Aggregator

The U.S. District Court for the District of Columbia has ordered Google to share critical search data with competitors while allowing the tech giant to retain ownership of its Chrome browser. The decision, announced Tuesday by the Department of Justice’s Antitrust Division, represents a significant victory in the government’s ongoing battle against Google’s search monopoly […]

The post Google Won’t Be Forced to Sell Chrome, But Must Share Search Data With Rivals appeared first on Cyber Security News.

A sophisticated backdoor linked to the notorious Russian cyber-espionage group APT28 allows attackers to exfiltrate data, upload files, and execute commands on compromised computers. The new, sophisticated backdoor targets Microsoft Outlook, which allows threat actors to steal data and take control of a victim’s machine. The malware, dubbed “NotDoor,” has been attributed to the Russian […]

The post New ‘NotDoor’ Malware Attacks Outlook Users to Exfiltrate Data and Compromise Computers appeared first on Cyber Security News.

In the first half of 2025, there were 8,062,971 DDoS attacks worldwide, with EMEA taking the brunt at 3.2 million attacks, according to Netscout. Peak attacks reached speeds of 3.12 Tbps and 1.5 Gpps. These attacks have moved beyond simple disruption tools and are now precision instruments of geopolitical influence. They can target critical infrastructure at the most sensitive moments. Geopolitical events drive global DDoS trends Major political events triggered significant spikes in attacks. During … More →

The post DDoS attacks serve as instruments of political influence and disruption appeared first on Help Net Security.

近日，安全研究人员发现了首款由人工智能驱动的勒索软件——PromptLock。该恶意软件借助Lua脚本，可在Windows、macOS及Linux系统上实施数据窃取与加密操作。

这款恶意软件通过Ollama API调用OpenAI的gpt-oss:20b模型，依据硬编码提示词动态生成恶意Lua脚本。

PromptLock的运作机制

据ESET研究人员介绍，PromptLock采用Golang语言编写，并通过Ollama API访问gpt-oss:20b大型语言模型（LLM）。该语言模型部署在远程服务器上，威胁者需通过代理隧道与其建立连接。 

该恶意软件内含硬编码提示词，可指令模型动态生成恶意Lua脚本，这些脚本的功能涵盖本地文件系统枚举、目标文件检查、数据窃取及文件加密等。

文件枚举提示

研究人员还提到其包含数据销毁功能，但该功能尚未实现。

在文件加密方面，PromptLock采用轻量级的SPECK 128位算法——这对勒索软件而言是相当罕见的选择，该算法通常被认为更适用于RFID应用场景。

PromptLock的加密逻辑

目前尚处于演示阶段

据透露，PromptLock并未出现在其遥测数据中，研究人员是在VirusTotal平台上发现它的。ESET认为，PromptLock目前还只是一个概念验证产品或仍在开发中的项目，并非已在野外活跃的勒索软件。

此外，诸多迹象表明它当前仅是一款概念工具，而非实际威胁。例如，它使用安全性较弱的加密算法（SPECK 128位），内置与中本聪（Satoshi Nakamoto）相关联的比特币地址，且数据销毁功能尚未落地。 

ESET发布有关PromptLock的详细信息后，一名安全研究人员声称该恶意软件是其开发的项目，不知为何遭到了泄露。

尽管如此，PromptLock的出现仍具有重要意义：它表明人工智能可被武器化并融入恶意软件工作流程，能带来跨平台能力、操作灵活性、规避检测等优势，同时降低了网络犯罪的入门门槛。

这一演变在7月已现端倪——当时乌克兰计算机应急响应小组（CERT）报告发现了LameHug恶意软件。这是一款由大型语言模型驱动的工具，借助Hugging Face API及阿里巴巴的Qwen-2.5-Coder-32B模型，可实时生成Windows shell命令。

据悉，LameHug由APT28组织的俄罗斯黑客部署，它通过API调用实现功能，而非像PromptLock那样采用代理方式。两种实现方式虽能达成相同的实际效果，但后者更为复杂，且风险更高。

A sophisticated new backdoor malware has emerged from the shadows, operating undetected for over 20 months while infiltrating networks through an ingenious dual-mode activation system. Initially discovered masquerading as a Mirai variant, MystRodX represents a significant evolution in stealth malware design, utilizing DNS queries and ICMP packets as covert communication channels to evade traditional security […]

The post MystRodX Leveraging DNS and ICMP to Steal Sensitive Data From Hacked Systems appeared first on Cyber Security News.

A sophisticated phishing operation has been running undetected for over three years across Google Cloud and Cloudflare infrastructure, impersonating major corporations including defense contractor Lockheed Martin. The campaign, which utilized advanced cloaking techniques and compromised expired domains, demonstrates a concerning failure in detection capabilities by two of the internet’s largest service providers. The operation began […]

The post Phishing Campaign Went Undetected for Over 3 Years on Google Cloud and Cloudflare appeared first on Cyber Security News.

You must login to view this content