Aggregator

Experts at the Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean threat group APT37. This latest iteration employs an unusually covert method of hiding...

The post APT37’s Stealthy RoKRAT Malware Uses Steganography in JPEGs to Evade Detection appeared first on Penetration Testing Tools.

本报告通过多源情报分析，剖析漏洞趋势、攻击链、行业影响，并提出全景防御框架，旨在为企业和相关机构提供全面、准确的漏洞信息，助力其制定有效的安全防护策略。

微软Windows系统中存在一个30年的漏洞，涉及文件属性显示功能：当用户缺乏“读取扩展属性”权限时，“Properties” shell扩展无法正确显示安全提示信息（如“此文件来自其他计算机”），尽管这并不影响数据流的读取。

A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/edit_admin_query.php. The manipulation of the argument Username leads to sql injection. This vulnerability is traded as CVE-2025-8495. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Mocca Calendar up to 2.14 on XWiki. This issue affects some unknown processing. The manipulation of the argument text color leads to cross site scripting. The identification of this vulnerability is CVE-2025-52131. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenNebula Community Edition and Enterprise Edition up to EE 6.10.2/CE 6.x and classified as problematic. This issue affects some unknown processing of the component JSON Web Token Handler. The manipulation leads to race condition. The identification of this vulnerability is CVE-2025-54955. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in NVIDIA GPU Display Driver R535/R570/R575 on Windows and classified as problematic. This vulnerability affects unknown code. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability was named CVE-2025-23287. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in NVIDIA GPU Display Driver R535/R570/R575 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is known as CVE-2025-23288. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in NVIDIA GPU Display Driver R570. It has been declared as critical. This vulnerability affects unknown code of the component Virtual GPU Manager. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-23284. An attack has to be approached locally. There is no exploit available.

A vulnerability classified as critical was found in NVIDIA GPU Display Driver R535/R570. Affected by this vulnerability is an unknown functionality of the component Virtual GPU Manager. The manipulation leads to incorrect permission assignment. This vulnerability is known as CVE-2025-23285. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in NVIDIA GPU Display Driver R535/R570. Affected by this issue is some unknown functionality of the component Virtual GPU Manager. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-23290. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.3. It has been classified as problematic. This affects the function smb2_sess_setup of the file fs/ksmbd/smb2pdu.c of the component ksmbd. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-32255. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.3. It has been declared as problematic. This vulnerability affects unknown code of the file fs/ksmbd/auth.c of the component ksmbd. The manipulation leads to denial of service. This vulnerability was named CVE-2023-32253. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Perplexity AI 被指无视网站规则抓取内容，并通过变换 UA 和 ASN 绕过防火墙和屏蔽。Cloudflare 研究证实其行为后将其从验证机器人列表中移除，但 Perplexity 否认指控并指责 Cloudflare 推销服务。

HackerNews 编译，转载请注明出处： 华盛顿州贝灵汉市的放射诊疗机构西北放射医学中心（Northwest Radiologists）向约35万名当地居民发出通知，称其个人信息在数据泄露事件中遭泄露。该机构表示，事件发生于2025年1月25日，当日部分系统遭遇“网络中断”。机构早在3月首次披露事件时已指出，受影响系统存储的受保护健康信息（PHI）可能被波及。 此次最新通报确认，攻击者在1月20日至25日期间侵入其网络，并获取了受影响系统中的数据。泄露信息涵盖患者姓名、住址、电话号码、电子邮箱、出生日期、社会安全号码、驾照号码、政府身份证件号码、诊断及治疗细节、健康保险信息、财务与银行数据等。 该机构称已加强系统安全防护，防止类似事件重演，并向受影响个体提供免费信用监控与身份保护服务。西北放射医学中心向华盛顿州总检察长办公室通报称，共有348,118名该州居民受此次攻击影响。由于该机构在阿拉斯加州也开展业务，且事件尚未列入美国卫生与公众服务部违规通报平台，其他州居民是否受影响尚不明确。       消息来源：securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

文章介绍了HTTP错误代码521的含义及其常见原因。该错误通常由Cloudflare引发，表示服务器无法响应请求。常见原因包括服务器过载、配置错误或网络连接问题。

HackerNews 编译，转载请注明出处： 网络安全公司CTM360发现代号“ClickTok”的新型全球恶意软件活动，通过仿冒TikTok店铺传播SparkKitty间谍软件窃取加密货币资金。该间谍木马专门针对TikTok Shop全球用户设计，采用结合钓鱼与恶意软件的混合诈骗模式，欺骗平台买家及联盟计划参与者。ClickTok活动中发现的SparkKitty间谍软件与卡巴斯基此前披露的SparkCat变种高度相似，安装后渗透用户设备、访问相册并提取含加密货币钱包凭证的截图。其独特之处在于同时运用钓鱼与恶意软件技术，大幅提升攻击效果与隐蔽性。 诈骗始于仿冒TikTok商业生态（含TikTok Shop、TikTok Wholesale、TikTok Mall）。攻击者创建界面高度仿真的虚假网站诱导用户登录购物。结算环节强制要求加密货币支付，用户完成付款后，内置SparkKitty的木马化应用开始窃取设备敏感数据（包括通过读取截图获取钱包凭证），最终盗取数字资产。CTM360已完成ClickTok诈骗深度分析并发布完整报告。 攻击者核心目标分为两方面： 钓鱼网站：通过Meta广告分发虚假店铺链接，诱导用户输入登录凭证、支付信息及卖家资料并静默窃取。 木马化应用：移动端诱导用户安装携带SparkKitty的篡改版TikTok应用，该间谍软件具备深度设备监控、剪贴板窃取及凭证盗用能力。这些伪造应用界面与正版完全一致，使用户误认操作合法应用的同时在后台窃取数据。 诈骗团伙利用AI生成虚假视频及Meta广告扩大传播范围，将用户导向精心伪造的域名（形似真实TikTok网址）。截至目前CTM360已发现：超10,000个仿冒TikTok网站（多采用.top/.shop/.icu等廉价顶级域）；超5,000个恶意应用实例（通过二维码/通讯应用/应用内下载传播）；诈骗活动不仅仿冒TikTok Shop，还涉及TikTok Wholesale与TikTok Mall。 ClickTok活动通过伪造TikTok Shop登录页面窃取用户凭证，并通过木马化应用实施账户劫持。其采用替代支付架构排除传统银行卡交易，强制要求加密货币钱包付款。受害者常被诱导向伪造的TikTok钱包或泰达币（USDT）、以太币（ETH）等加密货币充值。 CTM360建议用户与机构保持警惕并采取以下防护措施： 避免下载来源不明的修改版/破解版软件（尤其警惕种子站与Telegram渠道） 输入登录或支付信息前务必手动核对域名真实性，检查拼写错误及可疑后缀 向TikTok或本国网络安全部门举报可疑内容 品牌方应借助威胁情报平台持续监测品牌滥用与仿冒趋势 部署强效杀毒或终端防护（EDR）方案预防SparkKitty入侵 加密货币用户应选用具备剪贴板保护机制的钱包       消息来源：bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

由于您未提供具体的文章内容，请提供相关文本以便我为您进行总结。

流媒体音乐平台 Spotify 宣布在全球多个地区提高订阅费用，欧洲部分市场的价格从每月 10.99 欧元上涨至 11.99 欧元。尽管分析师建议更频繁地涨价以增加收入，但 Spotify CEO 表示优先考虑长期留住订阅者而非短期收益。美国市场保持稳定，而其他地区如南亚、中东等则频繁调整价格。

Chief information security officers (CISOs) are continually tasked with understanding and deploying innovative solutions that reduce risk while increasing operational efficiency. As organizations expand their reliance on digital data and cloud-based infrastructures, the volume and complexity of security questionnaires have grown exponentially. In this environment, modernizing and streamlining these questionnaires is not simply about efficiency; […]

The post 2025 trends: Automating security questionnaires with open APIs first appeared on TrustCloud.

The post 2025 trends: Automating security questionnaires with open APIs appeared first on Security Boulevard.