Aggregator

“Phrack是否就此消失？”2000年10月，有读者在Slashdot发帖感叹：“这个黑客传统的消逝令人惋惜。”

Phrack的纯文本还将传承那份探索与自由的黑客精神。正如第31期所言：“无论名为何物，Phrack承载的是我们的黑客历史和初心。”这盏灯塔的光芒，将永远照亮技术世界的每一个角落。

A recent discovery by the Socket Research Team has unveiled a malicious PyPI package named set-utils, designed to steal Ethereum private keys by exploiting commonly used account creation functions. This package masquerades as a utility for Python sets, mimicking popular libraries like python-utils and utils, thereby deceiving developers into installing it. Since its release it […]

The post New PyPI Malware Targets Developers to Steal Ethereum Wallets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent cybersecurity threat has emerged where unknown attackers are exploiting a critical remote code execution (RCE) vulnerability in PHP-CGI on Windows systems. This vulnerability, identified as CVE-2024-4577, allows attackers to execute arbitrary PHP code on servers using Apache with a vulnerable PHP-CGI setup. The attackers are primarily targeting organizations in Japan across various sectors, […]

The post Threat Actors Exploit PHP-CGI RCE Vulnerability to Attack Windows Machines appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Explore the evolution of Single Sign-On for autonomous AI agents, focusing on securing non-human identities and the future of agentic automation security.

The post The Evolution of Single Sign-On for Autonomous AI Agents: Securing Non-Human Identities in the Age of Agentic Automation appeared first on Security Boulevard.

In a recent cybersecurity incident, the Akira ransomware group demonstrated its evolving tactics by exploiting an unsecured webcam to bypass Endpoint Detection and Response (EDR) tools. This novel approach highlights the group’s ability to adapt and evade traditional security measures, making it a formidable threat in the cybersecurity landscape. Background and Modus Operandi Akira, a […]

The post Akira Ransomware Targets Windows Servers via RDP and Evades EDR with Webcam Trick appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Communications Data Group Falls Victim to Qilin Ransomware

In a recent development, Microsoft has identified a new North Korean threat actor known as Moonstone Sleet, which has been employing a combination of traditional and innovative tactics to achieve its financial and cyberespionage objectives. Moonstone Sleet, formerly tracked as Storm-1789, has demonstrated a sophisticated approach by using fake companies, trojanized software, and even a […]

The post North Korean Moonstone Sleet Uses Creative Tactics to Deploy Custom Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a recent alert, Microsoft revealed a large-scale malvertising campaign that has compromised nearly one million devices worldwide. This campaign, which began in early December 2024, leverages malicious redirects from illegal streaming websites to deliver malware hosted on platforms like GitHub. The attack is notable for its indiscriminate targeting, affecting both consumer and enterprise devices […]

The post Microsoft Warns: 1 Million Devices Infected by Malware from GitHub appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Arabian Ghosts Targeted the Website of B Communications Ltd

Чип Ocelot позволит компьютерам будущего работать на максимум.

KOPTEL Allegedly Hit by Data Breach, Database & Source Code for Sale

A vulnerability was found in Unifiedtransform 2.x and classified as critical. Affected by this issue is some unknown functionality of the component Syllabus Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-25617. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability has been found in truefoundry cognita and classified as critical. Affected by this vulnerability is an unknown functionality of the file /v1/internal/upload-to-local-directory of the component Environment Variable Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-27519. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in truefoundry cognita. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-27518. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

细数开发过程中那些不安全的安全防护方式 by tuhao

更多最新文章，请访问SecWiki