Aggregator

当前环境异常，需完成验证后继续访问。

A sophisticated supply chain attack has compromised several widely-used npm packages, including eslint-config-prettier and eslint-plugin-prettier, after threat actors successfully stole maintainer authentication tokens through a targeted phishing campaign. The attack leveraged a typosquatted domain, npnjs.com, designed to mimic the legitimate npmjs.org site and harvest developer credentials through convincing phishing emails. The malicious campaign represents a […]

The post Threat Actors Hijack Popular npm Packages to Steal The Project Maintainers’ npm Tokens appeared first on Cyber Security News.

A vulnerability was found in CADImage Plugin on IrfanView. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component DWG File Parser. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-7241. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Coercer A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods. Features  Automatically detects open SMB pipes on the remote machine.  Calls one by one all...

The post Coercer: automatically coerce a Windows server to authenticate on an arbitrary machine appeared first on Penetration Testing Tools.

万字长文，慎入！

当前环境异常，需完成验证后方可继续访问。

京东领投三家具身智能公司；Uber 接入微信，上线官方小程序；抖音上线电影评分功能

当前环境出现异常问题,需完成验证后才能继续访问,系统已提供验证链接供操作.

OPPO发布K13 Turbo系列手机；乐凯C200彩色胶卷复产；英特尔终止Clear Linux开发；英伟达推出轻量化推理模型；微软关闭电影和电视商店并修复SharePoint漏洞；《仙剑奇侠传一》将动画化。

文章介绍了一项关于网络设备备份的实验，通过TFTP技术导出和导入路由器备份文件，并详细讲解了路由器与交换机的功能区别及实验步骤。

A sophisticated phishing campaign has emerged targeting Node.js developers through a meticulously crafted attack that impersonates the official npm package registry. The malicious operation utilizes the typosquatted domain npnjs.com, substituting the letter “m” with “n” to create a nearly identical copy of the legitimate npmjs.com website. This attack demonstrates an alarming evolution in supply chain […]

The post Developers Beware of npm Phishing Email That Steal Your Login Credentials appeared first on Cyber Security News.

CSOP 2025·北京站&上海站 亮点前瞻

当前环境出现异常，需完成验证后方可继续访问。

CrowdStrike 软件更新导致主机宕机、多类服务中断，如何发现？

捆绑某VPN安装程序红队测试样本分析

当前环境出现异常问题，需完成验证后方可继续访问。

Earlier this year, Microsoft published a study exposing a sweeping campaign involving the distribution of infostealers—malicious software designed to exfiltrate user data. According to the report, over one million devices were compromised, with the...

The post Piracy’s Hidden Cost: FMovies Linked to Massive Infostealer Campaign Compromising 1 Million+ Devices appeared first on Penetration Testing Tools.