Aggregator

XMSRC 2025年中致谢公告

AI教父辛顿在2023年离开谷歌后，从AI乐观派转变为风险派，在最新播客访谈中深度阐述了对AI威胁的担忧。他认为AI发展已无法叫停，估计超级智能出现的概率在10%-20%之间，可能在10-20年内实现。辛顿详细分析了AI带来的两大类风险：人类滥用AI（网络攻击激增1200%、生物武器门槛降低、选举操纵、回音室效应加剧）和AI自主威胁（自主杀伤武器、大规模失业危机）。他指出数字智能在信息共享、学习效率和不朽性方面具有根本优势，当前AI系统可能已具备主观体验和情感。辛顿强调最大挑战是确保AI永远不想伤害人类，而非阻止其获得相关能力。他呼吁政府强制企业投入更多资源进行AI安全研究，并对自己毕生工作可能带来的潜在灾难性后果表达了深刻反思，认为监管总是滞后于技术发展，人类需要重新定义在AI时代的存在价值。

Regional APT Threat Situation Overview In April 2025, the global threat hunting system of Fuying Lab discovered a total of 20 APT attack activities. These activities are mainly distributed in East Asia, South Asia, Middle East and Eastern Europe, as shown in the following figure. In terms of group activity, the most active APT group […]

The post NSFOCUS APT Monthly Briefing – April 2025 appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post NSFOCUS APT Monthly Briefing – April 2025 appeared first on Security Boulevard.

HackerNews 编译，转载请注明出处： 攻击者据称已入侵瑞典主要制造商斯堪尼亚（Scania），从其企业保险部门窃取了数万份文件。 宣布这起所谓泄露事件的帖子出现在一个流行的“仅限邀请”的黑客论坛上，网络犯罪分子利用该论坛买卖被盗数据。攻击者称，他们设法渗透进了斯堪尼亚的企业保险部门。 这些网络犯罪分子声称窃取了34,000份从未向公众开放过的文件。截至撰写本文时，尚不清楚这些文件中可能包含何种信息。 斯堪尼亚的企业保险网站现已下线。然而，斯堪尼亚的企业保险涵盖该公司的商用车辆，这意味着暴露的文件可能包括客户信息以及通过车辆识别号码(VINs)所对应的车辆信息。 攻击者声称获取数据的那个斯堪尼亚网站目前无法访问。访客会看到一条消息，内容为：“我们目前正在对VabisLine系统进行维护。该系统已暂时下线。” 目前尚不清楚此次维护是否与所声称的黑客攻击有关。 斯堪尼亚是一家主要的商用车制造商。根据该公司2025年第一季度的财务报告，斯堪尼亚占据了欧洲商用车市场近19%的份额。该公司在全球拥有59,000名员工，2024年报告的营收超过220亿美元。 攻击者经常以汽车制造商为目标，因为大型跨国公司拥有大量敏感的企业和客户数据，并且在敲诈勒索的情况下有资源支付赎金。本月早些时候，攻击者称已入侵德国汽车巨头大众汽车集团（Volkswagen Group）。       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

修订中要解决的系列问题

HackerNews 编译，转载请注明出处： 一场覆盖全欧洲的执法行动已成功取缔暗网上运行时间最长的毒品交易平台Archetyp Market。6月11日至13日期间，六国执法机构展开协调突袭行动，针对该平台基础设施及核心成员实施打击。此次代号为“深空哨兵行动（Operation Deep Sentinel）”的行动由德国、荷兰、罗马尼亚、西班牙和瑞典联合开展，并获欧洲刑警组织（Europol）、欧洲司法组织（Eurojust）及美国当局支持。约300名执法人员参与行动，最终实现平台下线、逮捕多名涉案人员，并查获约780万欧元（约合人民币6084万元）资产。 Archetyp Market运营时间超过五年，吸引全球逾60万用户，累计促成交易额超2.5亿欧元（约合人民币19.5亿元）。该平台提供超过17,000条商品清单，包括芬太尼等合成阿片类药物——这类物质在欧洲乃至全球日益成为用药过量致死事件的关联因素。 该平台30岁的德国籍管理员在巴塞罗那被捕，同时德国与瑞典执法部门对一名平台版主及六名顶级供应商采取行动。平台位于荷兰的技术基础设施已被完全拆除。 此次取缔标志着同类犯罪平台中最稳固的据点之一走向终结。除可卡因、摇头丸（MDMA）及苯丙胺等毒品外，Archetyp Market因促成高风险物质的匿名交易而臭名昭著，其性质与昔日暗网平台“Silk Road”、“Dream Market”如出一辙。 欧洲刑警组织行动副局长让-菲利普·勒库夫（Jean-Philippe Lecouffe） 表示：“此次行动铲除了暗网历史最悠久的毒品市场之一，切断了全球最危险物质的主要供应链。通过摧毁其基础设施并逮捕关键人物，我们传递了明确信号：伤害牟利者没有安全港。” 此次行动基于对该平台网络及运营的多年调查。当局通过追踪金融交易、分析法证证据，并与国际同行密切合作，最终锁定平台幕后人员。调查仍在进行中，或引发更多逮捕或起诉。执法部门强调，跨境协作与定向技术专长在平台关停中发挥了关键作用。 目前该平台原网址已被查封通告取代，并发布针对地下经济参与者的警示信息。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

The Gunra ransomware group escalated its attack on American Hospital Dubai (AHD), a premier healthcare facility in Dubai, UAE, by releasing new evidence of a major cyberattack. The group claims to have leaked 40 terabytes of sensitive data, including personal demographics, credit card details, Emirates ID numbers, health records, and internal documents, following an initial […]

The post Gunra Ransomware Group Allegedly Leaks 40TB of Data from American Hospital appeared first on Cyber Security News.

A vulnerability was found in kanaka wac 385e1. It has been declared as problematic. Affected by this vulnerability is the function load_module of the file /wac-asan/wa.c of the component WASM File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-35419. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical has been found in radare2 5.8.8. Affected is an unknown function. The manipulation of the argument name/type/group leads to buffer overflow. This vulnerability is traded as CVE-2024-29646. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Adobe InDesign Desktop up to 19.5.3/20.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-47104. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe InDesign Desktop up to 19.5.3/20.2. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-47105. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2 and classified as critical. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2025-43558. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2. It has been classified as critical. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-43589. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-43590. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-43593. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe InDesign Desktop up to 19.5.3/20.2. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-47106. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 19.5.3/20.2 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-30321. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe InDesign Desktop up to 19.5.3/20.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-30317. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft experienced a significant service disruption affecting multiple Microsoft 365 services, including Teams and Exchange Online, impacting users globally whose requests were routed through the affected infrastructure. The company has confirmed that all services have now recovered following swift mitigative actions. The disruption primarily affected three core Microsoft services, causing widespread inconvenience for business users […]

The post Microsoft Investigating Teams and Exchange Online Services Disruption Impacting Users appeared first on Cyber Security News.

HackerNews 编译，转载请注明出处： 网络安全公司Insikt Group的最新分析显示，尽管自2023年7月起遭受美国制裁，Predator间谍软件仍持续吸引新用户。 该间谍软件活动在经历早期因制裁和公开曝光导致的衰退后近期再度活跃。研究团队发现其更新了基础设施网络，并首次确认莫桑比克成为新客户，凸显监控工具仍在持续扩散，尤其在非洲地区——Predator已识别的客户中超半数位于非洲大陆。此外，与捷克实体FoxITech s.r.o.的关联表明，幕后运营方Intellexa联盟仍在秘密运作。 2024年3月，美国财政部外国资产控制办公室（OFAC）宣布对Intellexa联盟的两名个人及五家实体采取行动，因其参与开发并分发用于攻击美国公民的Predator间谍软件。该监控软件还被用于监视美国政府官员、记者和政策专家。财政部警告称，商业间谍软件的扩散给美国带来日益增长的风险。该软件已被外国行为体滥用，针对全球范围内的异见人士和记者发动攻击。 Intellexa联盟成立于2019年，充当多家提供商业间谍软件及监控工具的进攻性网络公司的统一营销平台，这些工具专为定向和大规模监控活动设计。Predator间谍软件指一套可通过零点击攻击入侵受害者设备的监控工具组合，以其大规模数据窃取与监控能力著称。 Insikt Group揭露了Predator的新基础设施网络，包括规避性更新与高层级组件。研究人员在多个国家发现活动复苏证据，其中莫桑比克为新关联国家。分析还指出，第五层基础设施（Tier 5）与捷克实体FoxITech存在技术连接，而后者与Intellexa联盟相关。新版基础设施包含可能用于投送有效载荷和攻击受害者的域名。早期域名常伪装成新闻媒体等合法站点，而近期域名改用随机英文或葡萄牙语词汇组合（部分暗示特定目标区域，如伊拉克库尔德斯坦的Badinan地区）。这些域名多通过PublicDomainRegistry注册，且托管网络范围更广，反映出逃避检测的意图。 Predator基础设施已升级为更复杂的五层架构。前四层通过多重路由隐藏间谍软件源头，其中第四层常指向客户所在国家的IP地址。仍具神秘色彩的第五层（Tier 5）则关联捷克公司FoxITech——该公司与Intellexa联盟存在联系。运营方还启用虚假网站（如伪造的404错误页面、登录界面或模拟活动网站）作为欺骗策略。这些调整表明Predator仍是网络领域中持续存在且适应性极强的威胁。 “尽管仅前四层基础设施直接关联Predator客户的操作网络，但Insikt Group持续监测被称为第五层的附加层级——该层级在Predator相关操作中似乎扮演核心角色（具体机制尚不明确）”，报告指出，“第五层服务器已关联捷克实体FoxITech s.r.o.，该公司此前公开资料显示与Intellexa存在关联。” 自2024年3月起，Insikt Group追踪到Predator在十余个国家的活动。部分区域（如刚果民主共和国和安哥拉）在公开曝光后活动曾暂停，但安哥拉于2025年初重启操作。莫桑比克作为新用户出现，其关联域名和IP地址指向一个仍在使用虚假新闻及生活类网站的活动运营方。另一短暂出现的集群（可能关联东欧）暗示其正在进行技术测试或应对新制裁。 “Insikt Group发现的证据表明，尽管媒体广泛报道且针对Intellexa及相关实体的制裁持续实施，Predator仍在包括莫桑比克在内的地区被使用”，报告总结称，“尽管观察到近期活动，但疑似运营商数量较早期报告减少，表明公开曝光、制裁及相关措施可能已对Intellexa造成运营成本压力。此外，Predator运营商历史上长期保持稳定操作手法，但最新发现揭示其已采用新策略以规避检测。”       消息来源： securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文