Aggregator

Over 280,000 customers of Australian ISP iiNet have been impacted by a data breach

长期以来，银狐、PlugX、Cobalt Strike等被黑客广泛使用，且免杀手段日益复杂，传统的特征检测难以应对。基于天擎“六合”引擎已发现多起境外APT针对国内的全程无文件间谍活动，银狐等黑产木马更是不在话下。

A sophisticated new cyberthreat campaign has emerged that combines impersonation of trusted news sources with deceptive security verification prompts to trick users into executing malicious commands on their systems. According to a Reddit post, the ClickFix attack masquerades as legitimate BBC news content while employing fake Cloudflare verification screens to deliver malware. How the Attack Works The […]

The post New ClickFix Attack Uses Fake BBC News Page and Fraudulent Cloudflare Verification to Trick Users appeared first on Cyber Security News.

The U.S. Department of Justice has announced the seizure of more than $2.8 million in cryptocurrency from Yanis Alexandrovich Antroppenko, who stands accused of computer fraud and money laundering. Antroppenko is linked to the...

The post DOJ Seizes $2.8 Million in Crypto from Suspected Zeppelin Ransomware Operator appeared first on Penetration Testing Tools.

Researchers at Hunt.io have published an in-depth analysis of the Android banking trojan ERMAC 3.0, uncovering not only its enhanced capabilities but also severe flaws within its infrastructure. This iteration expands upon the functionality...

The post Leaked Source Code Exposes ERMAC 3.0: A Dangerous Trojan with Flawed Security appeared first on Penetration Testing Tools.

至少143万人敏感数据受影响

Experts at Censys have released their State of the Internet 2025 report, focusing on the infrastructure of cybercriminals—specifically Command-and-Control (C2) servers and other tools used to coordinate attacks and maintain access to compromised systems....

The post The State of Cybercrime: How C2 Servers Fuel the Global Threat appeared first on Penetration Testing Tools.

Groups of cybercriminals specializing in mobile phishing have discovered a new way to profit from stolen credentials. Whereas they once focused on transferring compromised cards into digital wallets and selling them for fraudulent transactions,...

The post Beyond the Email: How New Mobile Phishing Scams Are Causing a “Ramp-and-Dump” Stock Frenzy appeared first on Penetration Testing Tools.

1,5 миллиона аккаунтов украдены всего за полгода.

A former moderator of the dark web forum XSS, known by the alias Rehub, has launched his own platform under the name Rehubcom. This move coincides with the arrest of the XSS administrator in...

The post The King Is Dead, Long Live the King: A New Cybercrime Forum Rises from the Ashes of XSS appeared first on Penetration Testing Tools.

The China-linked group UAT-7237 has become the subject of a new report from Cisco Talos. According to researchers, this team has been active since 2022, specializing in long-term persistence within victim infrastructure. In one...

The post Beyond the Firewall: Inside UAT-7237, a Chinese APT Group Targeting Taiwan appeared first on Penetration Testing Tools.

Researchers have demonstrated that the latest Gemini models consistently interpret hidden Unicode Tag characters as executable instructions—rendering invisible text within the interface into direct commands for the AI. This flaw endangers all Gemini-based integrations,...

The post The Invisible Attack: Hidden Characters Can Make Gemini Models Implant Backdoors appeared first on Penetration Testing Tools.

A recent reverse engineering analysis of a Lockbit ransomware variant targeting Linux-based ESXi servers has uncovered several sophisticated evasion techniques and operational details. The malware, first documented in 2022, employs the ptrace system call to detect debugging environments by attempting to attach to its parent process. If this fails typically due to an existing tracer […]

The post Lockbit Linux ESXi Ransomware Variant Reveals Evasion Techniques and File Encryption Process appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A team of researchers has unveiled a new framework, SNI5GECT, which exposes vulnerabilities in fifth-generation mobile networks at the very earliest stages of connection establishment. Unlike attacks that rely on counterfeit base stations—complex to...

The post SNI5GECT: A New Framework Exposes Major Vulnerabilities in 5G Networks appeared first on Penetration Testing Tools.

Allianz Life breach exposed data of most of its 1.4M customers; HIBP lists 1.1M impacted, though the insurer hasn’t confirmed exact figures. In July, Allianz Life disclosed a breach where hackers stole data from a cloud database, affecting most of its 1.4M customers and staff. Now, the data breach notification site Have I Been Pwned […]

A security researcher named Wayne has unveiled a new tool for Windows 11 that circumvents the PatchGuard protection mechanism in the system’s latest release (24H2). The project, called Kurasagi, has already been published on...

The post New Tool Bypasses Windows 11 PatchGuard, Opening a New Debate on Security appeared first on Penetration Testing Tools.

A vulnerability was found in Bouncy Castle for Java up to 2.1.0. It has been rated as problematic. Impacted is an unknown function of the component API Module. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-9092. An attack has to be approached locally. There is no exploit available.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Affected by this vulnerability is the function user_mutex of the file net/rxrpc/recvmsg.c. Executing manipulation can lead to race condition. This vulnerability is handled as CVE-2025-38524. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Affected by this issue is the function ice_lag_is_switchdev_running. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38526. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.