How an Attacker Drained $50M from a DeFi Protocol Through Role Escalation 这篇文章描述了2月24日针对DeFi协议Infini的一次复杂攻击，导致约5000万美元USDC被盗。攻击者利用被泄露的私钥操控访问控制，并逐步执行交易转移资金。事件后，Infini提出返还部分资金作为奖励。该事件强调了私钥安全、权限分离和监控的重要性。... 2025-2-25 19:20:48 | 阅读: 6 | 收藏 | 0day Fans - research.checkpoint.com attacker security funds withdrawal usdc

Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign 这篇文章描述了一个利用Truesight.sys驱动程序旧版本漏洞的大规模网络攻击活动。攻击者生成了超过2500个变种以绕过检测，并通过钓鱼手段传播恶意软件，主要针对中国及其他亚洲地区用户。最终阶段使用Gh0st RAT远程控制被感染设备。微软已更新安全机制以应对此威胁。... 2025-2-24 14:21:55 | 阅读: 14 | 收藏 | 0day Fans - research.checkpoint.com truesight aliyuncs beijing stage microsoft

The Bybit Incident: When Research Meets Reality Bybit冷钱包遭黑客攻击，损失约15亿美元数字资产。攻击者利用社会工程学和UI操控技术绕过多重签名保护，显示传统安全措施的局限性。... 2025-2-23 16:18:5 | 阅读: 7 | 收藏 | 0day Fans - research.checkpoint.com multisig attacker bybit signers cold

The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions 文章探讨了利用沙盒解决方案中的人机交互模块的统计异常来规避检测的方法，并提出了一种模拟更接近真实人类行为的鼠标移动算法。该算法通过随机游走、高斯分布和路径生成等技术，使模拟的鼠标行为更难被沙盒检测系统识别。... 2025-2-20 14:58:26 | 阅读: 9 | 收藏 | 0day Fans - research.checkpoint.com mouse coor leq psi scr

FunkSec – Alleged Top Ransomware Group Powered by AI Key PointsThe FunkSec ransomware group emerged in late 2024 and published over 85 victi... 2025-1-10 12:0:6 | 阅读: 6 | 收藏 | 0day Fans - research.checkpoint.com funksec ransomware farado desertstorm analysis

Banshee: The Stealer That “Stole Code” From MacOS XProtect Research by: Antonis Terefos (@Tera0017)Since September, Check Point Research has b... 2025-1-9 14:7:12 | 阅读: 10 | 收藏 | 0day Fans - research.checkpoint.com banshee stealer malicious windows

SELECT code_execution FROM * USING SQLite; - Check Point Research August 10, 2019Gaining code execution using a malicious SQL... 2019-08-12 14:17:27 | 阅读: 51 | 收藏 | research.checkpoint.com database tokenizer memory ddl malicious