HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks read file error: read notes: is a directory... 2025-9-15 05:47:0 | 阅读: 17 | 收藏 | The Hacker News - thehackernews.com software kkrat network security malicious

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks read file error: read notes: is a directory... 2025-9-13 09:4:0 | 阅读: 9 | 收藏 | The Hacker News - thehackernews.com unc6040 drift salesforce extortion scattered

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks read file error: read notes: is a directory... 2025-9-12 15:16:0 | 阅读: 13 | 收藏 | The Hacker News - thehackernews.com security samsung exploited quram

Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms read file error: read notes: is a directory... 2025-9-12 14:49:0 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com spyware investors israel italy notified

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit 研究人员发现了一种名为HybridPetya的新勒索软件，其功能类似于Petya/NotPetya，并能通过利用CVE-2024-7344漏洞绕过UEFI Secure Boot机制。该恶意软件通过加密主文件表并部署恶意EFI应用进行攻击。微软已修补相关漏洞。HybridPetya允许攻击者从受害者安装密钥中重建解密密钥。目前尚未发现其在野外使用。... 2025-9-12 11:50:0 | 阅读: 46 | 收藏 | The Hacker News - thehackernews.com efi bootkit hybridpetya microsoft victim

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning read file error: read notes: is a directory... 2025-9-12 11:3:0 | 阅读: 45 | 收藏 | The Hacker News - thehackernews.com apriso zapchast dassault catalog

Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage 云原生技术（容器、Kubernetes、无服务器）改变了企业应用交付方式，但也扩大了攻击面。传统安全模型难以应对复杂环境中的实时威胁。CNAPP（云原生应用保护平台）通过整合可见性、合规性和检测能力，并结合运行时洞察和AI驱动的优先级排序，帮助企业聚焦真实风险并简化响应流程。... 2025-9-12 08:0:0 | 阅读: 14 | 收藏 | The Hacker News - thehackernews.com security cloud sysdig noise

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories read file error: read notes: is a directory... 2025-9-12 04:49:0 | 阅读: 12 | 收藏 | The Hacker News - thehackernews.com security claude malicious injection attacker

Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity read file error: read notes: is a directory... 2025-9-11 15:3:0 | 阅读: 9 | 收藏 | The Hacker News - thehackernews.com c2pa security provenance hardware chip

Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence read file error: read notes: is a directory... 2025-9-11 14:51:0 | 阅读: 13 | 收藏 | The Hacker News - thehackernews.com microsoft encryption windows wyden security

Cracking the Boardroom Code: Helping CISOs Speak the Language of Business read file error: read notes: is a directory... 2025-9-11 10:33:0 | 阅读: 14 | 收藏 | The Hacker News - thehackernews.com cisos security boards directors

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers Akira勒索软件团伙继续针对 SonicWall 设备发起攻击，利用 SSL VPN 中的安全漏洞 CVE-2024-40766 和 LDAP 配置问题获取初始访问权限。攻击者通过暴力破解用户凭证或绕过访问控制进入网络，进而部署勒索软件。SonicWall 和 Rapid7 建议用户启用 Botnet 过滤、MFA 策略并限制虚拟办公室访问以降低风险。... 2025-9-11 10:33:0 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com ransomware akira network security adaptixc2

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts 网络犯罪分子利用恶意广告分发虚假浏览器扩展（如SocialMetrics Pro和Madgicx Plus），窃取用户数据（包括cookie、IP地址），并通过Telegram bot发送给攻击者。这些数据被用于非法获取Meta Business和广告账户，并在地下论坛出售或用于更多恶意广告活动。... 2025-9-11 09:5:0 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com facebook malicious advertisers installs

AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto read file error: read notes: is a directory... 2025-9-11 06:2:0 | 阅读: 13 | 收藏 | The Hacker News - thehackernews.com remote powershell levelblue

Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems read file error: read notes: is a directory... 2025-9-10 15:46:0 | 阅读: 7 | 收藏 | The Hacker News - thehackernews.com malicious c2 philippines eggstreme

CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems 研究人员发现两种新恶意软件：CHILLYHELL（针对macOS的后门）和ZynorRAT（基于Go的远程访问木马）。CHILLYHELL由UNC4487组织开发，用于间谍活动；ZynorRAT通过Telegram控制Windows和Linux系统。... 2025-9-10 13:4:0 | 阅读: 4 | 收藏 | The Hacker News - thehackernews.com chillyhell zynorrat c2 windows rizzo

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs 微软在8月的补丁星期二更新中修复了80个安全漏洞，包括8个关键级别和72个重要级别的问题。其中涉及权限提升、远程代码执行等类型的安全风险。值得注意的是CVE-2025-55234（CVSS评分8.8）是一个公开已知的Windows SMB权限提升漏洞。此外还修复了Azure Networking中的一个CVSS评分10.0的严重漏洞以及其他多个高危问题。... 2025-9-10 11:14:0 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com bitlocker security microsoft attacker

Apple iPhone Air and iPhone 17 Feature A19 Chips With Spyware-Resistant Memory Safety 苹果推出新安全功能Memory Integrity Enforcement (MIE)，应用于iPhone 17和Air等新机型。该功能通过增强型内存标签扩展(EMTE)和标签保密性强制(TCE)技术，在不牺牲性能的前提下提供持续的内存安全保护，防止恶意攻击者利用内存腐败漏洞进行定向攻击。... 2025-9-10 10:21:0 | 阅读: 36 | 收藏 | The Hacker News - thehackernews.com memory mte tagged security mie

China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations read file error: read notes: is a directory... 2025-9-10 09:53:0 | 阅读: 7 | 收藏 | The Hacker News - thehackernews.com committee moolenaar espionage ccp attackers

The Time-Saving Guide for Service Providers: Automating vCISO and Compliance Services 文章探讨了MSP和MSSP在网络安全与合规管理中的挑战，指出手动流程导致效率低下。通过自动化技术如AI驱动的平台，可简化重复任务、提高一致性并释放资源，从而提升服务交付能力与客户满意度。... 2025-9-10 09:25:0 | 阅读: 5 | 收藏 | The Hacker News - thehackernews.com client onboarding assessments vciso