A recent threat hunting session has revealed a sophisticated PowerShell script, named y1.ps1, hosted in an open directory on a Chinese server (IP: 123.207.215.76). First detected on June 1, 2025, this script operates as a shellcode loader, employing advanced in-memory execution techniques to bypass traditional disk-based detection mechanisms. The discovery, attributed to Shenzhen Tencent Computer […]
The post PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A month or so ago a friend of mine received the following message on Steam from someone in their Friends list (they were already friends):
Figure 1 - 'this is for you'
The two links are different and refer to a Gift Card on Steam's community platform. As you might have noticed, the domain is not related to Steam at all, but rather is an attempt at phishing.
The URLs are:
stermcormmunity[.]com/gift-card/
steamcoummuniity[.]com/gift-card/
The differences are subtle enough that you may just miss it. When you click on the link, you are redirected to a 'Summer Gift Marathon'.
Figure 2 - Fake Steam websiteOnce you log in to the fake Steam website, your credentials are stolen and will be used to spread more phishing, likely steal your inventory items and so on.
Other phishing sites related to this campaign are:
steam-pubgvn[.]top
steamauthconnection[.]store
steamcommnunity[.]com
steamcommunitay[.]com
steamcommunitfy[.]com
steamcommunitihy[.]icu
steamcommunitiny[.]com
steamcommunitweya[.]art
steamcommunl1ty[.]com
steamcommunllity[.]com
steamcommunty[.]ru
steamcommununity[.]cam
steamcommunutiy[.]com
steamcomnunityty[.]com
steamcomnunlity[.]com
steamcomnuty[.]com
steamcomrnnunlty[.]com
steamcomun1ty[.]com
steamcomuniry[.]com
steamconmunify[.]com
steamconnection[.]store
steamcornmunlty[.]ru
steamcornrnunlty[.]ru
steamlinks-short[.]com
stearncommunjty[.]com
stearncommunnity[.]com
stearncomnunity[.]com
stearncornnunity[.]com
steeamcommunitty[.]com
unevwsteeamcommunitty[.]com
New ones do pop up from time to time, so stay vigilant.
Tips Only log in on the legitimate Steam community website, this being https://steamcommunity.com/. An extra tip is to bookmark the legitimate site, so even if you do get a message like this, you can go straight to your bookmark and search what you need from there. If someone new tries to add you as a Friend and immediately sends a message like the above, alarm bells should start ringing. If someone already on your Friends list suddenly sends a random message with an even more random link out of the blue, cue the alarm bells again. If you want to check the website out in a safe manner, then you can use URLscan.io, which will give you a verdict of the website as well as an image preview. In addition, you can use VirusTotal to review a website's reputation. Note that an 'all clean' does not necessarily mean it is. Caution above all! Follow Steam's Account Security Recommendations to stay safe.
The post Steam Phishing: popular as ever appeared first on Security Boulevard.
Remote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability (CVSS v3.1 estimated score: 7.5) in Apache Traffic Server’s ESI plugin that enables unauthenticated attackers to exhaust memory and potentially crash proxy nodes. Given ATS’s […]
The post CVE-2025-49763 – Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin appeared first on Blog.
The post CVE-2025-49763 – Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin appeared first on Security Boulevard.