Aggregator

Experts at Palo Alto Networks’ Unit 42 have uncovered a new cyber-espionage campaign targeting the telecommunications sector in Southeast Asia. At the heart of these operations lies a threat actor identified as CL-STA-0969, closely...

The post The Telecom Threat: Liminal Panda’s Covert Campaign Targets Southeast Asian Critical Infrastructure appeared first on Penetration Testing Tools.

In the autumn of 2024, Microsoft reintroduced a controversial feature in Windows called Recall—an artificial intelligence system that periodically captures screenshots, allowing users to later search through their entire on-screen activity. Marketed as a...

The post The Dark Side of Recall: Microsoft’s AI Feature is Still Capturing Sensitive Data and Poses Grave Security Risks appeared first on Penetration Testing Tools.

For nearly a year, a malicious module known as Plague evaded detection by Linux security solutions, despite its active proliferation and deep entrenchment within one of the system’s most critical components—the authentication stack. Its...

The post Plague Backdoor: New Linux Malware Infiltrates Authentication Stack, Evading Detection for a Year appeared first on Penetration Testing Tools.

Mozilla has issued a stark warning to Firefox extension developers regarding a new phishing campaign targeting their accounts on the official AMO platform (addons.mozilla.org). This ecosystem encompasses over 60,000 extensions and more than half...

The post Mozilla Warns Firefox Extension Developers of New Phishing Campaign Targeting AMO Accounts Tags: Mozilla, Firefox, Add-on appeared first on Penetration Testing Tools.

A malicious package discovered in the NPM ecosystem by researchers at Safety turned out to be far more than a simple trojan for cryptocurrency theft—it stood as a striking example of an attack orchestrated...

The post AI is the New Malware: AI-Generated Python Package Infects 1,500+ with Stealthy Crypto-Stealer appeared first on Penetration Testing Tools.

Cyberattacks in the first half of 2025 have accelerated to a terrifying new pace. From credential theft and ransomware assaults to leaks of sensitive information and mass session hijackings, nearly every metric in Flashpoint’s...

The post The Infostealer Epidemic: Cybercrime Surges 800% in 2025, Fueled by Stolen Digital Identities appeared first on Penetration Testing Tools.

一个威胁者一直在滥用科技公司的链接包装服务来掩盖恶意链接，这些链接会导致微软365网络钓鱼页面收集登录凭证。

从6月到7月，攻击者利用了网络安全公司Proofpoint和云通信公司Intermedia的URL安全功能。一些电子邮件安全服务包括链接包装功能，该功能将邮件中的url重写为受信任的域，并通过一个扫描服务器进行扫描，以阻止恶意目标。

使网络钓鱼网址合法化

Cloudflare的电子邮件安全团队发现，攻击者在入侵Proofpoint和intermedia保护的电子邮件帐户后，将恶意url合法化，并可能利用他们未经授权的访问来分发“清洗”的链接。

研究人员发现，攻击者以各种方式滥用Proofpoint链接包装，包括通过受损帐户使用URL缩短器进行多层重定向滥用。

攻击者添加了一个混淆层，在从受保护的账户发送恶意链接之前，首先缩短恶意链接，然后自动包装链接。攻击者用虚假的语音邮件通知或共享的微软团队文件来引诱受害者。在重定向链的末端是一个收集凭据的Microsoft Office 365钓鱼页面。

利用链接包装功能分发的微软365钓鱼邮件

在滥用Intermedia服务的活动中，威胁者发送电子邮件，假装是“Zix”安全消息通知，以查看安全文档，或冒充微软团队通知新消息。

据称指向该文件的链接是一个由Intermedia服务包装的URL，并被重定向到一个假页面，该页面来自数字和电子邮件营销平台Constant Contact，该平台托管了该钓鱼页面。点击虚假Teams通知中的回复按钮，就会进入一个收集登录凭证的微软网络钓鱼页面。

Cloudflare的研究人员表示，通过用合法的电子邮件保护url来伪装恶意目的地，威胁者增加了成功攻击的几率。需要注意的是，滥用合法服务来传递恶意有效负载并不是什么新鲜事，但利用链接包装安全特性是网络钓鱼领域的最新发展。

The ShadowSyndicate infrastructure—also known by the alias Infra Storm—has come under intense scrutiny from cybersecurity professionals following its significant overlaps with some of the world’s most notorious ransomware operations. Active since mid-2022, the group...

The post Unmasked: ShadowSyndicate’s Global Ransomware Empire Blurs Lines Between Cybercrime and Geopolitical Espionage appeared first on Penetration Testing Tools.

Experts at the Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean threat group APT37. This latest iteration employs an unusually covert method of hiding...

The post APT37’s Stealthy RoKRAT Malware Uses Steganography in JPEGs to Evade Detection appeared first on Penetration Testing Tools.