The cybersecurity landscape has darkened with the sophisticated evolution of the KongTuke campaign. Active since mid-2025, this threat actor group has continuously refined its techniques to bypass conventional enterprise security filters. Their primary weapon remains the “ClickFix” strategy, a social engineering vector that deceives unsuspecting users into manually fixing simulated website errors. In these attacks, […]
The post Attackers Using DNS TXT Records in ClickFix Script to Execute Powershell Commands appeared first on Cyber Security News.
A significant data breach targeting the Canadian retail giant Canada Computers & Electronics has ignited a furor among
The post The “Guest” Trap: Canada Computers Under Fire for Opacity Following Massive Credit Card Breach appeared first on Penetration Testing Tools.
GitHub is currently grappling with the unforeseen repercussions of the proliferation of AI-driven development instrumentation. The platform, having
The post The “Slop” Tsunami: GitHub Eyes “Kill Switch” for Pull Requests to Save Buried Maintainers appeared first on Penetration Testing Tools.
The OpenClaw project—a personal AI interlocutor with whom users engage via messaging platforms and to whom they frequently
The post The “Dumpster Fire” of AI: How OpenClaw Mutated from Viral Assistant to a $30,000 Security Disaster appeared first on Penetration Testing Tools.
A security researcher operating under the pseudonym Magic Claw has inaugurated LOLAPI, a structured compendium of systemic APIs
The post The API Assassin: How “LOLAPI” Unmasks the Native Commands Turning Windows and Cloud Against You appeared first on Penetration Testing Tools.
A formidable cyber incursion within the Solana ecosystem has profoundly destabilized the decentralized finance landscape. The Step Finance
The post Solana Under Siege: Step Finance Drained of $30M as STEP Token Plummets 80% in Hours appeared first on Penetration Testing Tools.
A sophisticated cyber-espionage group known as Amaranth-Dragon has launched a series of highly targeted attacks against government and law enforcement agencies across Southeast Asia. Active throughout 2025, these campaigns have demonstrated a keen interest in geopolitical intelligence, often timing their operations to coincide with significant local political events. The threat actors have focused their efforts […]
The post Amaranth-Dragon Exploiting WinRAR Vulnerability to Gain Persistent to Victim Systems appeared first on Cyber Security News.
Cybercriminals who compromised an academic institution in Antwerp have resorted to exerting psychological pressure on parents after the
The post Extortion Shifts to the Playground: Fake “Lock-Bit” Group Targets Parents After Antwerp School Refuses Ransom appeared first on Penetration Testing Tools.
The sophisticated threat actor APT28 has commenced the exploitation of a nascent Microsoft Office vulnerability almost immediately following
The post Three-Day Turnaround: How APT28 Rapidly Weaponized the Latest Microsoft Office Zero-Day appeared first on Penetration Testing Tools.
A sophisticated technique has been unearthed within Chrome that permits the exfiltration of the complete URL from any
The post The Stealth Oracle: How “Safe” Chrome Extensions Can Reconstruct Your Private URLs Character by Character appeared first on Penetration Testing Tools.
Security researcher Julian Peña has unveiled GhostKatz, a formidable new utility engineered to exfiltrate credentials from the LSASS
The post Screaming at the Kernel: How GhostKatz Uses “Vulnerable Drivers” to Dump Credentials via Physical Memory appeared first on Penetration Testing Tools.
聚焦网安厂商最新动作,整合新品发布、战略合作、技术升级等核心动态,省去碎片化信息筛选时间,1篇GET网安厂商近期关键动作!
网安厂商最新动态
网际思安上榜信通院第四期《数字安全护航技术能力全景图》多个领域
近日,中国信息通信研究院“数字安全护航计划”重磅发布第四期《数字安全护航技术能力全景图》。网际思安入选全景图10大细分领域。
慧天云海中标入围国家税务总局
在“税务系统2025年网络安全产品框架协议采购入围项目”中,济南慧天云海信息技术有限公司旗下API安全监测系统、网络隔离设备、数据库审计系统等多款核心产品成功入围。
易安联零信任一体化办公终端安全项目入选ISC.AI 2025创新性案例
易安联零信任一体化办公终端安全项目成功入选《ISC.AI 2025创新性案例报告》。
志翔与摩尔线程完成产品兼容互认
志翔科技和摩尔线程近期宣布,志翔至安盾®ZS-ISP安全访问系统与摩尔线程数据中心级多功能GPU产品MTT S3000经过严格测试,成功完成了兼容性互认。
云天安全深度参与两项国家标准正式发布
近日,国家市场监督管理总局(国家标准化管理委员会)正式批准发布GB/T 46884.2-2025《工业互联网平台 安全生产数字化管理 第2部分:石化化工行业》与GB/T 43553.2-2025《智能工厂数字化交付 第2部分:设计交付》国家标准。山东云天安全技术有限公司全程参与这两项标准的研制工作。
亚数TrustAsia获SILA“智光杯”行业突出贡献会员单位、标准贡献会员单位
亚数信息科技(上海)有限公司在第9届物联网照明大会暨“智光杯”优秀会员典礼上,荣膺SILA“智光杯”行业突出贡献会员单位、SILA“智光杯”标准贡献会员单位。
网宿全站防护斩获上海市高转化A级认定
日前,上海市科学技术委员会正式公布新一批高新技术成果转化项目认定结果。网宿安全全站防护平台获最高等级“A级”认定,并成为前四名中唯一的网络安全类项目。
爱加密入选《数字安全护航技术能力全景图》多个关键领域
近日,爱加密成功入围《数字安全护航技术能力全景图》移动安全、数据安全、软件供应链安全等多个关键技术领域。
简网科技产品入围国家税务系统网络安全2025框架协议采购项目
近日,国家税务系统2025年度网络安全框架协议采购项目入围结果揭晓,简网科技自主研发的APPINSA产品成功入围第10-11包“全流量威胁分析”标段。
拓尔思获批共建情报智能技术北京市重点实验室
近日,拓尔思正式获批共建情报智能技术北京市重点实验室。该实验室依托北京市科学技术研究院,并联合拓尔思共同建设。
东方通再度荣膺“北京软件核心竞争力企业(市场应用型)”
近日,《2025北京软件企业核心竞争力评价报告》评选结果公布,东方通再获“北京软件核心竞争力企业(市场应用型)”认证。
苏商银行与航天壹进制达成合作
近日,苏商银行与航天壹进制正式达成战略合作,并顺利完成NBU替换项目的落地部署。
通付盾续任信创工委会“技术活动单位”
近日,通付盾凭借在信息技术应用创新领域蝉联“信息技术应用创新工作委员会技术活动单位”称号。
和利时信安院入选毕马威“智能制造科技50”榜单
近日,毕马威中国在智能制造企业家生态峰会期间隆重发布第二届“智能制造科技50”榜单及报告,宁波和利时信息安全研究院院有限公司成功登榜。
新华三助力越南同维电子生产基地建设与运营
近日,越南同维电子生产基地项目二期弱电智能化集成工程正式交付。紫光股份旗下新华三集团首次将国内成熟的标准化弱电集成体系完整输出至海外市场。
一款恶意攻击活动正针对暴露在外的大语言模型服务端点展开精准攻击,通过非法获取AI基础设施的未授权访问权限实现商业化牟利。
研究人员在40天的监测中,于蜜罐系统上记录到超3.5万次攻击会话,由此发现这起大规模网络犯罪活动——攻击者通过利用暴露或认证机制存在缺陷的AI服务端点,将非法访问权限变现并实施一系列恶意操作。
研究人员将该攻击活动命名为Bizarre Bazaar,并指出这是首起可明确归因于特定威胁组织的“大模型劫持”(LLMjacking)攻击案例。
研究人员称攻击者通过获取防护薄弱的大模型基础设施端点未授权访问权限,主要实施以下恶意行为:
1. 窃取计算资源用于虚拟货币挖矿;
2. 在暗网市场转售API访问权限;
3. 窃取提示词与对话记录中的数据;
4. 试图通过模型上下文协议(MCP)服务器横向渗透至内部系统。
该攻击活动的常见攻击载体包括:自部署的大模型环境、暴露在外或未做认证的AI接口、公网可访问的MCP服务器,以及分配了公网IP的AI开发/测试环境。
攻击者通常利用各类配置漏洞发起攻击,例如11434端口上未做认证的Ollama服务端点、8000端口上兼容OpenAI协议的未认证接口,以及未做权限校验的生产环境聊天机器人。
研究人员指出,一旦存在配置漏洞的服务端点出现在Shodan、Censys等网络空间测绘平台的扫描结果中,攻击者会在数小时内发起针对性攻击。
这类威胁与传统的接口滥用存在本质区别,被攻陷的大模型服务端点不仅会产生高额成本——大模型推理计算的开销本就居高不下,还会导致企业敏感数据泄露,更会为攻击者提供横向渗透的可乘之机。
此前,GreyNoise的一份报告也曾披露过类似攻击行为,彼时攻击者主要针对商用大模型服务展开信息探测。
而此次研究则发现,这起攻击活动背后形成了一条犯罪供应链,涉及三名威胁者,且三者大概率为同一犯罪团伙协同作案:
第一位通过自动化机器人对全网进行扫描,寻找大模型及MCP服务端点;
第二位体对扫描结果进行验证,测试目标端点的访问权限;
第三位行为体则在Telegram、Discord等平台运营着一个名为silver[.]inc的商业化服务平台,将非法获取的AI服务访问权限以虚拟货币或PayPal转账的方式转售牟利。
该平台还推出了一个名为NeXeonAI的项目,对外宣称是“一体化AI基础设施”,可提供50余款头部厂商的大模型访问权限。
Bizarre Bazaar行动阶段
研究人员还将这起犯罪活动溯源至一名特定威胁者,该行为体曾使用“Hecker”“Sakuya”“LiveGamer101”等多个别名。
除了聚焦大模型接口滥用的Bizarre Bazaar,还监测到另一起独立的攻击活动,该活动专门针对MCP服务端点展开侦察探测。
针对MCP端点的攻击,能为攻击者创造更多横向渗透的机会——可通过与Kubernetes容器平台交互、获取云服务访问权限、执行Shell命令等方式进一步入侵,其背后的牟利价值远高于单纯利用计算资源挖矿的变现手段。
目前尚无证据表明这起MCP端点攻击活动与Bizarre Bazaar存在关联,但安全研究人员推测,二者或有潜在联系。
A critical Remote Code Execution (RCE) vulnerability has been unearthed within the enterprise solution Quest KACE Desktop Authority,
The post Pipe Dreams Turned Nightmare: Remote Code Execution via Quest KACE Desktop Authority appeared first on Penetration Testing Tools.
Cybersecurity researchers persist in their investigation of a sophisticated incursion targeting the ubiquitous text editor Notepad++, which remained
The post Surgical Espionage: The “Chrysalis” Backdoor and the 6-Month Hijack of Notepad++ appeared first on Penetration Testing Tools.
A sophisticated supply chain incursion has been documented within the Open VSX extension registry, precipitated by the illicit
The post Shattering the Trust: The “GlassWorm” Supply Chain Attack Hijacking Open VSX Extensions appeared first on Penetration Testing Tools.