Aggregator

修订中要解决的系列问题

HackerNews 编译，转载请注明出处： 一场覆盖全欧洲的执法行动已成功取缔暗网上运行时间最长的毒品交易平台Archetyp Market。6月11日至13日期间，六国执法机构展开协调突袭行动，针对该平台基础设施及核心成员实施打击。此次代号为“深空哨兵行动（Operation Deep Sentinel）”的行动由德国、荷兰、罗马尼亚、西班牙和瑞典联合开展，并获欧洲刑警组织（Europol）、欧洲司法组织（Eurojust）及美国当局支持。约300名执法人员参与行动，最终实现平台下线、逮捕多名涉案人员，并查获约780万欧元（约合人民币6084万元）资产。 Archetyp Market运营时间超过五年，吸引全球逾60万用户，累计促成交易额超2.5亿欧元（约合人民币19.5亿元）。该平台提供超过17,000条商品清单，包括芬太尼等合成阿片类药物——这类物质在欧洲乃至全球日益成为用药过量致死事件的关联因素。 该平台30岁的德国籍管理员在巴塞罗那被捕，同时德国与瑞典执法部门对一名平台版主及六名顶级供应商采取行动。平台位于荷兰的技术基础设施已被完全拆除。 此次取缔标志着同类犯罪平台中最稳固的据点之一走向终结。除可卡因、摇头丸（MDMA）及苯丙胺等毒品外，Archetyp Market因促成高风险物质的匿名交易而臭名昭著，其性质与昔日暗网平台“Silk Road”、“Dream Market”如出一辙。 欧洲刑警组织行动副局长让-菲利普·勒库夫（Jean-Philippe Lecouffe） 表示：“此次行动铲除了暗网历史最悠久的毒品市场之一，切断了全球最危险物质的主要供应链。通过摧毁其基础设施并逮捕关键人物，我们传递了明确信号：伤害牟利者没有安全港。” 此次行动基于对该平台网络及运营的多年调查。当局通过追踪金融交易、分析法证证据，并与国际同行密切合作，最终锁定平台幕后人员。调查仍在进行中，或引发更多逮捕或起诉。执法部门强调，跨境协作与定向技术专长在平台关停中发挥了关键作用。 目前该平台原网址已被查封通告取代，并发布针对地下经济参与者的警示信息。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

The Gunra ransomware group escalated its attack on American Hospital Dubai (AHD), a premier healthcare facility in Dubai, UAE, by releasing new evidence of a major cyberattack. The group claims to have leaked 40 terabytes of sensitive data, including personal demographics, credit card details, Emirates ID numbers, health records, and internal documents, following an initial […]

The post Gunra Ransomware Group Allegedly Leaks 40TB of Data from American Hospital appeared first on Cyber Security News.

A vulnerability was found in kanaka wac 385e1. It has been declared as problematic. Affected by this vulnerability is the function load_module of the file /wac-asan/wa.c of the component WASM File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-35419. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical has been found in radare2 5.8.8. Affected is an unknown function. The manipulation of the argument name/type/group leads to buffer overflow. This vulnerability is traded as CVE-2024-29646. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Adobe InDesign Desktop up to 19.5.3/20.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-47104. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe InDesign Desktop up to 19.5.3/20.2. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-47105. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2 and classified as critical. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2025-43558. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2. It has been classified as critical. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-43589. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-43590. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-43593. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe InDesign Desktop up to 19.5.3/20.2. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-47106. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-30321. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe InDesign Desktop up to 19.5.3/20.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-30317. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft experienced a significant service disruption affecting multiple Microsoft 365 services, including Teams and Exchange Online, impacting users globally whose requests were routed through the affected infrastructure. The company has confirmed that all services have now recovered following swift mitigative actions. The disruption primarily affected three core Microsoft services, causing widespread inconvenience for business users […]

The post Microsoft Investigating Teams and Exchange Online Services Disruption Impacting Users appeared first on Cyber Security News.

HackerNews 编译，转载请注明出处： 网络安全公司Insikt Group的最新分析显示，尽管自2023年7月起遭受美国制裁，Predator间谍软件仍持续吸引新用户。 该间谍软件活动在经历早期因制裁和公开曝光导致的衰退后近期再度活跃。研究团队发现其更新了基础设施网络，并首次确认莫桑比克成为新客户，凸显监控工具仍在持续扩散，尤其在非洲地区——Predator已识别的客户中超半数位于非洲大陆。此外，与捷克实体FoxITech s.r.o.的关联表明，幕后运营方Intellexa联盟仍在秘密运作。 2024年3月，美国财政部外国资产控制办公室（OFAC）宣布对Intellexa联盟的两名个人及五家实体采取行动，因其参与开发并分发用于攻击美国公民的Predator间谍软件。该监控软件还被用于监视美国政府官员、记者和政策专家。财政部警告称，商业间谍软件的扩散给美国带来日益增长的风险。该软件已被外国行为体滥用，针对全球范围内的异见人士和记者发动攻击。 Intellexa联盟成立于2019年，充当多家提供商业间谍软件及监控工具的进攻性网络公司的统一营销平台，这些工具专为定向和大规模监控活动设计。Predator间谍软件指一套可通过零点击攻击入侵受害者设备的监控工具组合，以其大规模数据窃取与监控能力著称。 Insikt Group揭露了Predator的新基础设施网络，包括规避性更新与高层级组件。研究人员在多个国家发现活动复苏证据，其中莫桑比克为新关联国家。分析还指出，第五层基础设施（Tier 5）与捷克实体FoxITech存在技术连接，而后者与Intellexa联盟相关。新版基础设施包含可能用于投送有效载荷和攻击受害者的域名。早期域名常伪装成新闻媒体等合法站点，而近期域名改用随机英文或葡萄牙语词汇组合（部分暗示特定目标区域，如伊拉克库尔德斯坦的Badinan地区）。这些域名多通过PublicDomainRegistry注册，且托管网络范围更广，反映出逃避检测的意图。 Predator基础设施已升级为更复杂的五层架构。前四层通过多重路由隐藏间谍软件源头，其中第四层常指向客户所在国家的IP地址。仍具神秘色彩的第五层（Tier 5）则关联捷克公司FoxITech——该公司与Intellexa联盟存在联系。运营方还启用虚假网站（如伪造的404错误页面、登录界面或模拟活动网站）作为欺骗策略。这些调整表明Predator仍是网络领域中持续存在且适应性极强的威胁。 “尽管仅前四层基础设施直接关联Predator客户的操作网络，但Insikt Group持续监测被称为第五层的附加层级——该层级在Predator相关操作中似乎扮演核心角色（具体机制尚不明确）”，报告指出，“第五层服务器已关联捷克实体FoxITech s.r.o.，该公司此前公开资料显示与Intellexa存在关联。” 自2024年3月起，Insikt Group追踪到Predator在十余个国家的活动。部分区域（如刚果民主共和国和安哥拉）在公开曝光后活动曾暂停，但安哥拉于2025年初重启操作。莫桑比克作为新用户出现，其关联域名和IP地址指向一个仍在使用虚假新闻及生活类网站的活动运营方。另一短暂出现的集群（可能关联东欧）暗示其正在进行技术测试或应对新制裁。 “Insikt Group发现的证据表明，尽管媒体广泛报道且针对Intellexa及相关实体的制裁持续实施，Predator仍在包括莫桑比克在内的地区被使用”，报告总结称，“尽管观察到近期活动，但疑似运营商数量较早期报告减少，表明公开曝光、制裁及相关措施可能已对Intellexa造成运营成本压力。此外，Predator运营商历史上长期保持稳定操作手法，但最新发现揭示其已采用新策略以规避检测。”       消息来源： securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Choosing the right DCIM software is crucial for effective data center management. This comparison of Hyperview and Nlyte evaluates them across five key factors: cost, user experience, features, scalability, and customer support, helping you decide which is the better fit for your needs.

The post Hyperview DCIM vs. Nlyte DCIM: Which Software is Right for You? appeared first on Hyperview.

The post Hyperview DCIM vs. Nlyte DCIM: Which Software is Right for You? appeared first on Security Boulevard.

Security researchers have uncovered an active cyberattack campaign targeting Langflow servers through CVE-2025-3248, a critical remote code execution vulnerability that allows threat actors to deploy the sophisticated Flodrix botnet malware. The attacks demonstrate how cybercriminals are rapidly weaponizing newly disclosed vulnerabilities to compromise cloud infrastructure and expand their botnet operations. CVE-2025-3248, rated with a CVSS […]

The post Hackers Actively Exploiting Langflow RCE Vulnerability to Deploy Flodrix Botnet appeared first on Cyber Security News.

HackerNews 编译，转载请注明出处： 英国知名俄罗斯问题研究专家基尔·贾尔斯（Keir Giles）上周末宣布，其多个电子邮箱账户遭黑客以“复杂账户接管”手段攻击，攻击者伪装成美国国务院人员。贾尔斯在领英发布的警告中提醒联系人谨慎处理任何看似由其发送的异常邮件。贾尔斯是《俄罗斯对所有人的战争》一书作者，同时担任智库查塔姆研究所（Chatham House）顾问研究员。 贾尔斯写道：“根据我们应对复杂账户接管攻击的长期经验，攻击者在被锁定前获取的信息（包括您或他人发送给我的消息）很可能被用于未来污染性数据泄露。”此前在去年，贾尔斯已成为为俄罗斯情报部门服务的黑客目标，这些黑客持续冒充研究人员与学者，试图侵入其同事邮箱账户，但当时贾尔斯的账户未被攻破。 网络安全公司Secureworks与Mandiant对针对贾尔斯的钓鱼邮件、附件及凭证窃取基础设施进行了独立分析。两家公司均认为，此次攻击由国家支持的黑客组织实施，该组织被追踪命名为Iron Frontier、Calisto、Coldriver或Star Blizzard。英国政府评估其隶属于俄罗斯情报机构，并于2013年将其归因于俄联邦安全局（FSB）第18中心（Center 18） ——英国政府曾为此召见俄罗斯大使，指控克里姆林宫幕后主导一系列“持续但未遂”的黑客泄密行动，意图破坏民主制度。 与此同时，美国司法部起诉了参与第18中心钓鱼活动的两名俄罗斯公民：FSB官员鲁斯兰·亚历山德罗维奇·佩列季亚特科（Ruslan Aleksandrovich Peretyatko） 及欺诈域名创建者安德烈·斯坦尼斯拉沃维奇·科里涅茨（Andrey Stanislavovich Korinets） ，相关行动可追溯至2016年。英国政府披露，该组织在英国的既往目标包括英国秘密情报局（MI6）前局长理查德·迪尔洛夫爵士（Sir Richard Dearlove） ，以及致力于反制俄罗斯信息战的智库“治国方略研究所”（Institute for Statecraft）。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as problematic has been found in weblate up to 5.11. This affects an unknown part of the component OTP. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is uniquely identified as CVE-2025-47951. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.