Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages 供应链攻击影响NPM平台上的Gluestack包，16个流行包被入侵，每周下载量超95万次。恶意代码注入lib/index.js文件，具备远程访问木马功能。攻击仍在持续中，研究人员警告用户关注更新，并指出威胁者可能与近期其他攻击有关联。... 2025-6-8 13:35:0 | 阅读: 13 | 收藏 | Security Affairs - securityaffairs.com aikido malicious weekly security gluestack

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 48 文章报道了针对Gluestack供应链的攻击，影响超过95万周下载量，以及一起大规模数据泄露事件，还有对Fortinet漏洞的利用和俄罗斯相关威胁行为者对乌克兰的攻击。... 2025-6-8 11:35:30 | 阅读: 32 | 收藏 | Security Affairs - securityaffairs.com exploited ransomware security affairs

Security Affairs newsletter Round 527 by Pierluigi Paganini – INTERNATIONAL EDITION The newsletter highlights significant cybersecurity incidents: a massive leak of 4 billion Chinese user records; ransomware targeting healthcare and energy sectors; malware developments like Qilin and Play ransomware; exploits in Fortinet and other software; state-sponsored attacks by groups like Russia's PathWiper and China's APT41; critical infrastructure targeting; and law enforcement actions against cybercrime.... 2025-6-8 11:20:49 | 阅读: 23 | 收藏 | Security Affairs - securityaffairs.com exploited ransomware security affairs

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source 研究人员发现一个未加密的631GB数据库暴露了约40亿条用户记录,主要涉及中国用户,包含微信、支付宝等个人信息,可能是用于监视或用户画像,已成中国最大规模单一来源数据泄露事件。... 2025-6-7 17:22:19 | 阅读: 49 | 收藏 | Security Affairs - securityaffairs.com cybernews wechat database 805 citizens

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source 研究人员发现一个未加密的631GB数据库暴露了约40亿条中国用户记录，包括微信、支付宝等个人信息。这些数据可能被用于监视或诈骗。... 2025-6-7 17:22:19 | 阅读: 0 | 收藏 | Data Breach - securityaffairs.com cybernews database wechat residential profiling

Attackers exploit Fortinet flaws to deploy Qilin ransomware Qilin 勒索软件通过利用 Fortinet 的 CVE-2024-21762 和 CVE-2024-55591 等漏洞进行远程代码执行攻击，针对多个组织实施双 extortion 策略，并可能扩大全球影响范围。... 2025-6-6 22:9:16 | 阅读: 8 | 收藏 | Security Affairs - securityaffairs.com ransomware qilin fortigate lockbit

Russia-linked threat actors targets Ukraine with PathWiper wiper 俄罗斯关联的威胁行为者利用新恶意软件PathWiper攻击乌克兰关键基础设施。该恶意软件通过合法工具部署，扫描并覆盖所有存储设备的关键数据。研究人员指出其与俄罗斯APT组织的过往攻击手法相似。... 2025-6-6 18:30:42 | 阅读: 8 | 收藏 | Security Affairs - securityaffairs.com pathwiper russia wiper ukraine talos

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers 美国悬赏1000万美元征集关于RedLine恶意软件及其开发者Maxim Rudometov的情报，该软件被用于针对美国关键基础设施的网络攻击。荷兰警方已摧毁其基础设施。... 2025-6-6 11:12:23 | 阅读: 13 | 收藏 | Security Affairs - securityaffairs.com redline authorities rudometov eurojust netherlands

Play ransomware group hit 900 organizations since 2022 Play勒索软件自2022年以来已攻击约900个组织，采用双重勒索模式，通过加密数据和威胁泄露来勒索赎金。该团伙利用被盗凭证、已知漏洞及新SimpleHelp漏洞进行攻击，并开发针对VMware ESXi的变种以加密虚拟机文件。... 2025-6-6 07:22:22 | 阅读: 13 | 收藏 | Security Affairs - securityaffairs.com ransomware security australian 900 acsc

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog 美国网络安全机构CISA将Google Chromium V8的越界读写漏洞CVE-2025-5419加入已知被利用目录。该漏洞被积极利用，Google已发布补丁修复，并要求联邦机构于6月26日前完成修复。... 2025-6-5 21:3:56 | 阅读: 6 | 收藏 | Security Affairs - securityaffairs.com exploited catalog chrome 5419

New versions of Chaos RAT target Windows and Linux systems 新的Chaos RAT变种针对Windows和Linux系统发起攻击，并伪装成网络工具诱骗用户下载。该恶意软件基于Golang开发，具备跨平台兼容性和远程控制功能，并被发现存在严重漏洞可被滥用。... 2025-6-5 20:29:16 | 阅读: 11 | 收藏 | Security Affairs - securityaffairs.com windows attackers remote acronis network

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure 思科修复了身份服务引擎（ISE）云部署中的严重漏洞（CVE-2025-20286），CVSS评分为9.9分。该漏洞影响AWS、Microsoft Azure和Oracle Cloud Infrastructure上的部署，可能导致未认证攻击者获取敏感数据并进行破坏。问题源于相同软件版本和云平台下生成相同凭证。思科已发布修复版本，并建议重置配置以生成新凭证。... 2025-6-5 08:31:27 | 阅读: 37 | 收藏 | Security Affairs - securityaffairs.com cloud ise deployments attacker impacts

Law enforcement seized the carding marketplace BidenCash 执法部门查封网络犯罪市场BidenCash，没收其145个域名及加密货币资金。该平台自2022年3月起运营，拥有超11.7万名用户，交易超1500万张支付卡并赚取1700万美元收入。为推广业务曾免费发放330万张被盗信用卡。... 2025-6-5 05:51:23 | 阅读: 12 | 收藏 | Security Affairs - securityaffairs.com bidencash marketplace carding authorities

Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev 乌克兰军事情报局GUR入侵俄罗斯图波列夫公司，窃取4.4GB机密数据，包括内部通讯、员工信息及战略轰炸机研发资料。此次行动暴露了图波列夫几乎所有机密，并为乌克兰提供了俄军战略航空的关键情报。... 2025-6-4 20:3:53 | 阅读: 10 | 收藏 | Security Affairs - securityaffairs.com tupolev ukraine russia military strategic

Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev 乌克兰军事情报机构GUR入侵俄罗斯图波列夫公司，窃取4.4GB机密数据，包括内部通信、员工信息及战略轰炸机研发细节。此次行动暴露了图波列夫几乎所有秘密，为乌克兰提供了俄军战略航空的关键情报。... 2025-6-4 20:3:53 | 阅读: 0 | 收藏 | Data Breach - securityaffairs.com tupolev ukraine strategic military russia

HPE fixed multiple flaws in its StoreOnce software HPE修复了其StoreOnce备份软件中的八个安全漏洞，包括远程代码执行、认证绕过和数据泄露等问题。其中最严重的漏洞（CVE-2025-37093）CVSS评分为9.8，影响所有4.3.11之前的版本。... 2025-6-4 13:29:26 | 阅读: 47 | 收藏 | Security Affairs - securityaffairs.com zdi remote hpe storeonce

Roundcube Webmail under fire: critical exploit found after a decade Roundcube Webmail被发现严重漏洞（CVE-2025-49113），CVSS评分9.9分，存在十年之久。该漏洞允许攻击者通过未验证的URL参数进行PHP对象反序列化，远程执行代码。影响超过5300万个主机及工具如cPanel等。官方已发布修复版本（1.6.11和1.5.10 LTS）。研究人员建议立即更新以避免风险。... 2025-6-4 11:35:54 | 阅读: 18 | 收藏 | Security Affairs - securityaffairs.com roundcube webmail 49113 php

U.S. CISA adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog 美国网络安全机构CISA将高通芯片组的多个漏洞加入已知被利用目录，包括授权错误和内存问题。这些漏洞已被有限攻击利用，修复补丁已发布。CISA要求联邦机构在6月24日前完成修复。... 2025-6-4 09:16:31 | 阅读: 18 | 收藏 | Security Affairs - securityaffairs.com qualcomm chipsets exploited catalog

Cartier disclosed a data breach following a cyber attack 卡地亚因网络攻击导致客户信息泄露，包括姓名、邮箱和国家等有限数据。公司已采取措施应对并通知执法部门，近期其他奢侈品牌也频遭攻击。... 2025-6-4 07:25:2 | 阅读: 0 | 收藏 | Data Breach - securityaffairs.com cartier luxury fashion goods

Cartier disclosed a data breach following a cyber attack 卡地亚因网络攻击导致数据泄露，客户姓名、邮箱和国家信息被暴露。公司已通知执法部门并加强系统保护。近期奢侈品牌频遭 cyberattacks。... 2025-6-4 07:25:2 | 阅读: 21 | 收藏 | Security Affairs - securityaffairs.com cartier luxury goods