CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 美国网络安全机构CISA新增四个高危安全漏洞至其目录中，涉及Apache OFBiz、Microsoft .NET Framework和Paessler PRTG Network Monitor等软件。这些漏洞已被修复，但尚未有实际攻击报告。相关机构需于2025年2月前完成补丁应用以应对威胁。... 2025-2-5 05:5:0 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com prtg attacker remote security privileges

Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access 这篇文章讨论了针对Go生态系统的软件供应链攻击，其中恶意软件包利用缓存机制分发后门程序以获取远程访问权限。此外，还提到了三个恶意npm包用于收集系统数据和执行远程命令。... 2025-2-4 14:16:0 | 阅读: 1 | 收藏 | The Hacker News - thehackernews.com malicious github boltdb remote repository

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections Vulnerability / Cyber EspionageA recently patched security vulnerability in the 7-Zip archiver to... 2025-2-4 12:28:0 | 阅读: 5 | 收藏 | The Hacker News - thehackernews.com 0411 motw phishing girnus microsoft

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS The North Korean threat actors behind the Contagious Interview campaign have been observed deliveri... 2025-2-4 12:11:0 | 阅读: 5 | 收藏 | The Hacker News - thehackernews.com security ferret suggests north library

Watch Out For These 8 Cloud Security Shifts in 2025 Threat Detection / Cloud SecurityAs cloud security evolves in 2025 and beyond, organizations must... 2025-2-4 11:0:0 | 阅读: 2 | 收藏 | The Hacker News - thehackernews.com security cloud innovation unified operational

Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek... 2025-2-4 09:32:0 | 阅读: 3 | 收藏 | The Hacker News - thehackernews.com deepseek security chatbot malicious jailbreak

AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access Vulnerability / Hardware SecurityA security vulnerability has been disclosed in AMD's Secure Encry... 2025-2-4 08:58:0 | 阅读: 6 | 收藏 | The Hacker News - thehackernews.com security microcode sev snp hypervisor

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score Vulnerability / Cloud SecurityMicrosoft has released patches to address two Critical-rated securit... 2025-2-4 05:8:0 | 阅读: 20 | 收藏 | The Hacker News - thehackernews.com microsoft privileges 21415 security

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 Vulnerability / Mobile SecurityGoogle has shipped patches to address 47 security flaws in its And... 2025-2-4 04:51:0 | 阅读: 13 | 收藏 | The Hacker News - thehackernews.com security uvc corruption noting memory

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform Vulnerability / SharePointCybersecurity researchers have disclosed details of a now-patched vulner... 2025-2-4 04:29:0 | 阅读: 5 | 收藏 | The Hacker News - thehackernews.com attacker copilot security microsoft zenity

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023 Vulnerability / Network SecurityAs many as 768 vulnerabilities with designated CVE identifiers wer... 2025-2-3 13:57:0 | 阅读: 7 | 收藏 | The Hacker News - thehackernews.com exploited cves vulncheck security

PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages Open Source / Software SecurityThe maintainers of the Python Package Index (PyPI) registry have an... 2025-2-3 12:30:0 | 阅读: 12 | 收藏 | The Hacker News - thehackernews.com pypi security developers maintainers python

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February] This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI to... 2025-2-3 11:59:0 | 阅读: 2 | 收藏 | The Hacker News - thehackernews.com security chrome malicious software victim

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions Financial Security / MalwareBrazilian Windows users are the target of a campaign that delivers a b... 2025-2-3 11:39:0 | 阅读: 5 | 收藏 | The Hacker News - thehackernews.com coyote powershell malicious trojan windows

What Is Attack Surface Management? Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to kno... 2025-2-3 11:0:0 | 阅读: 0 | 收藏 | The Hacker News - thehackernews.com intruder cloud security asset

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social med... 2025-2-3 05:30:0 | 阅读: 8 | 收藏 | The Hacker News - thehackernews.com stealer crazy amos malicious guise

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network Cybercrime / Fraud PreventionU.S. and Dutch law enforcement agencies have announced that they have... 2025-2-1 08:14:0 | 阅读: 7 | 收藏 | The Hacker News - thehackernews.com criminal phishing saim schemes

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that ta... 2025-2-1 06:40:0 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com remote beyondtrust asset 12356 12686

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to targ... 2025-2-1 05:29:0 | 阅读: 13 | 收藏 | The Hacker News - thehackernews.com spyware paragon threats graphite guardian

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts Malvertising / Mobile SecurityCybersecurity researchers have discovered a malvertising campaign th... 2025-2-1 03:22:0 | 阅读: 7 | 收藏 | The Hacker News - thehackernews.com phishing malicious usps microsoft security