Aggregator

A vulnerability was found in Adobe Dimension up to 4.1.2. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-43548. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Substance3D up to 1.21.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-43554. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Bridge up to 14.1.6 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to integer overflow. This vulnerability is known as CVE-2025-43547. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Bridge up to 14.1.6. Affected is an unknown function. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2025-43546. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Bridge up to 14.1.6. This issue affects some unknown processing. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2025-43545. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Substance3D up to 3.1.1. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-43551. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Substance3D up to 1.21.0. This affects an unknown part. The manipulation leads to uncontrolled search path. This vulnerability is uniquely identified as CVE-2025-43553. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

一、frp 是什么frp 是一个专注于内网穿透的高性能的反向代理应用，支持 TCP、UDP、HTTP、HTTPS 等多种协议。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网二、VPS linux服务器端安装服务器端frpscd /optwget wget https://g

HackerNews 编译，转载请注明出处： 与朝鲜有关的威胁组织Konni APT被指与针对乌克兰政府机构的钓鱼活动有关，这表明该组织的攻击目标已扩展到俄罗斯以外的地区。企业安全公司Proofpoint表示，此次活动的最终目标是收集有关“俄罗斯入侵轨迹”的情报。 安全研究人员Greg Lesnewich、Saher Naumaan和Mark Kelly在分享给《黑客新闻》的报告中表示：“该组织对乌克兰的关注延续了其历史上针对俄罗斯政府机构进行战略情报收集的模式。” Konni APT（又称Opal Sleet、Osmium、TA406和Vedalia）是一个长期针对韩国、美国和俄罗斯实体的网络间谍组织，其活动至少可追溯至2014年。该组织通常通过钓鱼邮件分发Konni RAT（又名UpDog）恶意软件，并将收件人重定向至凭证窃取页面。Proofpoint在2021年11月发布的分析报告中评估称，TA406是被公开追踪为Kimsuky、Thallium和Konni集团活动的多个关联组织之一。 网络安全公司记录的最新攻击使用伪装成虚构智库“皇家战略研究院”高级研究员的钓鱼邮件，该智库本身也是不存在的机构。邮件包含托管在MEGA云服务的密码保护RAR压缩包链接。使用邮件正文中提供的密码打开压缩包后，会启动旨在对受感染设备进行广泛侦察的感染链。 具体而言，RAR压缩包内的CHM文件会显示与乌克兰前军事领导人瓦列里·扎卢日内相关的诱饵内容。如果受害者点击页面任意位置，嵌入HTML的PowerShell命令就会连接外部服务器下载第二阶段PowerShell载荷。 新启动的PowerShell脚本可执行多种命令收集系统信息，使用Base64编码后发送至同一服务器。研究人员指出：“当目标未点击链接时，攻击者连续多日发送多封钓鱼邮件，询问目标是否收到先前邮件并催促下载文件。” Proofpoint还观察到钓鱼邮件直接附加HTML文件的情况。在此攻击变种中，受害者被诱导点击HTML文件内的链接，下载包含良性PDF和Windows快捷方式（LNK）文件的ZIP压缩包。执行LNK文件时会运行Base64编码的PowerShell，通过Visual Basic脚本投放名为“Themes.jse”的JavaScript编码文件。该恶意软件随后联系攻击者控制的URL，并通过PowerShell执行服务器响应。当前有效载荷的具体性质尚不明确。 此外，TA406被曝通过ProtonMail账户向乌克兰政府机构发送伪造的微软安全警报邮件，警告存在来自美国IP地址的可疑登录活动，诱骗受害者访问链接验证登录信息。虽然凭证窃取页面尚未恢复，但据悉该域名此前曾被用于窃取Naver登录信息。Proofpoint表示：“这些凭证窃取活动发生在恶意软件部署尝试之前，部分目标用户后来也成为HTML投递活动的攻击对象。TA406极可能正在收集情报，帮助朝鲜领导人评估其已在战区部队的当前风险，以及俄罗斯请求更多部队或武器的可能性。” 此次披露正值Konni集团被指参与针对韩国实体的复杂多阶段恶意软件活动，攻击者使用包含LNK文件的ZIP压缩包，通过PowerShell脚本提取CAB压缩包，最终投放能够收集敏感数据并外泄至远程服务器的批处理脚本恶意软件。 这些发现与Kimsuky针对韩国政府机构的鱼叉式钓鱼活动相吻合，该活动通过投放能够建立命令与控制（C2）通信、窃取文件、浏览器数据和加密货币钱包信息的窃取程序实施攻击。 韩国网络安全公司AhnLab表示，Kimsuky还被观察到传播PEBBLEDASH恶意软件，该木马通过鱼叉式钓鱼启动多阶段感染链。美国政府于2020年5月将PEBBLEDASH归因于Lazarus集团。 该公司称：“虽然Kimsuky集团使用多种恶意软件，但在PEBBLEDASH案例中，他们通过初始访问阶段的鱼叉式钓鱼执行基于LNK文件的恶意软件发动攻击，随后利用PowerShell脚本创建任务计划程序实现自动执行，通过与Dropbox和基于TCP套接字的C2服务器通信，安装包括PEBBLEDASH在内的多种恶意软件和工具。” 专注于朝鲜问题的活动人士近期成为APT37（又称ScarCruft）攻击目标。据Genians安全中心（GSC）披露，这项名为“Operation ToyBox Story”的鱼叉式钓鱼攻击首次发现于2025年3月8日。 该韩国公司表示：“邮件中的Dropbox链接指向包含恶意LNK文件的压缩包，提取执行后会激活包含‘toy’关键词的附加恶意软件。”LNK文件被配置为启动诱饵HWP文件并运行PowerShell命令，依次执行toy03.bat、toy02.bat和toy01.bat文件，最终释放与APT37关联的RoKRAT木马。 RoKRAT能够收集系统信息、截取屏幕截图，并利用pCloud、Yandex和Dropbox三种云服务进行C2通信。Genians指出：“威胁分子利用合法云服务作为C2基础设施，持续修改LNK文件，同时专注于无文件攻击技术以规避目标终端杀毒软件的检测。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

对知识分子独立性命题的深度拷问

Microsoft Researchers Link Turkish Spy Group to Output Messenger Zero-Day Hack
A Turkish-linked cyberespionage group known as Marbled Dust exploited a zero-day in the Output Messenger Server Manager application to spy on Kurdish military operations in Iraq. Microsoft reported the hack and called for immediate mitigation to block credential theft and malware delivery.

Prosecutors Say Liridon Masurica Ran BlackDB.cc
A Kosovar man is being held in a Tampa jail after being extradited on charges that he was the main administrator of an online illicit marketplace in operation since 2018. Prosecutors accused Liridon Masurica, 33, of being the force behind BlackDB.cc.

CEO Howard Ting's Resignation Comes as Data Protection Company Hits $1B Valuation
Cyberhaven appointed product chief Nishant Doshi as interim CEO as longtime leader Howard Ting transitions to the board. With a sevenfold valuation increase and deep investment in Gen AI security and DSPM, the company is preparing to unify data controls across enterprises.

CISA Said Its Cyber Alerts Were Moving to X on Monday. By Tuesday, the Plan Changed.
The U.S. cyber defense agency reversed plans to move cybersecurity alerts off its .gov site Tuesday and acknowledged the "confusion" the decision caused within the cybersecurity community, amid concerns that relying on platforms like X would reduce visibility and public access to critical warnings.

提到扩散模型（DMs）大家可能不太熟悉，但是提到AIGC、文生图、文生视频等关键词，大家应该都或多或少听说过。而扩散模型正是其底层的支撑技术。 比如最近在某音上很火的‘回答我’这个梗，背后也离不开扩散模型

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球

With the rise of AI infrastructures, the rise of attacks on such vulnerable infrastructure is inevitable. Insecure AI infrastructure can expose organizations to significant risks, including data breaches and manipulation of AI-driven decisions. Often,...

The post AIGoat: A deliberately Vulnerable AI Infrastructure appeared first on Penetration Testing Tools.