Aggregator

Новая ошибка в коде позволяет удаленно запускать команды на серверах без ввода пароля.

Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A network-level disruption struck multiple Microsoft 365 services on Wednesday evening, knocking out or degrading access to Exchange Online, Microsoft Teams, and the broader Microsoft 365 suite for users across affected regions. The incident, tracked under issue ID MO1274150, began at approximately 8:37 PM IST (3:07 PM UTC) on April 8, 2026, and prompted Microsoft’s […]

The post Microsoft 365 Network-Level Disruption Affecting Exchange Online, Teams, and Core Suite Services appeared first on Cyber Security News.

Two significant threat campaigns from March 2026, one abusing Microsoft’s OAuth authentication flow to silently hijack enterprise accounts, and another deploying the AMOS infostealer against macOS users who work with AI development tools like Claude Code. The EvilTokens campaign represents a significant evolution in phishing tactics because it completely bypasses the need to steal passwords. […]

The post Hackers Used EvilTokens, ClickFix Campaign to Attack Claude Code Users with AMOS Stealer appeared first on Cyber Security News.

Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.

钓鱼即服务（Phishing-as-a-Service，简称 PhaaS），是网络犯罪领域成熟的商业化模式，攻击者无需掌握复杂的技术开发能力，只需付费购买平台服务，即可快速发起大规模钓鱼攻击。

美国和伊朗达成了为期两周的停火，停火期间想要通过霍尔木兹海峡的油轮需要支付过路费，费用为每桶石油一美元，如果油轮空载则可以免费通行。通行费用的支付方式是数字货币。伊朗称，每艘油轮必须通过电子邮件向其报告货物情况，之后伊朗将告知他们支付比特币，油轮只有几秒钟的时间进行支付，伊朗官员表示此举旨在确保支付的款项不会因制裁而被追踪或没收。

Проект Glasswing: разработчики спешно укрепляют серверы, пока мир не захватили боевые нейросети.

Submit #788298 / VDB-356263

Submit #787861 / VDB-355436

Submit #787698 / VDB-356262

Submit #787686 / VDB-356261

Submit #787684 / VDB-353956

Submit #787683 / VDB-353980

Submit #787682 / VDB-353972

Submit #787681 / VDB-353979