Aggregator

当前网络环境异常，请完成验证后继续访问。

文章介绍了一种新型钓鱼工具包Salty2FA，该工具可绕过多重双因素认证方法，对企业账户构成威胁。已在美国和欧盟的金融、能源等行业中发现其活动踪迹。该工具利用多阶段攻击链和规避基础设施窃取凭证和2FA代码。企业需加强MFA策略、员工培训和行为检测以应对威胁。

Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses.  Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at

Salesloft has announced the restoration of its integration with Salesforce following the incident linked to the Drift platform

The post Salesloft Restores Salesforce Integration After GitHub & AWS Breach appeared first on Penetration Testing Tools.

At the end of August, GreyNoise recorded a sharp surge in scanner activity targeting Cisco ASA devices. Experts

The post Warning: Massive Botnet Is Scanning for Cisco ASA Vulnerabilities appeared first on Penetration Testing Tools.

Researchers at FortiGuard Labs have documented a new campaign deploying the MostereRAT remote access trojan, which targets Windows

The post MostereRAT: The New Trojan Using Legitimate Tools to Attack appeared first on Penetration Testing Tools.

Perforce Software has expanded its software testing and synthetic data offerings with the introduction of AI-powered synthetic data generation. Delphix AI introduces a new language model embedded into the Delphix DevOps Data Platform, allowing teams to automatically deliver synthetic data across the development lifecycle. Uniting data masking, data delivery, and synthetic data generation in a single platform, and boosting it with AI, Delphix provides an enterprise-grade solution for DevOps acceleration, privacy compliance, and AI/ML model … More →

The post Perforce expands DevOps Data Platform with AI-driven synthetic data generation appeared first on Help Net Security.

Researchers at Silent Push have uncovered infrastructure linked to the Chinese cyber-espionage groups Salt Typhoon and UNC4841. The

The post Salt Typhoon: New Evidence Reveals Years of Chinese Cyber-Espionage appeared first on Penetration Testing Tools.

文章探讨了卫星技术如何推动去中心化互联网的发展，通过Starlink和DePIN项目实现更安全、高效的网络连接，并利用量子密钥分发等技术提升安全性。

The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S.–China trade talks. "These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business

Researchers at Arctic Wolf have reported a new campaign, dubbed GPUGate, in which adversaries exploit Google Ads and

The post GPUGate: The Supply Chain Attack That Hides Malware in Plain Sight appeared first on Penetration Testing Tools.

这篇文章探讨了AI搜索引擎市场的增长与竞争格局，指出Google在该领域的主导地位及其技术优势，并分析了新兴技术对现有市场格局的潜在影响。

An independent researcher named Alexander Popov has unveiled a novel exploitation technique for a critical Linux kernel vulnerability,

The post A Pwnie-Winning Exploit Shows How to Hack the Linux Kernel appeared first on Penetration Testing Tools.

微软9月修复了80个漏洞，包括两个零日漏洞和一个严重远程代码执行漏洞。其中两个零日分别影响Windows SMB Server和SQL Server的 Newtonsoft.Json组件。最严重的是HPC Pack中的远程代码执行漏洞（CVSS 9.8），可能被蠕虫利用。微软建议采取安全措施以应对这些风险。

Microsoft Patch Tuesday security updates for September 2025 fixed 80 vulnerabilities, including two publicly disclosed zero-day flaws. Microsoft Patch Tuesday security updates for September 2025 addressed 80 vulnerabilities in Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, Hyper-V, SQL Server, Defender Firewall Service, and Xbox (yup – Xbox!). Eight of the […]

At least eighteen widely used JavaScript packages on NPM—with a combined weekly download volume exceeding two billion—were briefly

The post Phishing Attack Compromises 18 Popular NPM Packages appeared first on Penetration Testing Tools.

文章讨论了犯罪在电视剧中常常得逞的现象，并列举了8部相关剧集，探讨虚构世界中犯罪行为的成功及其对现实的启示。

Xage Security has released zero trust platform designed to secure AI environments. Built on the same proven zero trust principles Xage uses to protect critical infrastructure, the platform delivers control over AI data access, tool usage, and multi-agent workflows, eliminating jailbreak risks and ending AI adoption anxiety. As the race to adopt AI continues, so too does the fear of unintended consequences, like rogue AI behavior and sensitive data leaks. Organizations want the competitive edge … More →

The post Xage Fabric prevents unauthorized access and sensitive data exposure appeared first on Help Net Security.

DeepProbe 是一个开源工具框架，用于自动化内存取证分析。它结合 Volatility 框架和专家检测逻辑，通过预定义基线和关联异常信号生成可操作的结果。该工具支持多种操作系统内存分析，并提供与 MITRE ATT&CK 战术映射的检测类别，帮助分析师快速识别攻击行为并减少误报。

DNS欺骗通过伪造域名解析将用户引导至仿冒网站，窃取敏感信息。该攻击隐蔽性强，用户难以察觉。