Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations read file error: read notes: is a directory... 2025-8-25 11:50:0 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com security failures threats behaviors

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing APT组织 Transparent Tribe 使用恶意桌面快捷方式攻击印度政府机构，通过鱼叉式钓鱼邮件传播，影响Windows和Linux系统，建立持久访问并窃取数据。... 2025-8-25 08:13:0 | 阅读: 14 | 收藏 | The Hacker News - thehackernews.com phishing tribe indian spear cyfirma

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot 研究人员发现一个恶意Go模块伪装成SSH暴力破解工具，实际用于窃取用户凭证并通过Telegram传播给攻击者。该模块禁用主机密钥验证并使用简单密码列表进行暴力破解。攻击者来自俄罗斯，并通过GitHub和YouTube分发其他恶意软件。... 2025-8-24 13:38:0 | 阅读: 15 | 收藏 | The Hacker News - thehackernews.com ssh security g3tt disables c2

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets read file error: read notes: is a directory... 2025-8-23 07:38:0 | 阅读: 37 | 收藏 | The Hacker News - thehackernews.com malicious security gayfemboy bandwidth income

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection read file error: read notes: is a directory... 2025-8-22 14:31:0 | 阅读: 17 | 收藏 | The Hacker News - thehackernews.com trellix vshell security ringreaper analysis

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage 文章揭示了三个与中国相关的网络间谍组织——Murky Panda、Genesis Panda和Glacial Panda——利用云服务中的零日漏洞进行攻击。这些组织通过入侵企业网络、滥用可信关系及横向移动技术获取情报。... 2025-8-22 11:6:0 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com panda cloud murky crowdstrike

INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown read file error: read notes: is a directory... 2025-8-22 11:5:0 | 阅读: 13 | 收藏 | The Hacker News - thehackernews.com interpol arrested authorities african illicit

Automation Is Redefining Pentest Delivery read file error: read notes: is a directory... 2025-8-22 10:30:0 | 阅读: 19 | 收藏 | The Hacker News - thehackernews.com workflows security automating lifecycle

Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware read file error: read notes: is a directory... 2025-8-22 06:4:0 | 阅读: 29 | 收藏 | The Hacker News - thehackernews.com lu employer defendant justice dollars

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks read file error: read notes: is a directory... 2025-8-21 16:38:0 | 阅读: 14 | 收藏 | The Hacker News - thehackernews.com remote security commvault attackers

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages 网络威胁行为者利用虚假CAPTCHA页面诱骗用户执行恶意PowerShell脚本，部署CORNFLAKE.V3后门程序以窃取系统信息并分发额外payload。该攻击链还涉及USB传播恶意软件和加密货币挖矿活动。... 2025-8-21 16:25:0 | 阅读: 9 | 收藏 | The Hacker News - thehackernews.com cornflake windows mandiant drives powershell

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger 文章介绍了名为QuirkyLoader的新恶意软件加载器，自2024年11月以来通过垃圾邮件传播多种恶意软件。该加载器利用DLL侧加载和进程空洞技术注入恶意代码，并针对特定目标实施钓鱼攻击。同时，新型QR码钓鱼手法和 PoisonSeed 威胁活动也值得关注。... 2025-8-21 10:41:0 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com phishing malicious security loader qr

Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025 2025年Picus蓝皮书显示，密码破解攻击成功率显著上升至46%，反映出组织在密码策略和身份验证方面的重大漏洞。尽管意识到威胁，但弱密码、过时算法及缺乏多因素认证仍是主要问题。攻击者利用有效凭证轻松渗透系统，强调加强身份安全和凭证管理的迫切需求。... 2025-8-21 10:30:0 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com cracking security defenses attackers picus

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft 一名20岁的网络犯罪团伙Scattered Spider成员因参与多起黑客攻击和加密货币盗窃被判10年监禁，并需支付1300万美元赔偿金。该团伙通过SIM卡交换攻击和社交工程手段窃取数字资产，并与其它威胁组织合作扩大影响力。... 2025-8-21 06:45:0 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com urban scattered spider security prison

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks 苹果修复了一个存在于ImageIO框架中的零日漏洞（CVE-2025-43300），该漏洞可能导致内存损坏并被用于针对特定目标的复杂攻击。已发布适用于iOS、iPadOS和macOS的更新版本以修复此问题，并指出这是今年修复的第七个被滥用的零日漏洞。... 2025-8-21 04:47:0 | 阅读: 33 | 收藏 | The Hacker News - thehackernews.com inch security macs 3rd sonoma

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft 流行浏览器密码管理器插件存在DOM-based clickjacking漏洞，可能导致用户账户凭证、2FA代码及信用卡信息被盗。独立研究员Marek Tóth发现该问题并展示于DEF CON会议。攻击者可利用恶意脚本隐藏扩展注入的UI元素，诱使用户点击以窃取数据。目前已有11款热门密码管理器受影响，部分厂商尚未修复漏洞。建议用户禁用自动填充功能，并手动控制扩展设置以减少风险。... 2025-8-20 17:54:0 | 阅读: 8 | 收藏 | The Hacker News - thehackernews.com security tóth passwords attacker

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage 俄罗斯支持的网络间谍组织Static Tundra利用Cisco软件中的7年漏洞CVE-2018-0171对全球关键行业发起攻击，尤其针对乌克兰及其盟友。该组织通过此漏洞获取设备配置信息并建立持久访问权限，同时利用SNMP协议和定制工具如SYNful Knock进行数据窃取和防御规避。 Cisco建议用户修补漏洞或禁用Smart Install功能以应对威胁。... 2025-8-20 15:59:0 | 阅读: 9 | 收藏 | The Hacker News - thehackernews.com tundra network talos 0171 security

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts 研究人员展示了一种名为PromptFix的新提示注入技术，通过在网页中嵌入恶意指令的假CAPTCHA欺骗生成式AI模型执行有害操作，导致其自动访问钓鱼网站或虚假商店进行购买。... 2025-8-20 13:1:0 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com phishing lovable comet guardio promptfix

From Impact to Action: Turning BIA Insights Into Resilient Recovery 现代企业面临日益复杂的威胁环境，需通过业务连续性和灾难恢复（BCDR）策略应对风险。业务影响分析（BIA）是构建有效BCDR的基础，帮助企业识别关键功能和评估中断影响。IT领导者在BIA中发挥关键作用，确保恢复计划的可执行性。Datto提供统一平台支持备份、灾难恢复和自动化恢复流程，助力企业提升韧性。... 2025-8-20 10:30:0 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com bia datto downtime bcdr operational

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms 朝鲜黑客组织Kimsuky通过鱼叉式钓鱼邮件针对韩国外交机构发动网络间谍活动，利用GitHub和云存储分发恶意软件Xeno RAT。邮件伪装成可信联系人，包含伪造的官方文件和活动邀请。攻击活动时间与中国的时区相符，并在五一假期暂停三天。... 2025-8-20 09:18:0 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com korean north trellix diplomatic phishing