WhatsApp adds new security feature to protect against scams WhatsApp推出新安全功能，帮助用户识别潜在诈骗。当被陌生人拉入群聊时，系统会显示“安全概览”卡片，提供群组信息和防骗提示。用户可选择退出或查看聊天内容，并可静音群通知。此外，WhatsApp还禁用了680万个涉嫌诈骗的账户，并与OpenAI合作打击柬埔寨诈骗团伙。... 2025-8-6 11:0:19 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com centers pyramid dismantle chats spot

Trend Micro warns of Apex One zero-day exploited in attacks Trend Micro警告客户立即修复其Apex One平台中的远程代码执行漏洞（涉及CVE-2025-54948和CVE-2025-54987），该漏洞允许未认证攻击者远程执行代码。尽管尚未发布补丁，但已提供缓解工具以应对当前威胁。日本CERT也发出警告，敦促用户尽快采取措施。修复计划定于2025年8月中旬完成。... 2025-8-6 10:15:20 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com apex security remote exploited

Microsoft pays record $17 million in bounties over the last 12 months 微软今年通过漏洞赏金计划向来自59个国家的344名安全研究人员支付创纪录的1700万美元，用于修复Azure、Office 365等产品的1469个漏洞。微软扩大了赏金范围并提高了奖励金额，还在黑客竞赛中提供高达500万美元的奖金。... 2025-8-6 09:30:18 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft defender security awards

Pandora confirms data breach amid ongoing Salesforce data theft attacks 丹麦珠宝品牌Pandora遭遇数据泄露事件, 客户姓名, 生日及邮箱被窃取. 此次攻击源于第三方平台上 Salesforce 数据库遭入侵, 导致多个知名品牌受影响. Salesforce 建议启用多因素认证等安全措施以应对此类威胁.... 2025-8-5 22:30:18 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com salesforce pandora security phishing database

PBS confirms data breach after employee info leaked on Discord servers PBS遭遇数据泄露事件，员工及附属机构联系信息被曝光于Discord服务器上。该平台用户多为年轻群体，出于好奇或寻求关注分享数据。泄露信息包括姓名、邮箱等细节，来自内部系统。尽管未发现恶意用途迹象，但潜在风险仍存。... 2025-8-5 21:15:19 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com pbs curiosity favorite young fans

Adobe issues emergency fixes for AEM Forms zero-days after PoCs released Adobe修复了Adobe Experience Manager Forms on JEE的两个零日漏洞（CVE-2025-54253和CVE-2025-54254），分别涉及配置错误导致任意代码执行及XXE漏洞读取文件系统。这些高危漏洞允许远程代码执行，建议管理员尽快更新或限制访问以防范攻击。... 2025-8-5 19:15:18 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com remote 54254 54253 49533 attackers

CTM360 spots Malicious ‘FraudOnTok’ Campaign Targeting TikTok Shop users CTM360发现名为“FraudOnTok”的全球恶意软件活动，通过伪造TikTok商店传播SparkKitty间谍软件，窃取加密货币钱包并盗取资金。该活动结合钓鱼和恶意软件技术，在用户支付时收集敏感信息。... 2025-8-5 18:30:20 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com ctm360 fraudontok shop spyware sparkkitty

The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025 2025年夏季网络安全事件频发，医疗、零售和保险行业遭受勒索软件、数据泄露和钓鱼攻击。Interlock、Rhysida和Qilin等勒索团伙活跃，Scattered Spider利用社会工程入侵零售商并转向保险业。国家级网络活动加剧地缘政治紧张局势。关键漏洞如Microsoft SharePoint零日漏洞被广泛利用。安全团队需加强补丁管理、身份验证和人员培训以应对威胁。... 2025-8-5 14:30:18 | 阅读: 37 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com ransomware security insurance summer healthcare

SonicWall urges admins to disable SSLVPN amid rising attacks SonicWall警告客户关闭SSLVPN服务以防止勒索软件利用未知漏洞入侵网络。Arctic Wolf和Huntress确认了零日漏洞的使用，并建议禁用SSLVPN、限制访问、启用安全服务、强制MFA等措施。此外，SonicWall还警告了另一个关键漏洞CVE-2025-40599。... 2025-8-5 11:30:21 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com arctic wolf exploited huntress ransomware

Android gets patches for Qualcomm flaws exploited in attacks Google修复了Android系统中的六个安全漏洞，包括两个被利用的高通问题（CVE-2025-21479和CVE-2025-27038），这些问题可能导致内存损坏或远程代码执行。Pixel设备已更新，其他设备可能延迟。... 2025-8-5 10:45:19 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security exploited 27038 graphics

Microsoft increases Zero Day Quest prize pool to $5 million 微软举办Zero Day Quest黑客竞赛，奖金池增至500万美元，聚焦云与AI安全。竞赛于2025年8月至10月进行，参与者可获高额奖励，并有机会受邀参加现场活动。微软通过竞赛提升安全水平。... 2025-8-5 10:0:21 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft security copilot dynamics

Fashion giant Chanel hit in wave of Salesforce data theft attacks Chanel遭遇数据泄露事件，影响美国客户，暴露姓名、邮箱等信息。此次攻击属于针对Salesforce的ShinyHunters勒索活动，通过钓鱼获取权限。Salesforce强调平台未被攻破，并建议加强账户安全措施。... 2025-8-4 21:0:20 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com salesforce chanel database wwd security

Proton fixes Authenticator bug leaking TOTP secrets in logs Proton修复了其iOS版身份验证应用的漏洞，该漏洞导致敏感的TOTP密钥以明文形式存储在日志中，可能泄露多因素认证码。... 2025-8-4 19:15:17 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com totp proton exploited

Microsoft: Outdated Office apps lose access to voice features in January 微软宣布，旧版Office 365应用中的转录、听写和朗读功能将于2026年1月底停止工作，建议用户更新至指定版本以保留这些功能。政府云客户有额外两个月时间完成更新。... 2025-8-4 17:15:17 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft 2026 18827 dictation 20202

CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users CTM360发现名为“ClickTok”的全球恶意软件活动，通过伪装TikTok商店传播SparkKitty间谍软件，窃取加密货币钱包及资金。该活动结合钓鱼和木马攻击手段。... 2025-8-4 15:45:18 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com ctm360 clicktok spyware shop sparkkitty

New Plague Linux malware stealthily maintains SSH access A newly discovered Linux malware, which has evaded detection for over a year, allows attacke... 2025-8-4 14:45:19 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com ssh tampering plague malicious

Ransomware gangs join attacks targeting Microsoft SharePoint servers 勒索软件团伙利用微软SharePoint漏洞链攻击全球至少148个组织，发现新变种4L4MD4R并通过恶意加载器传播。攻击者试图禁用安全监控。微软和谷歌将其与中国威胁行为者相关联，并已修复相关漏洞。... 2025-8-4 11:30:21 | 阅读: 23 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security microsoft ransomware toolshell typhoon

Mozilla warns of phishing attacks targeting add-on developers Mozilla警告浏览器扩展开发者警惕针对其官方AMO仓库账户的钓鱼攻击。这些钓鱼邮件伪装成AMO团队，声称开发者账户需更新以保持功能访问。 Mozilla建议验证邮件来源是否为官方域名，并避免点击可疑链接以保护账户安全。... 2025-8-4 10:0:20 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com mozilla phishing amo developer developers

Attackers exploit link-wrapping services to steal Microsoft 365 logins 威胁行为者利用知名科技公司的链接包装服务隐藏恶意链接,将其导向微软365钓鱼页面以窃取登录凭证。该攻击针对Proofpoint和Intermedia的安全功能,通过多级重定向和URL缩短器混淆视听,并伪装成语音信箱或Teams文档通知诱骗用户点击,最终收集受害者的账户信息。... 2025-8-3 22:30:18 | 阅读: 21 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com phishing wrapping security microsoft malicious

OpenAI prepares new open weight models along with GPT-5 OpenAI isn't just working on GPT-5. It looks like OpenAI is also preparing to release new op... 2025-8-2 10:15:18 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com openai weights gpt huggingface spotted