Large amounts of personal information about medical professionals are available on people search sites. A new analysis by Incogni’s researchers shows how much data about doctors appears online and how easily it can be found. The findings should concern healthcare leaders who support staff safety, workforce protection, and clinical operations. Doctors have searchable profiles Researchers examined 786 medical doctors working in major U.S. hospitals. 97% of them appeared on at least one people search site. … More →
The post Data brokers are exposing medical professionals, and turning their personal lives into open files appeared first on Help Net Security.
Security researchers have uncovered a sophisticated Linux malware campaign that merges Mirai-derived DDoS botnet capabilities with a stealthy fileless cryptominer, representing a significant evolution in IoT and cloud-targeted threats. The malware, dubbed V3G4 by Cyble Research Intelligence Labs, employs a multi-stage infection chain designed to compromise Linux servers and IoT devices across multiple architectures while […]
The post New Stealthy Linux Malware Combines Mirai-Derived DDoS Botnet and Fileless Cryptominer appeared first on Cyber Security News.
Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ, and Upwind. BlackFog releases ADX Vision to block data loss from unapproved AI use BlackFog announced the availability of its newest solution, ADX Vision. Designed to secure every endpoint and every LLM interaction, ADX Vision gives organizations the visibility and control needed to manage AI securely. Operating directly on the device, it detects shadow AI … More →
The post New infosec products of the week: December 5, 2025 appeared first on Help Net Security.
China-nexus threat groups are racing to weaponize the new React2Shell bug, tracked as CVE-2025-55182, only hours after its public disclosure. The flaw sits in React Server Components and lets an attacker run code on the server without logging in. Early scans show broad probing of internet-facing React and Next[.]js apps, with a focus on high-value […]
The post China-Nexus Hackers Actively Exploiting React2Shell Vulnerability (CVE-2025-55182) in the Wild appeared first on Cyber Security News.
You must login to view this content
安卓电视平台的开源YouTube客户端SmartTube已确认遭入侵——攻击者获取开发者的数字签名密钥后,向用户推送了包含恶意代码的更新包。
此次安全事件由多名用户反馈发现:安卓内置杀毒模块Google Play Protect在部分设备上拦截了SmartTube,并向用户发出安全风险警示。
SmartTube开发者证实,其数字签名密钥于上周末被盗,导致恶意软件被注入应用程序。目前已吊销旧签名,并表示将尽快发布采用独立应用ID的新版本,同时敦促用户升级至该安全版本。
作为安卓电视、Fire TV、安卓电视盒等设备上下载量最高的第三方YouTube客户端之一,SmartTube的流行源于其免费属性、广告拦截功能,以及在低性能设备上的流畅运行表现。
一名逆向工程师对遭入侵的30.51版本进行分析后发现,该版本包含一个名为libalphasdk.so的隐藏原生库([病毒总数平台检测链接])。由于该库未出现在公开源代码中,推测是在发布构建过程中被恶意注入。
开发者表示:“这很可能是一款恶意软件。该文件并非所使用SDK的组成部分,其出现在APK安装包中完全出乎意料且存在高度可疑性。在核实其来源前,建议用户保持警惕。”
经分析,该恶意库会在后台静默运行,无需用户交互即可完成设备指纹采集、向远程服务器注册设备,并通过加密通信通道定期发送设备指标数据及获取配置指令。尽管目前尚未发现账号盗窃、参与DDoS僵尸网络等恶意行为,但攻击者可随时利用该模块发起此类攻击,潜在风险极高。
尽管开发者已在Telegram宣布发布安全测试版及稳定测试版,但这些版本尚未同步至项目官方GitHub仓库。此外,开发者未披露事件完整细节,引发用户信任危机。SmartTube表示,待新版应用正式上架F-Droid应用商店后,将全面回应所有关问题。
在开发者通过详细事后分析报告公开披露全部事件细节前,安全专家建议用户:保持使用经验证安全的旧版本、避免登录高级账户、关闭自动更新功能;受影响用户应重置Google账户密码,检查账户控制台是否存在未授权访问记录,并移除陌生关联服务。
为确保完全安全,SmartTube已从30.55版本起已切换至新签名密钥。30.47 Stable v7a版本出现不同哈希值,可能是在清理受感染系统后尝试恢复该版本所致。
ChromeAlone is a browser implant that can be used in place of conventional implants like Cobalt Strike or
The post ChromeAlone: Stealthy Browser Implant Steals Sessions and Phishes for YubiKeys appeared first on Penetration Testing Tools.
The GoldFactory group has launched a new wave of attacks targeting mobile-banking users across Southeast Asia. Disguising themselves
The post GoldFactory Malware Injects FriHook/SkyHook into Banking Apps to Exploit 11K SE Asia Users appeared first on Penetration Testing Tools.