Aggregator

研究人员发现了一种新的安卓银行木马HOOK变种，其特点是能够显示全屏勒索覆盖层以胁迫受害者支付赎金。该恶意软件可远程控制设备，包括发送短信、截屏、拍照及窃取加密货币钱包信息。HOOK通过钓鱼网站和伪造GitHub仓库传播，并结合间谍ware和勒索ware战术，对金融机构和个人构成威胁。

Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. "A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment," Zimperium zLabs researcher Vishnu Pratapagiri

Data I/O has revealed operational disruption following a ransomware breach that forced it to take some systems offline

Matrix社区重启周报，热议Mac游戏体验及夏日驱蚊产品选择。用户分享Mac游戏体验与限制，探讨驱蚊产品效果与使用建议，并推荐便携折叠钱包与米家便携即热饮水机等新玩意。

欧盟《网络弹性法案》旨在提升软件安全性。专家Emily Fox和Roman Zhukov分享了在开源软件领域教育监管机构和项目的实践经验，并致力于制定安全基线，帮助项目维护者专注开发。

英特尔周一警告，美国政府控制 10% 股份可能会在其它国家引发负面反应。美国政府上周与英特尔达成协议，将 88.7 亿美元的联邦芯片补贴变为投资，换取芯片巨人 10% 股份。然而英特尔 76% 的收入来自国际市场，其中中国的收入占到了英特尔总收入的 29%。英特尔在递交到证券监管机构的证券申报文件中警告，在美国政府持有部分股份之后，外国政府可能会英特尔施加额外监管，可能会阻止其它国家向其提供补贴，此举也可能限制其战略灵活性。

英特尔警告称，美国政府持有其10%股份可能在国际市场引发负面反应，尤其是中国占其收入29%。

Hyperbole通过夸张手法区分普通与非凡，使平凡变得壮丽，并探讨故事的可信度与作者背景。

文章探讨了DevOps实践中量化技术债务的方法与策略。技术债务分为狭义（代码、设计、测试等）与广义（流程管理、组织架构等）两类。作者从诊脉（快速定位明显债务）、破局（工具链与数据量化）、守城（可视化与文化融入）三阶段阐述解决方案，并提醒需集中攻坚、管理重塑及把握修复时机。

文章探讨了Hyperbole通过夸张手法提升故事可信度的方式，将平凡事物变得非凡。

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2024-8069 is a limited remote code execution with privilege […]

美国网络安全与基础设施安全局（CISA）将Citrix Session Recording和Git中的三个漏洞加入已知被利用的漏洞目录，涉及反序列化、权限管理和配置处理问题。这些漏洞可能导致远程代码执行或权限提升。CISA要求联邦机构于2025年9月前修复相关问题以防范攻击。

A malvertising campaign using sponsored results on Microsoft’s search platform delivered a weaponized PuTTY that established persistence, enabled hands-on keyboard control, and executed Kerberoasting to target Active Directory service accounts. According to an investigation published by LevelBlue’s MDR SOC and corroborated by independent research tracking Oyster/Broomstick backdoor activity tied to trojanized admin tools distributed via […]

The post Weaponized PuTTY Via Bing Ads Exploit Kerberos and Attack Active Directory Services appeared first on Cyber Security News.

Auchan теряет данные и лицо одновременно.

A vulnerability, which was classified as critical, was found in Salesforce Tableau Server up to 2023.3.18/2024.2.11/2025.1.2. Affected by this vulnerability is an unknown functionality of the component Flow Editor Module. Such manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-26497. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Salesforce Tableau Server up to 2023.3.18/2024.2.11/2025.1.2 and classified as critical. Affected by this issue is some unknown functionality of the component establish-connection-no-undo. Performing manipulation results in unrestricted upload. This vulnerability is known as CVE-2025-26498. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in oitcode samarium up to 0.9.6. It has been declared as problematic. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-9422. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. This vulnerability is documented as CVE-2025-9424. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. This vulnerability is reported as CVE-2025-9425. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. This vulnerability appears as CVE-2025-9426. The attack may be performed from a remote location. In addition, an exploit is available.