Aggregator

​芯片已经上了手机，YU7 还得再等两个月。

Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC

Police arrested 270 suspects following an international law enforcement action codenamed 'Operation RapTor' that targeted dark web vendors and customers from ten countries. [...]

Datadog Security Research has uncovered a targeted malware campaign aimed at Solidity developers on Windows systems, using malicious Visual Studio Code (VS Code) extensions as the initial attack vector. Identified as the work of a single threat actor tracked as MUT-9332, this operation deployed three trojanized extensions solaibot, among-eth, and blankebesxstnion disguised as legitimate tools […]

The post Malicious VS Code Extensions Target Windows Solidity Developers to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai researcher Yuval Gordon warned. BadSuccessor attack technique explained The exploitable feature was introduced to help organizations replace the legacy non-managed service accounts … More →

The post Unpatched Windows Server vulnerability allows full domain compromise appeared first on Help Net Security.

Вредоносный модуль маскируется под веб-сервер.

The U.S. Justice Department, in collaboration with the FBI and private sector partners like Microsoft, has announced the disruption of the Lumma Stealer (also known as LummaC2) malware infrastructure. This global operation targeted the notorious Malware-as-a-Service (MaaS) platform, which has been linked to over 1.7 million instances of data theft worldwide. The unsealing of two […]

The post Lumma Stealer Infrastructure Behind Global Attacks on Millions of Users Dismantled appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Luitenant-generaal Cas Schreurs heeft gedurende 1 jaar de troepen aangevoerd  van de NAVO-missie in Irak (NMI). Nu zit zijn taak erop. In Bagdad droeg hij vandaag het commando over aan de Franse generaal-majoor Christophe Hintzy.

搞应用安全接触洞态的这个iast很久了，虽说知道是基于java agent 字节码技术。但是去分析具体漏洞误报和这个系统的优缺点，面临的问题就还是一知半解，趁着机会做下相关使用记录。本次主要是原理介绍吧，后面看情况有机会可以把遇到的java安全上真实案例给做下记录介绍。

A sophisticated new malvertising scheme has emerged, transforming trusted e-commerce websites into phishing traps without the knowledge of site owners or advertisers. Cybercriminals are exploiting integrations with Google APIs, specifically through JSONP (JSON with Padding) calls, to inject malicious scripts into legitimate online stores. These scripts operate covertly, redirecting unsuspecting shoppers to fraudulent payment pages […]

The post Cybercriminals Using Trusted Google Domains to Spread Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Signal 项目宣布其桌面应用在默认下不能被 Recall——aka 被屏幕截图。Microsoft Recall 会在用户使用电脑时每几秒钟截取一次屏幕截图，提取屏幕内容将其存储在一个可搜索的数据库中。Recall 引发了隐私和安全方面的争议，微软因此进行多项调整。Signal 桌面应用将默认启用支持新的“屏幕安全”设置，阻止 Recall 在用户使用 Signal 时进行屏幕截图。

International law enforcement agencies and cybersecurity vendors seized thousands of domains used to run the MaaS operations of the widely popular Lumma Stealer malware, which was used to facilitate ransomware, malvertising, and phishing attacks around the globe.

The post Law Enforcement, Microsoft Disrupt Operations of Popular Lumma Stealer appeared first on Security Boulevard.

Security researcher has discovered a zero-day vulnerability (CVE-2025-37899) in the Linux kernel’s SMB server implementation using OpenAI’s o3 language model. The vulnerability, a use-after-free bug in the SMB ‘logoff’ command handler, could potentially allow remote attackers to execute arbitrary code with kernel privileges. This discovery marks a significant advancement in AI-assisted vulnerability research, demonstrating how […]

The post Linux Kernel Zero-Day SMB Vulnerability Discovered via ChatGPT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.