Aggregator

Теневые площадки уже готовят ценники на свежие архивы.

A new and more dangerous version of the ClickFix attack technique has been found actively targeting Windows users. Unlike older versions that used PowerShell or mshta to run malicious commands, this new variant takes a different path. It uses rundll32.exe and WebDAV, two built-in Windows components, to quietly deliver and execute harmful payloads without triggering […]

The post New ClickFix Variant Uses Rundll32 and WebDAV to Evade PowerShell Detection appeared first on Cyber Security News.

Openclaw打靶初探 by tinyfisher

更多最新文章，请访问SecWiki

为进一步推动我国开源情报人才队伍建设，四川警察学院联合成都欧深特信息科技有限公司在成都校区（成都市双流区黄水镇云岭路36号）举办开源情报分析师实战能力培训班，第2期培训班定于2026年4月26日至5月1日举行。

今天给大家推送的是几个机构有关美国以色列伊朗在中东的战争的每日报告。

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked," ReliaQuest researchers Thassanai

A known threat group called TA446 has been caught using a newly discovered exploit kit called DarkSword to target iOS users. This development marks a significant shift in the group’s tactics, as previous activity from TA446 showed no signs of exploit kit use at all. The campaign came to light around March 26, 2026, when […]

The post TA446 Hackers Deploying DarkSword Exploit Kit to Attack iOS Users appeared first on Cyber Security News.

你扫了一眼网址，看到熟悉的品牌名便点击进去，结果却把账号密码拱手交给了攻击者，这个肉眼难以察觉的视觉误差，正是同形字符攻击（Homoglyph Attacks）利用核心。 同形字符，指视觉上与另一个字符几乎完全一致的字符。 典型示例： 拉丁字母 a（U+0061）vs 西里尔字母 а（U+0430） 拉丁字母 o（U+006F）vs 希腊字母 ο（omicron，U+03BF） 拉丁大写字母 I（i 的大写，U+0049）vs 拉丁小写字母 l（L 的小写，U+006C）vs 西里尔字母 І（U+0406） 同形攻击用视觉上容易混淆的替代方式替换标识符（域名、文件名、电子邮件显示名）中的一个或多个字符，以冒充可信资源。 在国际化域名（IDN）中使用时，这些域名以 Punycode（xn-- 前缀）表示，但在浏览器中通常使用原始 Unicode 字符渲染——为用户提供看起来真实的 URL。 Punycode 示例如下： 页面显示域名：gοogle-example[.]com（使用希腊字母 omicron 替代了拉丁字母 “o”） 底层 ASCII Punycode 编码：xn--gogle-example-abc[.]com 同形字符攻击的核心，是利用拉丁、西里尔、希腊等不同语言文字体系中的视觉相似字符。这些形近字母不仅能欺骗用户、仿冒可信域名，甚至可以绕过部分自动化过滤系统。 图1 列出钓鱼与仿冒攻击活动中，最常被滥用的同形字符对照参考表。 后续几张图是近些年来比较经典的攻击域名，目前列出这些内容主要是由于在某些场景下对大模型的使用会有些许帮助，仅记录备忘。

TeamPCP’s destructive run of supply chain breaches has stopped, for now: it has been three days since the group published malicious versions of Telnyx’s SDK on PyPI, and there haven’t been reports of new open-source project compromises. Partnership with emerging RaaS operation “The prior operational cadence was aggressive – a new target every 1-3 days (Trivy [on] March 19, CanisterWorm [on] March 20-22, Checkmarx [on] March 23, LiteLLM [on] March 24, Telnyx [on] March 27),” … More →

The post TeamPCP’s attack spree slows, but threat escalates with ransomware pivot appeared first on Help Net Security.

Хакеры захватили миллионы устройств, потому что владельцам лень сменить пароль «1234».

A vulnerability classified as problematic was found in IngEstate Server 11.14.0. Affected by this vulnerability is an unknown functionality of the component Software Package List Page. Such manipulation of the argument Release note leads to cross site scripting. This vulnerability is referenced as CVE-2026-30082. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file update_details.php of the component POST Request Handler. This manipulation of the argument Website causes cross site scripting. The identification of this vulnerability is CVE-2026-30563. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in Zimbra Collaboration Suite 10.0/10.1. This impacts an unknown function. The manipulation results in cross-site request forgery. This vulnerability was named CVE-2026-33373. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as critical has been reported in virtio-win kvm-guest-drivers-windows. This affects the function RhelDoUnMap. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-5164. Local access is required to approach this attack. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability labeled as critical has been found in virtio-win kvm-guest-drivers-windows. The impacted element is an unknown function of the component VirtIO Block Device. Executing a manipulation can lead to expired pointer dereference. This vulnerability is handled as CVE-2026-5165. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability identified as problematic has been detected in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file view_supplier.php of the component Parameter Handler. Performing a manipulation of the argument limit results in cross site scripting. This vulnerability is known as CVE-2026-30565. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as problematic has been discovered in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file view_customers.php of the component Parameter Handler. Such manipulation of the argument limit leads to cross site scripting. This vulnerability is traded as CVE-2026-30566. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file view_payments.php of the component Parameter Handler. This manipulation of the argument limit causes cross site scripting. This vulnerability appears as CVE-2026-30564. The attack may be initiated remotely. There is no available exploit.