Aggregator

钓鱼文件的“视觉欺骗”

先知技术社区
12 hours 44 minutes ago
在社会工程学(社工)钓鱼攻击中,通过视觉欺骗“伪造”文件名称后缀是一种常见的手法,其主要目的是误导受害者,让他们误以为文件是安全无害的,从而点击打开或执行该文件。这种技术利用了人们对文件类型和扩展名的信任,以及对特定格式文件的熟悉度来掩盖恶意内容的真实性质。

CVE-2025-62923 | Debuggers Studio Marquee Addons for Elementor Plugin up to 3.7.12 on WordPress cross site scripting

VulDB Recent Entries
12 hours 44 minutes ago
A vulnerability described as problematic has been identified in Debuggers Studio Marquee Addons for Elementor Plugin up to 3.7.12 on WordPress. This issue affects some unknown processing. The manipulation results in cross site scripting. This vulnerability was named CVE-2025-62923. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-62921 | Pagup Bulk Auto Image Title Attribute Plugin up to 2.0.1 on WordPress cross site scripting

VulDB Recent Entries
12 hours 44 minutes ago
A vulnerability marked as problematic has been reported in Pagup Bulk Auto Image Title Attribute Plugin up to 2.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-62921. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2025-62912 | SiteGround Email Marketing Plugin up to 1.7.1 on WordPress cross site scripting

VulDB Recent Entries
12 hours 45 minutes ago
A vulnerability categorized as problematic has been discovered in SiteGround Email Marketing Plugin up to 1.7.1 on WordPress. Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-62912. The attack may be launched remotely. There is no exploit available.
vuldb.com

3000 个 YouTube 视频实为恶意软件陷阱

HackerNews
12 hours 49 minutes ago
HackerNews 编译,转载请注明出处: 一个恶意YouTube账号网络被曝光,该网络通过发布和推广诱导用户下载恶意软件的视频,滥用了这一视频托管平台的普及度和用户信任来传播恶意负载。 该网络自2021年开始活跃,迄今已发布了超过3000个恶意视频,且自今年年初以来此类视频数量增加了两倍。Check Point将其命名为”YouTube幽灵网络”。谷歌已介入移除了其中大部分视频。 该活动利用被黑客入侵的账号,将其内容替换为以盗版软件和Roblox游戏作弊工具为中心的”恶意”视频,从而感染那些搜索这些内容而不幸中招的用户,使其感染信息窃取程序。其中一些视频的观看量高达数十万次,范围在14.7万到29.3万之间。 “这次行动利用了包括观看量、点赞和评论在内的信任信号,使恶意内容看起来安全,” Check Point 安全研究组经理 Eli Smadja 说。”看似有用的教程,实际上可能是一个精巧的网络陷阱。这个网络的规模、模块化和复杂程度,为威胁行为体如何武器化互动工具来传播恶意软件提供了一个蓝图。” 利用YouTube分发恶意软件并非新现象。多年来,威胁行为体一直被观察到劫持合法频道或使用新创建的账号发布教程式视频,并在描述中提供恶意链接,点击后会导致恶意软件感染。 这些攻击是更广泛趋势的一部分,攻击者将合法平台重新用于邪恶目的,将其变为有效的恶意软件分发渠道。虽然一些活动滥用了与谷歌或必应等搜索引擎相关的合法广告网络,但其他活动则利用GitHub作为传播载体,例如”Stargazers幽灵网络”案例。 “幽灵网络”能够大行其道的主要原因之一是,它们不仅可用于放大所分享链接的感知合法性,而且由于其基于角色的结构,即使在账号被平台所有者封禁或删除后,仍能保持运营连续性。 “这些账号利用各种平台功能,如视频、描述、帖子和评论来推广恶意内容并分发恶意软件,同时制造一种虚假的信任感,”安全研究员 Antonis Terefos 表示。 “该网络大部分由被入侵的YouTube账号组成,这些账号一旦被纳入,就会被分配特定的操作角色。这种基于角色的结构实现了更隐蔽的分发,因为被禁账号可以迅速被替换,而不会中断整体运营。” 具体存在三种类型的账号: 视频账号:上传诱导性视频,并在描述中提供下载所宣传软件的链接(或者,链接以置顶评论的形式分享,或直接在视频中作为安装过程的一部分提供)。 帖子账号:负责发布包含外部网站链接的社区消息和帖子。 互动账号:负责点赞和发布鼓励性评论,为视频披上信任和可信度的外衣。 这些链接将用户引导至各种服务,如MediaFire、Dropbox或Google Drive,或托管在Google Sites、Blogger和Telegraph上的钓鱼页面,这些页面进而包含下载所谓软件的链接。在许多情况下,链接使用URL缩短器进行隐藏以掩盖真实目的地。 通过YouTube幽灵网络分发的一些恶意软件家族包括Lumma Stealer、Rhadamanthys Stealer、StealC Stealer、RedLine Stealer、Phemedrone Stealer以及其他基于Node.js的加载器和下载器: 一个名为 @Sound_Writer(拥有9690名订阅者)的频道,被入侵超过一年,用于上传加密货币软件视频以部署Rhadamanthys。 一个名为 @Afonesio1(拥有12.9万名订阅者)的频道,在2024年12月3日和2025年1月5日被入侵,上传了一个宣传Adobe Photoshop破解版的视频,用于分发一个MSI安装程序,该安装程序会部署Hijack Loader,进而传递Rhadamanthys。 “恶意软件分发方法的持续演变,表明了威胁行为体在绕过传统安全防御方面卓越的适应性和资源丰富性,” Check Point 表示。”对手正越来越多地转向更复杂的、基于平台的策略,最显著的是部署’幽灵网络’。” “这些网络利用合法账号固有的信任以及流行平台的互动机制,来策划大规模、持久且高效的恶意软件活动。”   消息来源:thehackernews; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

CVE-2025-62900 | WeblineIndia Popular Posts Plugin up to 1.1.1 on WordPress cross site scripting

VulDB Recent Entries
12 hours 50 minutes ago
A vulnerability has been found in WeblineIndia Popular Posts Plugin up to 1.1.1 on WordPress and classified as problematic. The affected element is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-62900. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-62898 | Maarten Links shortcode Plugin up to 1.8.3 on WordPress links-shortcode cross site scripting

VulDB Recent Entries
12 hours 52 minutes ago
A vulnerability, which was classified as problematic, was found in Maarten Links shortcode Plugin up to 1.8.3 on WordPress. Impacted is the function links-shortcode. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-62898. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-62894 | magicoders ACF Recent Posts Widget Plugin up to 5.9.3 on WordPress cross site scripting

VulDB Recent Entries
12 hours 52 minutes ago
A vulnerability, which was classified as problematic, has been found in magicoders ACF Recent Posts Widget Plugin up to 5.9.3 on WordPress. This issue affects some unknown processing. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-62894. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2025-62891 | Jory Hogeveen Off-Canvas Sidebars & Menus Plugin up to 0.5.8.5 on WordPress cross-site request forgery

VulDB Recent Entries
12 hours 52 minutes ago
A vulnerability classified as problematic was found in Jory Hogeveen Off-Canvas Sidebars & Menus Plugin up to 0.5.8.5 on WordPress. This vulnerability affects unknown code. The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2025-62891. The attack can be executed remotely. There is not any exploit available.
vuldb.com

Managed ad