known as TA558, has escalated its long-standing cybercrime campaign by incorporating artificial intelligence into its infection chains, deploying the potent VenomRAT malware against…
The Hidden Risks of Backdoor Injections
AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and careless users can exploit these…
New Persistence Technique Attackers Use to Hide in AWS Cloud Environments
As more companies move their critical systems and data to Amazon Web Services (AWS), attackers are finding new ways to stay hidden inside cloud environments.…
WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login
A critical vulnerability in the Case Theme User plugin for WordPress allows unauthenticated attackers to hijack any account on vulnerable sites, including administrative accounts, by…
Threat Actors Exploit MCP Servers to Steal Sensitive Data
Unvetted Model Context Protocol (MCP) servers introduce a stealthy supply chain attack vector, enabling adversaries to harvest credentials, configuration files, and other secrets without deploying…
Spring Framework Security Flaws Allow Authorization Bypass and Annotation Detection Issues
A pair of medium-severity vulnerabilities in the Spring Framework and Spring Security libraries were disclosed on September 15, 2025. Both flaws involve the annotation detection…
New Phoenix Rowhammer Attack Bypasses DDR5 Chip Protections
A new variation of the Rowhammer attack, named Phoenix, breaks through the built-in defenses of modern DDR5 memory modules. Researchers reverse-engineered the in-DRAM protections on SK…
AISURU Botnet Fuels Record-Breaking 11.5 Tbps DDoS Attack With 300,000 Hijacked Routers
The newly identified AISURU botnet, leveraging an estimated 300,000 compromised routers worldwide, has been pinpointed as the force behind a record-shattering 11.5 Tbps distributed denial-of-service…