Aggregator
CVE-2025-10188 | The Hack Repair Guys Plugin Archiver Plugin up to 2.0.4 on WordPress /wp-content bulk_remove cross-site request forgery
CVE-2025-10125 | Memberlite Shortcodes Plugin up to 1.4 on WordPress Shortcode row cross site scripting
RaccoonO365 Phishing Network Shut Down After Microsoft and Cloudflare Disrupt 338 Domains
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains
Bots vs. humans? Why intent is the game-changer
In this Help Net Security video, Jérôme Segura, VP of Threat Research at Datadome, explains why intent, not just identifying bots, must be the new focus for cybersecurity teams. He explores how advanced AI agents and sophisticated bots blur the line between human and automated activity and shares strategies for using intent-based detection to protect against fraud and malicious traffic. Learn more: SafeLine Bot Management: Self-hosted alternative to Cloudflare Widely available AI tools signal new … More →
The post Bots vs. humans? Why intent is the game-changer appeared first on Help Net Security.
腾讯 AI 的新叙事
CVE-2025-10143 | Catch Dark Mode Plugin up to 2.0 on WordPress Shortcode catch_dark_mode file inclusion (EUVD-2025-29676)
CVE-2025-9851 | Appointmind Plugin up to 4.1.0 on WordPress Shortcode appointmind_calendar cross site scripting (EUVD-2025-29675)
CVE-2025-9891 | User Sync Plugin up to 1.0.2 on WordPress mo_user_sync_form_handler cross-site request forgery (EUVD-2025-29672)
CVE-2025-10050 | Developer Loggers for Simple History Plugin up to 0.5 on WordPress enabled_loggers file inclusion (EUVD-2025-29674)
CVE-2025-9629 | USS Upyun Plugin up to 1.5.0 on WordPress uss_setting_page cross-site request forgery (EUVD-2025-29673)
灌水
灌水
Не ДНК, а привычки. Не мутации, а законы. Теперь культура диктует правила естественного отбора
Old file types, new tricks: Attackers turn everyday files into weapons
Attackers are finding new ways to blend in with everyday business tools, hiding their activity inside formats and processes that workers and IT teams often trust. The latest quarterly Threat Insights Report from HP Wolf Security shows how attackers continue to adapt, making it harder for defenses to keep up. Living off the land to stay hidden One of the most notable campaigns observed in the Q2 of 2025 involved the XWorm remote access trojan. … More →
The post Old file types, new tricks: Attackers turn everyday files into weapons appeared first on Help Net Security.
JVN: OpenAM(OpenAMコンソーシアム版)にサービス運用妨害(DoS)につながる脆弱性
新型钓鱼即服务平台VoidProxy:瞄准微软365与谷歌账户 可绕过第三方SSO防护
新型钓鱼即服务平台VoidProxy:瞄准微软365与谷歌账户 可绕过第三方SSO防护
最近,一款名为VoidProxy的新型钓鱼即服务(PhaaS)平台被发现,其攻击目标包括微软365和谷歌账户,即便这些账户由Okta等第三方单点登录(SSO)服务商提供保护,也难以幸免。
该平台采用AitM攻击手段,可实时窃取用户凭据、多因素认证(MFA)验证码及会话Cookie。VoidProxy由Okta威胁情报团队发现,研究人员称其具备可扩展性强、规避性高且技术复杂的特点。
VoidProxy攻击流程解析
1. 初始钓鱼邮件投递:攻击始于从已攻陷账户(多来自Constant Contact、Active Campaign、NotifyVisitors等邮件服务提供商)发送的钓鱼邮件,邮件中包含短链接——用户点击后会经过多次重定向,最终跳转至钓鱼网站。
2. 恶意网站伪装与防护:钓鱼网站托管在.icu、.sbs、.cfd、.xyz、.top、.home等低成本临时域名上,并通过Cloudflare隐藏真实IP地址。访问者首先会遇到Cloudflare的验证码(CAPTCHA)验证,此举既能过滤机器人流量,又能增强网站“合法性”;同时,平台利用Cloudflare Worker环境过滤流量并加载页面。
在恶意网站上进行Cloudflare验证码步骤
3. 目标定向与页面展示:针对选定目标,平台会展示模仿微软或谷歌登录界面的钓鱼页面;其余非目标访问者则会被引导至无威胁的通用“欢迎”页面,以此降低被察觉的概率。
4. 凭据窃取与SSO绕过:若用户在钓鱼表单中输入凭据,请求会通过VoidProxy的AitM服务器代理至谷歌或微软的官方服务器;
由VoidProxy提供的钓鱼页面
对于使用Okta等SSO服务的联合账户,用户会被重定向至第二阶段钓鱼页面——该页面模仿微软365或谷歌的Okta SSO登录流程,相关请求同样被代理至Okta官方服务器。
5. 实时数据捕获与会话劫持:VoidProxy的代理服务器在受害者与合法服务之间中转流量,同时捕获传输过程中的用户名、密码和MFA验证码;当合法服务生成会话Cookie时,平台会拦截该Cookie并创建副本,攻击者可直接在VoidProxy的管理面板中获取。
防护措施与建议
VoidProxy 的管理面板
Okta指出,已启用Okta FastPass等“防钓鱼认证”功能的用户可抵御VoidProxy攻击,并会收到账户正遭受攻击的警告。
研究人员提出以下防护建议:
·仅限受管理设备访问敏感应用;
·启用基于风险的访问控制;
·对管理类应用采用IP会话绑定;
·要求管理员执行敏感操作时重新进行身份验证。