Aggregator

安全公司Huntress因工程师将账户恢复代码以明文形式存储在桌面纯文本文件中遭黑客入侵。黑客利用恢复代码绕过MFA登录系统，并对客户环境发起攻击，导致数据泄露。此次攻击由Akira勒索软件团伙实施。事件提醒企业需加强安全意识，避免明文存储关键凭证，并建议使用加密密码管理器或存储设备。

微软与Cloudflare合作查封338个钓鱼域名，打击RaccoonO365团伙，该团伙通过PhaaS工具窃取5,000多个Microsoft 365账户凭证。攻击者伪造知名品牌邮件诱导受害者，并利用AI提升攻击精准度。此次行动封禁域名、终止脚本并冻结账户，有效打击网络犯罪活动。

文章介绍了网络威胁监控情况及安全动态，值班处理员为Xavier Mertens，当前威胁级别为绿色。ISC Stormcast播客更新至2025年9月17日，并提供相关链接。此外，即将于2025年9月22日至27日在拉斯维加斯举办应用安全课程。

An ongoing supply chain attack dubbed "Shai-Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that the attackers control.

The post Self-Replicating Worm Compromising Hundreds of NPM Packages appeared first on Security Boulevard.

持续软件供应链攻击影响npm包及CrowdStrike组件。Shai-Hulud蠕虫通过感染账户传播恶意代码，窃取开发者凭证并利用GitHub创建恶意工作流。攻击规模大，影响广泛。

A vulnerability was found in Linux Kernel up to 6.0.5. It has been rated as critical. Impacted is the function hugetlb_lock. The manipulation leads to privilege escalation. This vulnerability is referenced as CVE-2022-50285. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Linux Kernel up to 6.0.6. This vulnerability affects the function of_node_get of the component mtd. The manipulation results in use after free. This vulnerability is known as CVE-2022-50283. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.0.15/6.1.1. It has been classified as critical. This vulnerability affects the function init_mqueue_fs of the component ipc. Performing manipulation results in memory leak. This vulnerability was named CVE-2022-50284. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.1. The impacted element is the function cdev_device_add. This manipulation causes improper initialization. This vulnerability is tracked as CVE-2022-50282. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.2.2. It has been declared as critical. This vulnerability affects the function _rtl8812ae_phy_set_txpower_limit. Such manipulation leads to incorrect comparison. This vulnerability is listed as CVE-2022-50279. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.2. This affects the function propagate_mnt of the component pnode. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2022-50280. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.17/6.1.3. It has been rated as critical. The impacted element is the function fscrypt_limit_io_blocks of the file /dev/vdb. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2022-50277. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.1. This impacts the function pnp_alloc_dev of the component PNP. This manipulation causes memory leak. This vulnerability is registered as CVE-2022-50278. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability was found in VMware Spring Security up to 6.4.9/6.5.3 and classified as problematic. This affects an unknown function of the component EnableMethodSecurity. Such manipulation leads to authorization bypass. This vulnerability is listed as CVE-2025-41248. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in VMware Spring Framework up to 5.3.44/6.1.22/6.2.10. It has been classified as critical. This impacts an unknown function of the component EnableMethodSecurity. Performing manipulation results in improper authorization. This vulnerability is cataloged as CVE-2025-41249. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_category. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2025-10563. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_category. Performing manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2025-10564. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in Campcodes Grocery Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_receiving. Executing manipulation of the argument ID can lead to sql injection. This vulnerability appears as CVE-2025-10565. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Campcodes Grocery Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=users. The manipulation of the argument page leads to cross site scripting. This vulnerability is traded as CVE-2025-10566. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.