Who are the Top Ransomware Threat Actors of H1 2025 2025年上半年勒索软件激增，CL0P、Akira和Qilin三大威胁行为者主导全球超千次攻击。CL0P擅长零日漏洞攻击，Akira针对制造业和关键行业，Qilin通过RaaS模式快速扩张。新威胁者如Dire Wolf等也浮现，数据窃取成主要手段。勒索软件生态化发展，企业需加强主动防御。... 2025-8-8 07:0:43 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com ransomware cl0p qilin akira cyble

A Region-Wise Breakdown of Cyber Threats: What H1 2025 Data Reveals 2025年上半年全球网络安全威胁加剧，勒索软件攻击针对美国、英国、亚太及中东非洲等地区的薄弱行业展开，呈现地域化、精准化趋势。... 2025-8-6 10:45:44 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com regional ransomware regions security sectors

Scattered Spider Intensifies Cyber Onslaught with New Tactics and Ransomware Deployment Scattered Spider网络犯罪组织活动升级，利用ransomware、社会工程学和身份盗窃攻击全球关键基础设施。其最新行动包括部署DragonForce勒索软件加密企业系统，并通过云服务窃取数据。该组织擅长社交工程和身份劫持，利用多种恶意软件和合法工具隐蔽行动，对商业和关键行业构成严重威胁。... 2025-8-4 11:30:47 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com scattered spider ransomware remote encryption

The Week in Vulnerabilities: 1 in 5 New Vulnerabilities Exploited Quickly The wide range of vulnerabilities highlighted this week reveals the constant pressure security team... 2025-8-1 08:1:35 | 阅读: 43 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com cyble remote attacker security

Maritime Sector Faces Surge in APT and Hacktivist Cyber Threats 海上运输行业成为网络攻击主要目标。文章分析了APT组织、勒索软件团伙等威胁行为者及其攻击活动，并探讨了关键漏洞如CVE-2025等对船舶和港口的影响。建议包括网络隔离架构、硬件加密等安全措施。... 2025-7-29 09:31:10 | 阅读: 32 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com maritime allegedly ship security logistics

RedHook: A New Android Banking Trojan Targeting Users in Vietnam RedHook是一种新的Android银行木马，针对越南用户通过伪装政府和金融机构网站进行钓鱼攻击。它利用WebSocket通信，支持34种远程命令，并带有中文代码特征。目前检测率低，在该地区构成威胁。... 2025-7-28 17:46:12 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com redhook phishing victim trojan mailisa

The Week in Vulnerabilities: Time to Exploit Continues to Fall 过去一周披露了900多个新漏洞,其中近200个已有公开PoC,涉及IT与工业控制系统,包括SharePoint远程代码执行、Chrome零日漏洞等高危问题,安全团队需快速响应以应对日益缩短的披露与利用时间差。... 2025-7-25 13:16:3 | 阅读: 49 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com cyble attackers remote netscaler

UK Identifies Russian GRU’s “AUTHENTIC ANTICS” Malware in Email Espionage Campaign 英国将名为“AUTHENTIC ANTICS”的恶意软件与俄罗斯军事情报局（GRU）关联，并对相关单位和个人实施制裁。该恶意软件被用于针对微软云邮箱账户的网络间谍活动及混合战行动。其技术手段包括伪造登录窗口窃取凭证、静默转发邮件及隐藏痕迹。英国强调需加强网络安全防护以应对此类威胁。... 2025-7-22 12:31:21 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com authentic antics gru microsoft ncsc

Australian Cyber Security Centre Warns of an Active Exploit Taking Advantage of Microsoft SharePoint Vulnerability CVE-2025-53770 澳大利亚网络安全中心警告称，针对本地部署的微软SharePoint服务器的CVE-2025-53770漏洞正被积极利用，可导致远程代码执行。建议立即安装安全更新，并采取防护措施以缓解风险。... 2025-7-22 05:16:8 | 阅读: 21 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com microsoft security 53770 premises acsc

CSA Issues Alert on Critical VMware Vulnerabilities: Patch Now, Experts Warn 新加坡网络安全局警告称，VMware多处关键漏洞可能导致代码执行和数据泄露。... 2025-7-18 14:46:6 | 阅读: 25 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com 41237 broadcom fusion workstation

Scanception: A QRiosity-Driven Phishing Campaign Cyble分析了名为“Scanception”的持续网络钓鱼活动，利用PDF中的二维码绕过安全措施，窃取凭证并逃避检测。攻击通过伪装成合法企业通信的邮件开始，PDF中包含多页内容和二维码链接至恶意网站。该活动利用可信服务和开放重定向器隐藏恶意内容，并采用多阶段技术窃取凭证和绕过MFA。主要针对科技、医疗、制造和金融行业，并在全球范围内展开。... 2025-7-17 15:31:14 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com phishing scanception security qr analysis

Australia Strengthens Cybersecurity for Critical Infrastructure with Adoption of AS IEC 62443 Standards 澳大利亚采纳AS IEC 62443标准保护关键基础设施中的OT系统，应对网络威胁，并符合国家网络安全战略。... 2025-7-15 13:1:31 | 阅读: 17 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com iec 62443 australia operational

The Week in Vulnerabilities: Cyble’s Weekly Cyber Threat Report Reveals New Flaws IT and IoT Ecosystems Cyble研究人员通过全球蜜罐传感器发现新漏洞，并监测到针对物联网设备和企业基础设施的攻击激增。恶意软件如Mirai活跃，防御建议包括及时打补丁、加强网络监控及实施零信任策略。... 2025-7-14 13:1:35 | 阅读: 25 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com attackers injection cyble network

Hacktivist Attacks on Critical Infrastructure Grow as New Groups Emerge 网络激进主义者正将攻击目标从传统的DDoS和网站破坏转向关键基础设施中的工业控制系统（ICS）。俄罗斯相关的组织如Z-Pentest、Dark Engine和Sector 16在2025年第二季度发起了大量针对能源、制造业等关键部门的攻击。同时，新的激进组织如Dark Engine和BL4CK CYB3R也在崛起，并且他们的活动往往与地区冲突相关联。... 2025-7-11 05:1:34 | 阅读: 40 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com hacktivist quarter sectors strategic russia

Ongoing Phishing Campaign Utilizes LogoKit for Credential Harvesting 文章描述了一个针对匈牙利CERT和其他机构的网络钓鱼活动，攻击者利用亚马逊S3托管钓鱼页面，并集成Cloudflare Turnstile以增强可信度。钓鱼链接预填受害者邮箱地址，并使用Logokit套件实时获取目标品牌标志和favicon。攻击者通过mettcoint.com收集凭证，并持续针对全球银行、物流等机构展开攻击。... 2025-7-7 11:1:5 | 阅读: 26 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com phishing mettcoint cyble victim favicon

Phishing, Pivots, and Persistence: A Look into Japan’s Q1 2025 Cyber Threat Landscape 日本JPCERT/CC 2025年第一季度报告指出网络攻击激增，钓鱼攻击占87%，网站入侵增长75%，供应链漏洞被利用。显示网络威胁日益复杂化和精准化，需加强防御措施。... 2025-7-7 09:1:14 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com phishing jpcert quarter ivanti attackers

The Week in Vulnerabilities: High-Risk IT and ICS Flaws Flagged by Cyble Cyble本周调查了数十个IT和ICS高风险漏洞，包括Google Chrome零日、Cisco RCE及UPS系统关键缺陷等。暗网活跃讨论中发现苹果iOS零日攻击。建议企业优先修复并加强多层安全防护以应对威胁。... 2025-7-4 13:1:26 | 阅读: 23 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com cyble remote security attackers

Top Ransomware Groups June 2025: Qilin Reclaims Top Spot 6月，Qilin勒索软件团伙再次成为最大团伙，拥有86名受害者。其崛起可能得益于RansomHub在4月被DragonForce接管后下线。尽管初步数据显示整体受害者数量趋于稳定，但Qilin凭借其复杂的RaaS服务和对高价值行业的攻击继续主导市场。... 2025-7-1 10:31:9 | 阅读: 17 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com ransomware qilin affiliates dls claimed

The Week in Vulnerabilities: Citrix NetScaler Fixes Urged by Cyble Cyble研究人员发现多个高风险IT漏洞和零日攻击威胁，包括CitrixBleed 2、Cisco IOS XE漏洞及地下论坛中讨论的WebDAV远程代码执行等。这些漏洞可能被用于窃取敏感数据或控制关键系统。安全专家建议加强风险管理、采用零信任原则及完善防御措施以应对威胁。... 2025-6-30 05:31:9 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com cyble netscaler attackers forums

Hacktivists Launch DDoS Attacks at U.S. Following Iran Bombings 美国因参与以色列与伊朗冲突成为黑客目标，多个支持伊朗的黑客组织对美政府、军事及金融机构发动DDoS攻击等网络威胁。... 2025-6-24 11:35:12 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - cyble.com hacktivist claimed iran iranian israel