Aggregator

腾讯云安全中心推出25年4月安全漏洞必修清单，漏洞介绍及修复建议详见全文。

HackerNews 编译，转载请注明出处： 网络安全研究人员发现了一场名为“Meta Mirage”的新型全球钓鱼攻击活动，该活动针对使用Meta商务套件的企业，专门劫持包含广告管理和品牌官方页面在内的高价值账户。 安全公司CTM360指出，攻击者通过伪造Meta官方通知诱导用户提交密码和安全验证码等敏感信息。研究人员已发现超过14,000个恶意链接，其中约78%在报告发布时仍未被浏览器拦截，这一规模令人担忧。 攻击者利用GitHub、Firebase和Vercel等可信云平台托管虚假页面以增强隐蔽性。该手法与微软近期披露的云服务滥用案例相似——攻击者通过托管服务平台渗透Kubernetes应用，这表明利用可信平台规避检测已成为常用手段。攻击者通过邮件和私信发送账户违规警告、暂停通知或紧急验证提示，利用伪造的Meta官方通信使信息显得紧急而权威。这种策略与近期利用Google Sites钓鱼活动中使用谷歌托管页面欺骗用户的手法高度相似。 主要攻击手段分为两种模式： 凭证窃取：引导用户在高仿真页面输入密码及OTP，通过伪造错误提示迫使重复提交以确保证据有效性。 Cookie劫持：窃取浏览器Cookie实现无密码持续访问，类似PlayPraetor恶意软件劫持社交媒体账户投放欺诈广告的模式。 CTM360报告揭示了攻击者为提高成功率采用的渐进式策略：初期通过非紧急的普通违规通知接触受害者，后续逐步升级为账户即时暂停或永久删除等严重威胁。这种焦虑诱导手法促使用户未经核实即快速响应。 安全防护建议包括： 仅使用专用设备管理企业社媒账户； 设置独立的工作邮箱；启用双因素认证（2FA）； 定期审查账户安全设置和活跃会话； 培训员工识别及报告可疑信息。 本次大规模钓鱼活动凸显了保持警惕并采取主动防护措施对保护线上资产的重要性。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in VMware Aria Operations for Logs up to 8.18.2. Affected is an unknown function of the component API. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2025-22220. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in VMware Aria Operations up to 8.18.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-22222. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-1166. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Sensly Sensly Online Presence Plugin up to 0.6 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13493. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Forminator Forms Plugin up to 1.38.2 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-7052. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in VMware Aria Operations for Logs up to 8.18.2 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-22218. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in VMware Aria Operations for Logs up to 8.18.2. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-22219. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in VMware Aria Operations for Logs up to 8.18.2. This issue affects some unknown processing of the component Agent Configuration Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-22221. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 网络安全研究人员发现了一场新的钓鱼攻击活动，旨在通过名为Horabot的恶意软件针对墨西哥、危地马拉、哥伦比亚、秘鲁、智利和阿根廷等拉丁美洲国家的Windows用户。 Fortinet FortiGuard Labs研究员Cara Lin表示，该活动“通过伪造发票或财务文档的精心设计邮件诱骗受害者打开恶意附件，能够窃取邮箱凭证、收集联系人列表并安装银行木马”。 该网络安全公司于2025年4月观测到这一活动，主要针对西班牙语用户。攻击还被发现利用Outlook COM自动化功能从受害者邮箱发送钓鱼信息，从而在企业或个人网络内部横向传播恶意软件。 攻击者通过执行多种VBScript、AutoIt和PowerShell脚本进行系统侦察、凭证窃取及投放额外恶意载荷。Horabot最早由思科Talos于2023年6月记录为针对拉丁美洲西班牙语用户的威胁，其攻击活动可追溯至至少2020年11月，评估认为攻击者来自巴西。 去年Trustwave SpiderLabs披露了另一起针对同一地区的钓鱼活动，其恶意载荷与Horabot存在相似性。 最新攻击始于以发票为诱饵的钓鱼邮件，诱使用户打开包含PDF文档的ZIP压缩包。实际上该ZIP文件内含恶意HTML文件，其中包含Base64编码的HTML数据，用于连接远程服务器下载第二阶段的恶意载荷。 第二阶段载荷是另一个包含HTML应用程序（HTA）文件的ZIP压缩包，该文件负责加载远程服务器托管的脚本。脚本随后注入外部VBScript代码，执行系列检测——若系统安装Avast杀毒软件或处于虚拟环境则终止攻击。 VBScript继续收集基础系统信息并外传至远程服务器，同时获取额外载荷，包括通过恶意DLL释放银行木马的AutoIt脚本，以及扫描Outlook联系人数据构建目标邮箱列表后传播钓鱼邮件的PowerShell脚本。 Cara Lin表示：“恶意软件随后从Brave、Yandex、Epic Privacy Browser、Comodo Dragon、Cent Browser、Opera、Microsoft Edge和Google Chrome等浏览器窃取相关数据。除数据窃取外，Horabot还监控受害者行为，注入伪造弹窗以窃取敏感登录凭证。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability has been found in Cost Calculator Builder Plugin up to 3.2.42 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-10892. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Vehicle Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /newvehicle.php. The manipulation of the argument Booking ID/Action Name/Payment Confirmation ID leads to sql injection. This vulnerability was named CVE-2024-48245. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in VMware Aria Operations up to 8.18.1. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-38834. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Jetpack Plugin 13.x/14.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-10858. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Auto iFrame Plugin up to 1.x on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-10151. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Property Hive Plugin up to 2.1.0 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-12585. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MaxButtons Button Plugin up to 9.8.0 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10555. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Cryout Creations Serious Slider Plugin up to 1.2.6 on WordPress. Affected is an unknown function of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-11108. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in MaxButtons Button Plugin up to 9.8.0 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-8968. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.