Aggregator

MCP生态的主要风险点和防护建议

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

白帽子福利商城重磅上新，京东卡大动作来袭，还有12周年新款周边~

HackerNews 编译，转载请注明出处： 网络安全研究人员发现名为“os-info-checker-es6”的恶意npm包，其伪装成操作系统信息工具，在受感染系统中秘密投递下一阶段恶意载荷。Veracode在向《黑客新闻》提供的报告中指出：“该攻击活动采用基于Unicode的隐写术隐藏初始恶意代码，并通过Google Calendar短链接动态分发最终载荷。” “os-info-checker-es6”由用户“kim9123”于2025年3月19日上传至npm仓库，截至5月15日已被下载2001次。该用户还上传了另一个名为“skip-tot”的npm包（下载量94次），其中将“os-info-checker-es6”列为依赖项。虽然前五个版本未显现数据窃取或恶意行为，但2025年5月7日更新的版本在“preinstall.js”文件中植入混淆代码，通过解析Unicode“私有使用区”字符提取下一阶段载荷。 恶意代码通过向Google Calendar事件短链接（calendar.app[.]google/<字符串>）发送Base64编码字符串（解码后指向IP地址140.82.54[.]223的远程服务器）建立通信。Veracode指出：“攻击者利用Google Calendar这类受信任的合法服务作为中间层托管C2链接，这种策略能有效规避检测并增加攻击初始阶段的阻断难度。”目前尚未发现后续载荷分发，可能表明攻击活动仍处于测试阶段、暂时休眠或已结束，亦或C2服务器仅响应特定条件的设备。 应用安全公司Aikido补充指出，另有三个npm包（vue-dev-serverr、vue-dummyy、vue-bit）将“os-info-checker-es6”列为依赖项，怀疑属于同一攻击活动。Veracode强调：“该恶意包展现了npm生态中复杂的多阶段攻击威胁，攻击者从测试行为逐步升级至部署成熟恶意软件。” 此次披露恰逢软件供应链安全公司Socket发布2025上半年威胁报告，指出攻击者主要采用六类技术：typosquatting（拼写劫持）、Go仓库缓存滥用、混淆代码、多阶段执行、slopsquatting（相似包劫持）以及合法服务与开发工具滥用。安全研究员Kirill Boychenko与Philipp Burckhardt建议：“防御者需关注安装后脚本异常、文件覆写及未经授权外联等行为特征，采用静态/动态分析、版本锁定及CI/CD日志审查等手段，在恶意依赖项进入生产环境前实施阻断。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/customer_add.php. The manipulation of the argument last leads to sql injection. This vulnerability is known as CVE-2025-4718. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/cash_transaction.php. The manipulation of the argument cid leads to sql injection. This vulnerability is handled as CVE-2025-4719. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /visitors-form.php. The manipulation of the argument fullname leads to sql injection. This vulnerability is traded as CVE-2025-4717. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the argument Name leads to sql injection. This vulnerability is traded as CVE-2025-4722. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The manipulation of the argument delete leads to sql injection. This vulnerability is known as CVE-2025-4723. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /student_profile.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-4724. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4725. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-4726. The attack can be initiated remotely. Furthermore, there is an exploit available.

HackerNews 编译，转载请注明出处： 网络安全厂商Action1基于对美国国家漏洞数据库（NVD）及CVEdetails.com的深度分析发布《2025年软件漏洞评级报告》显示，2024年Linux与macOS新发现漏洞数量激增。传统上被视为较安全平台的这两大基于UNIX的生态系统均出现异常波动：Linux漏洞数量同比暴增967%至3329个，macOS漏洞总量增长95%至508个。全年新发现漏洞总数达6761个，同比增长61%。 报告同时警示被实际利用的漏洞数量从2023年的101个上升至2024年的198个，增幅达96%。谷歌Chrome浏览器被利用漏洞数从5个飙升至97个（增长1840%），Microsoft Office相关漏洞利用数增长433%至32个，成为推动该趋势的主要因素。 其他关键发现包括：2024年新发现关键漏洞总数达2930个（同比增37%），其中Linux关键漏洞从499个增至851个，MSSQL数据库关键漏洞激增606%至120个；数据库领域新漏洞总量增长213%，关键漏洞激增505%（MySQL漏洞数量翻倍）；浏览器领域新被利用CVE数量增长657%，远程代码执行（RCE）漏洞增加107%。值得关注的是，Linux和macOS的RCE漏洞分别同比下降85%和44%。 “关键漏洞和被利用漏洞的持续增长印证了企业面临的网络安全风险正在升级。”报告强调，“企业必须建立强健的补丁管理流程、提升威胁检测能力、开展供应商与供应链风险评估，并持续优化安全策略。”Action1建议采取以下措施：优先修补操作系统、浏览器等关键系统及存在RCE风险的数据库；加强员工对常用软件风险的教育；确保全软件生态的漏洞管理；第三方软件引入前实施风险评估；部署持续威胁检测工具以维持系统韧性。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

​​——2025年：在系统的铁幕下舔血止渴​​文/社会肌理解剖师.体验盒子 一、​​消费暴动：用蔫菠菜砸碎橱窗​​ 当AI能推演你葬礼的份子钱盈亏时，中年人用消 […]

HackerNews 编译，转载请注明出处： 加密货币交易所Coinbase（用户超1亿）披露称，与恶意客服人员勾结的网络犯罪团伙窃取了客户数据，并索要2000万美元赎金以阻止公开泄露信息。该公司表示拒绝支付赎金，但将设立2000万美元悬赏基金用于征集攻击者线索。 此次披露源于攻击者在5月11日向Coinbase发送的勒索邮件，其威胁若未收到2000万美元将公开部分客户账户数据及内部文件。据调查，攻击者通过收买海外客服承包商或支持人员非法访问内部系统窃取数据。Coinbase在发现这些内部人员未经授权访问系统后将其解雇，但此时数据已遭窃取。 尽管攻击者窃取了约1%客户（约100万人）的个人身份信息组合，但未能获取用户私钥、密码，也未侵入Coinbase Prime账户以及客户或交易所的热钱包/冷钱包。根据提交给美国证券交易委员会（SEC）的文件，泄露数据包括： 姓名、地址、电话及邮箱； 部分隐藏的社会保险号（仅显示末四位）； 部分隐藏的银行账号及账户标识符； 政府身份证件图像（如驾照、护照）； 账户数据（余额快照与交易记录）； 有限的企业数据（客服可访问的文档、培训材料及通信记录）。 “网络犯罪分子贿赂并招募海外恶意客服人员窃取数据，以实施社会工程攻击。这些内鬼滥用客服系统权限窃取了少量客户账户数据。”Coinbase在周四的博客声明中表示，“所有密码、私钥及资金均未泄露，Coinbase Prime账户未受影响。我们将赔偿因受骗向攻击者转账的客户。” 尽管财务影响仍在评估中，且Coinbase未透露受后续社会工程攻击影响的客户数量，但公司预计事件相关补救及赔偿费用将达1.8亿至4亿美元。为此，Coinbase将在美国新建客服中心，加强内部威胁检测、安全威胁模拟及自动化响应投入，并赔偿因社会工程攻击受骗转账的客户。 Coinbase建议客户警惕冒充其员工的诈骗行为，强调绝不会通过电话索要账户信息或要求转账。用户应启用双因素认证及提款白名单功能以确保交易安全。Coinbase表示：“对于受影响客户，我们对此事件造成的担忧与不便深表歉意。我们将持续解决问题并投资世界级防御体系——这正是我们保护客户、维护加密经济安全的承诺。”       消息来源：bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

朝鲜TA406组织针对乌克兰政府机构传播恶意软件；Marbled Dust 利用 Output Messenger 中的零日漏洞进行间谍活动；APT37伪装成韩国国家安全战略智库进行攻击

A vulnerability was found in vim up to 8.1. It has been classified as critical. This affects an unknown part. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2022-1927. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in libssh up to 0.8.8/0.9.3. Affected by this vulnerability is an unknown functionality of the component AES-CTR/DES. The manipulation leads to resource consumption. This vulnerability is known as CVE-2020-1730. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Workbench up to 8.0.21. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component MySQL Workbench. The manipulation leads to denial of service. This vulnerability is known as CVE-2020-1730. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.