Aggregator
IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without authorization. Tracked as CVE-2025-0164, the flaw stems from improper permission assignment and carries a CVSS 3.1 base score of 2.3 (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Key Takeaways1. CVE-2025-0164 in QRadar SIEM v7.5–7.5.0 UP13 IF01 lets privileged […]
The post IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions appeared first on Cyber Security News.
Три года ожидания, две страны, один хакер. Суд решает, кто получит судьбу администратора RaidForums
全球人口正以更快的速度收缩
CISA at Risk After OIG Accuses it of Wasting Federal Funds
BlackNevas Ransomware Encrypts Files, Exfiltrates Corporate Data
Countries with most cyberattacks stopped highlighting global cyber defense efforts, including key regions in Asia-Pacific and North America. BlackNevas has released a comprehensive attack strategy spanning three major regions, with the Asia-Pacific area bearing the heaviest burden of attacks at 50% of total operations. The group’s primary targets in this region include major economies such as […]
The post BlackNevas Ransomware Encrypts Files, Exfiltrates Corporate Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
'Lies-in-the-Loop' Attack Defeats AI Coding Agents
Great Firewall of China’s Sensitive Data of Over 500GB+ Leaked Online
The Great Firewall of China (GFW) suffered its largest-ever internal data breach. More than 500 GB of sensitive material—including source code, work logs, configuration files, and internal communications—was exfiltrated and published online. The breach stems from Geedge Networks and the MESA Lab at the Institute of Information Engineering, Chinese Academy of Sciences. The leaked archive […]
The post Great Firewall of China’s Sensitive Data of Over 500GB+ Leaked Online appeared first on Cyber Security News.
Qilin
You must login to view this content
Qilin
You must login to view this content
DarkCloud Stealer Attacking Financial Companies With Weaponized RAR Attachments
DarkCloud Stealer has recently emerged as a potent threat targeting financial organizations through convincing phishing campaigns. Adversaries employ weaponized RAR attachments masquerading as legitimate documents to deliver a multi-stage JavaScript-based payload. Upon opening the archive, victims execute a VBE script that leverages Windows Script Host to initiate a PowerShell downloader hidden in innocuous-seeming image files. […]
The post DarkCloud Stealer Attacking Financial Companies With Weaponized RAR Attachments appeared first on Cyber Security News.
LangChainGo Vulnerability Allows Malicious Prompt Injection to Access Sensitive Data
A recently discovered flaw in LangChainGo, the Go implementation of the LangChain framework for large language models, permits attackers to read arbitrary files on a server by injecting malicious prompt templates. Tracked as CVE-2025-9556, this vulnerability arises from the use of the Gonja template engine, which supports Jinja2 syntax and can be manipulated to perform […]
The post LangChainGo Vulnerability Allows Malicious Prompt Injection to Access Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
FBI Releases IOCs on Cyber Threats Exploiting Salesforce for Data Theft
The Federal Bureau of Investigation (FBI) has released a detailed flash advisory disclosing indicators of compromise (IOCs) and tactics used by two cybercrime groups—UNC6040 and UNC6395—to breach Salesforce customer environments and siphon sensitive data. Coordinated with the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS/CISA), the bulletin aims to equip security teams and […]
The post FBI Releases IOCs on Cyber Threats Exploiting Salesforce for Data Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
上周关注度较高的产品安全漏洞(20250908-20250914)
CNVD漏洞周报2025年第35期
黑客滥用iCloud日历邀请发送钓鱼邮件 借苹果服务器绕过垃圾邮件过滤
黑客正滥用iCloud日历邀请功能,以苹果邮件服务器名义发送伪装成购买通知的回电钓鱼邮件。由于这类邮件直接发自苹果官方服务器,因此更有可能绕过垃圾邮件过滤器,直接进入目标用户的收件箱。
钓鱼邮件伪装成PayPal支付通知
本月初,一苹果用户在社交媒体上分享了一封可疑邮件:该邮件声称收件人的PayPal账户被扣除599美元,并提供了一个电话号码,称若需讨论付款事宜或进行修改可拨打联系。
邮件内容写道:“您好,客户。您的PayPal账户已被扣费599.00美元。我们特此确认已收到您最近的付款。” 后续补充道:“如您希望讨论或修改此笔付款,请拨打+1 (786) 902-8579联系我们的支持团队。如需取消,请拨打+1 (786) 902-8579。”
iCloud日历邀请用于网络钓鱼邮件
这类邮件的目的是欺骗收件人,使其误以为自己的PayPal账户遭盗用并被恶意扣费,进而恐吓收件人拨打骗子的“支持”电话。一旦拨通,骗子会进一步谎称收件人账户已被盗,或声称需要远程连接电脑协助办理退款,诱骗用户下载并运行恶意软件。
而在以往的类似骗局中,这种远程访问权限常被用于窃取银行账户资金、植入恶意软件或盗取电脑中的数据。
滥用iCloud日历邀请的技术细节
该邮件的诱饵内容虽属典型的回电钓鱼骗局,但异常之处在于其发件地址为“[email protected]”,且通过了SPF、DMARC和DKIM三项邮件安全验证——这意味着邮件确实发自苹果的官方服务器。
邮件验证结果显示:
Authentication-Results: spf=pass (sender IP is 17.23.6.69)
smtp.mailfrom=email.apple.com; dkim=pass (signature was verified)
header.d=email.apple.com;dmarc=pass action=none header.from=email.apple.com;
从这封钓鱼邮件来看,它本质上是一封iCloud日历邀请:攻击者将钓鱼文本写入“备注”字段,然后向自己控制的一个Microsoft 365邮箱地址发送邀请。
当用户创建iCloud日历活动并邀请外部人员时,苹果服务器会以“[email protected]”为发件地址,以iCloud日历所有者的名义从email.apple.com发送邮件邀请。
文章举例获取的这封邮件中,邀请对象是一个Microsoft 365账户“[email protected]”。与此前利用PayPal“新地址”功能的钓鱼活动类似,这个被邀请的Microsoft 365邮箱实际是一个邮件列表——它会自动将收到的所有邮件转发给列表中的所有成员,而这些成员正是钓鱼骗局的目标。
通常情况下,若邮件最初发自苹果服务器,经Microsoft 365转发后会无法通过SPF验证。为避免这一问题,Microsoft 365会使用“发件人重写方案(SRS)”将“回复路径”重写为微软关联地址,从而使其通过SPF验证。例如:
原始回复路径:[email protected]
重写后回复路径:[email protected]
风险提示与平台回应
尽管这封钓鱼邮件的诱饵内容并无特别之处,但攻击者通过滥用iCloud日历邀请这一合法功能,并借助苹果邮件服务器及官方邮箱地址,为邮件增添了可信度,且因其发自可信来源,有可能绕过垃圾邮件过滤器。
若用户收到意外的日历邀请,且其中包含可疑信息,请务必保持警惕。截至目前苹果公司尚未就此事进行回复。
«С помощью танка сайт не отключишь». Хакеры теперь сражаются бок о бок с солдатами
情报每周回顾 2025-09-14
Phishing Campaigns Drop RMM Tools for Remote Access
New Yurei Ransomware With PowerShell Commands Encrypts Files With ChaCha20 Algorithm
Emerging in early September 2025, the Yurei ransomware has swiftly drawn attention for its novel combination of Go-based execution and ChaCha20 encryption. First documented on September 5 when a Sri Lankan food manufacturer fell victim, the threat actor behind Yurei adopted a double-extortion model: encrypting files while exfiltrating sensitive data for additional leverage. Within days, […]
The post New Yurei Ransomware With PowerShell Commands Encrypts Files With ChaCha20 Algorithm appeared first on Cyber Security News.