Aggregator

新型广告欺诈活动利用331款恶意应用，展示侵扰性广告并实施钓鱼攻击，已影响超6000万用户。

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in

История одной незашифрованной базы данных.

Cryptocurrency exchange OKX has temporarily suspended its decentralized exchange (DEX) aggregator service following allegations that North Korea’s state-sponsored Lazarus Group exploited it to launder funds stolen from the recent Bybit hack.  The suspension, announced on March 17, 2025, coincides with heightened regulatory scrutiny and efforts to enhance platform security. The Lazarus Group, notorious for state-backed […]

The post Crypto Exchange OKX Suspends Tool Used by North Korean Hackers to Steal Funds appeared first on Cyber Security News.

用大模型挖洞了吗？

用大模型挖洞了吗？

用大模型挖洞了吗？

用大模型挖洞了吗？

用大模型挖洞了吗？

The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that threat actors compromised the GitHub Action tj-actions/changed-files, allowing the leak of secrets from repositories using the continuous integration and continuous delivery CI/CD workflow. The tj-actions/changed-files GitHub Action is used in over 23,000 repositories, it automates workflows by […]

Cobalt Strike has released version 4.11 with significant improvements to its evasion capabilities, making the popular red team tool more resilient against modern security solutions.  The update introduces a novel Sleepmask, new process injection techniques, enhanced obfuscation options, and stealthier communication methods – all designed to operate effectively without requiring extensive customization. Major Evasion Enhancements […]

The post Red Team Tool Cobalt Strike 4.11 Released With out-of-the-box Evasion Options appeared first on Cyber Security News.

A newly discovered critical remote code execution (RCE) vulnerability (CVE-2025-24813) has been identified in Apache Tomcat, allowing attackers to fully […]

The post Critical Remote Code Execution (RCE) Vulnerability in Apache Tomcat (CVE-2025-24813) appeared first on HawkEye.

The Danish Agency for Social Security (CFCS) has issued an updated threat assessment warning of severe cyber threats targeting the nation’s telecommunications sector, signaling a heightened alert level for state-sponsored espionage.  The report, which supersedes the 2022 version, underscores an increasing threat landscape, driven by increased targeting of telecom and internet service providers by foreign […]

The post Denmark Warns of Serious Cyber Attacks Targeting Telecommunication Sector appeared first on Cyber Security News.

知名头部安全厂商押注AI/数据赋能安全；Cloudflare 提升防御能力，应对未来量子安全威胁