Aggregator

A vulnerability was found in Apple iOS and iPadOS. It has been declared as problematic. This vulnerability affects unknown code of the component Web Content Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-24194. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been rated as problematic. This issue affects some unknown processing of the component Web Content Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-24194. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple visionOS. Affected is an unknown function of the component Web Content Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-24194. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple tvOS. It has been classified as problematic. This affects an unknown part of the component Web Content Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-24194. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Font Handler. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-24182. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple visionOS and classified as problematic. Affected by this issue is some unknown functionality of the component Font Handler. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-24182. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple tvOS. This issue affects some unknown processing of the component Font Handler. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-24182. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS. Affected is an unknown function of the component Font Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-24182. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple macOS up to 13.6/14.6/15.3. This vulnerability affects unknown code. The manipulation leads to sandbox issue. This vulnerability was named CVE-2025-24172. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Netgear WNR854T 1.5.2. This affects the function SetDefaultConnectionService. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-54808. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Zitadel up to 2.71.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Token Endpoint/Introspection Endpoint. The manipulation leads to use of a key past its expiration date. This vulnerability is handled as CVE-2025-31123. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TOBYINK Mite on Perl. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. This vulnerability is known as CVE-2025-30672. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zitadel up to 2.71.5. It has been classified as problematic. Affected is an unknown function of the component Ignoring Unknown Usernames Handler. The manipulation leads to information exposure through discrepancy. This vulnerability is traded as CVE-2025-31124. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 据Sekoia报道，臭名昭著的朝鲜 Lazarus 黑客组织已采用“ClickFix”战术，针对加密货币行业的求职者部署恶意软件，尤其是集中化金融（CeFi）领域。 这种发展被视为 Lazarus “Contagious Interview” 活动的演变，该活动同样针对 AI 和加密货币领域的求职者。 ClickFix 是一种相对较新但日益常见的战术，威胁行为者利用网站或文档中的虚假错误提示，声称内容无法查看。页面随后提示用户通过运行 PowerShell 命令来“修复”问题，从而在系统上下载并执行恶意软件。 Sekoia 表示，在最新的活动中，Lazarus 假冒了多家知名公司，包括 Coinbase、KuCoin、Kraken、Circle、Securitize、BlockFi、Tether、Robinhood 和 Bybit，这些公司最近被朝鲜黑客窃取了创纪录的15亿美元。 “通过收集我们在所有虚假面试网站中识别出的数据（即 JSON 对象），我们能够确定哪些公司被无意中用作这些虚假面试的诱饵，”Sekoia 解释道。 “我们的分析基于从虚假面试网站检索到的184份不同的邀请。在这些邀请中，我们发现有14家公司的名称被用来诱使受害者完成申请流程。” Lazarus 采用 ClickFix 在2023年11月首次记录的“Contagious Interview”活动中，Lazarus 在 LinkedIn 或 X 上接近目标，向他们提供就业机会。 然后，他们利用托管在 GitHub 和 Bitbucket 等协作平台上的软件和编码测试项目，诱骗目标下载并在其系统上运行恶意软件加载程序，投放信息窃取器。 从2025年2月开始，Sekoia 表示 Lazarus 开始使用所谓的“ClickFake”活动，采用 ClickFix 战术来实现自我感染步骤，而攻击的早期阶段保持不变。 然而，研究人员指出，“Contagious Interview” 活动仍在进行中，这表明朝鲜人可能在并行运行这两种技术时评估其有效性。 在 ClickFake 攻击中，Lazarus 将重点从针对开发人员和程序员转向 CeFi 公司中担任非技术职务的人员，例如业务开发人员和市场经理。 这些人被邀请通过链接进入一个看似合法的网站进行远程面试，该网站使用 ReactJS 构建，包含联系表单、开放式问题，并要求提供视频介绍。 当目标尝试使用网络摄像头录制视频时，会出现一个虚假错误，声称驱动程序问题阻止了摄像头访问，并生成了解决问题的说明。 根据浏览器的用户代理，网站提供特定于操作系统的指令，支持 Windows 或 macOS。 受害者被指示在 CMD（Windows）或终端（macOS）中运行一个 curl 命令，这会使他们感染一个名为“GolangGhost”的基于 Go 的后门，并通过注册表修改和 LaunchAgent plist 文件建立持久性。 一旦部署，GolangGhost 会连接到其命令和控制（C2）服务器，用唯一机器 ID 注册新感染的设备，并等待命令。 该恶意软件可以执行文件操作、shell 命令执行、窃取 Chrome Cookie、浏览历史和存储的密码，以及收集系统元数据。 随着 Lazarus 多样化其攻击方法，潜在目标必须保持警惕，及时了解最新动态，并在下载或执行任何内容之前始终验证面试邀请。 切勿在 Windows 命令提示符或 macOS 终端中执行从互联网复制的任何内容，尤其是如果您不完全了解其功能。 Sekoia 还分享了组织可以用来检测和阻止 ClickFake 活动的 Yara 规则，以及与最新 Lazarus 活动相关的完整妥协指标列表。   消息来源：Bleeping Computer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

山石网科安全技术研究院作为优秀汽车安全研究团队荣获2025年度优秀智能汽车行业白帽黑客团队奖项。

山石网科安全技术研究院作为优秀汽车安全研究团队荣获2025年度优秀智能汽车行业白帽黑客团队奖项。

山石网科安全技术研究院作为优秀汽车安全研究团队荣获2025年度优秀智能汽车行业白帽黑客团队奖项。

山石网科安全技术研究院作为优秀汽车安全研究团队荣获2025年度优秀智能汽车行业白帽黑客团队奖项。

山石网科安全技术研究院作为优秀汽车安全研究团队荣获2025年度优秀智能汽车行业白帽黑客团队奖项。

山石网科安全技术研究院作为优秀汽车安全研究团队荣获2025年度优秀智能汽车行业白帽黑客团队奖项。