Aggregator

A vulnerability classified as critical was found in CADImage Plugin on IrfanView. Affected by this vulnerability is an unknown functionality of the component CGM File Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-7265. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in CADImage Plugin on IrfanView. This affects an unknown part of the component DXF File Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-7268. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CADImage Plugin on IrfanView. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component DXF File Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-7267. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 一场新的攻击活动已侵入了全球超过 3500 个网站，植入了 JavaScript 加密货币挖矿程序，标志着曾由 CoinHive 等推动的基于浏览器的加密劫持攻击卷土重来。 虽然此类服务在浏览器制造商采取措施禁止挖矿相关应用和插件后已关闭，但 c/side 的研究人员表示，他们在混淆过的 JavaScript 中发现了隐形挖矿程序的证据。该程序会评估设备的计算能力，并生成后台 Web Worker 线程来并行执行挖矿任务，且不引发任何警报。 更重要的是，该活动被发现利用 WebSocket 从外部服务器获取挖矿任务，以便根据设备能力动态调整挖矿强度，并相应地限制资源消耗以保持隐蔽。 安全研究员 Himanshu Anand 表示：“这是一个隐形挖矿程序，旨在通过保持在用户和安全工具的探测阈值以下来避免被发现。” 这种做法的最终结果是，用户在浏览被入侵网站时会不知不觉地挖掘加密货币，在不知情或未同意的情况下，他们的计算机就变成了隐蔽的加密货币生成机器。目前尚不清楚这些网站是如何被攻破以促成浏览器内挖矿的。 进一步分析已确定超过 3500 个网站被卷入这场大规模的非法加密挖矿活动中。托管该 JavaScript 挖矿程序的域名过去还与 Magecart 信用卡盗刷工具有关联，这表明攻击者试图使其攻击载荷和收入来源多样化。 使用相同域名来传送挖矿程序和信用卡/借记卡数据窃取脚本，表明威胁行为者有能力将 JavaScript 武器化，并针对毫无戒心的网站访问者发动投机性攻击。 c/side 表示：“攻击者现在优先考虑隐蔽性而非蛮力式的资源窃取，使用混淆、WebSocket 和基础设施重用以保持隐藏。目标不是瞬间耗尽设备资源，而是长期持续地汲取资源，如同数字吸血鬼。” 这一发现恰逢一起针对东亚电子商务网站的 Magecart 盗刷活动，该活动利用 OpenCart 内容管理系统（CMS），在结账时注入虚假支付表单，并从受害者那里收集包括银行信息在内的财务信息。窃取到的信息随后被外传到攻击者的服务器。 近几周，发现的客户端和网站定向攻击呈现出多种形式： 滥用与合法 Google OAuth 端点（“accounts.google[.]com/o/oauth2/revoke”）关联的回调参数的 JavaScript 嵌入代码，重定向至一个混淆的 JavaScript 攻击载荷，该载荷会创建指向攻击者控制域名的恶意 WebSocket 连接。 使用直接注入 WordPress 数据库（即 wp_options 和 wp_posts 表）的 Google Tag Manager (GTM) 脚本，以加载远程 JavaScript，将访问超过 200 个网站的访客重定向至垃圾广告域名。 破坏 WordPress 站点的 wp-settings.php 文件，使其直接从 ZIP 存档中引入恶意 PHP 脚本，该脚本连接到命令与控制（C2）服务器，并最终利用网站的搜索引擎排名注入垃圾内容，提升其可疑网站在搜索结果中的位置。 将恶意代码注入 WordPress 站点主题的页脚 PHP 脚本以实现浏览器重定向。 使用一个以受感染域名命名的虚假 WordPress 插件来逃避检测，并仅在检测到搜索引擎爬虫时启动，以提供旨在操控搜索引擎结果的垃圾内容。 在供应链攻击中，通过官方下载页面分发后门版本的 WordPress 插件 Gravity Forms（仅影响 2.9.11.1 和 2.9.12 版）。该后门插件会联系外部服务器获取额外攻击载荷，并添加一个管理员账户，使攻击者能完全控制网站。 Gravity Forms 开发团队 RocketGenius 表示：“如果安装，恶意代码修改将阻止更新该包的尝试，并试图联系外部服务器下载额外攻击载荷。” “如果该载荷成功执行，它将尝试添加一个管理员账户。这将打开一个后门，导致一系列其他可能的恶意操作，例如扩大远程访问、额外的未经授权的任意代码注入、操控现有管理员账户以及访问存储的 WordPress 数据。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

文章介绍了HTTP错误代码521的含义及其常见原因。该错误通常由Cloudflare触发，表示原始服务器无法处理请求，可能因过载或配置问题导致。文章还解释了该错误对用户体验的影响，并提供了排查和解决方法。

A sophisticated new phishing campaign has emerged, delivering the DeerStealer malware through weaponized .LNK shortcut files that exploit legitimate Windows binaries in a technique known as “Living off the Land” (LOLBin). The malware masquerades as a legitimate PDF document named “Report.lnk” while covertly executing a complex multi-stage attack chain that leverages mshta.exe, a legitimate Microsoft […]

The post DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools appeared first on Cyber Security News.

虚拟支付卡WildCard暂停充值、提现、注册及订阅消费功能，配合监管机构调查。已充值账户余额可继续使用订阅服务。公告内容存在差异，部分功能受限。用户担忧资金安全，但公司承诺确保余额安全并完成调查后决定后续措施。

The hacking collective known as EncryptHub—also tracked as LARVA-208 and Water Gamayun—has launched a new wave of attacks specifically targeting developers within the Web3 ecosystem. Their aim: to infect victims with data-stealing malware capable...

The post EncryptHub’s New Web3 Attack: Fake AI Platforms Deploy Fickle Stealer to Rob Crypto Devs appeared first on Penetration Testing Tools.

HackerNews 编译，转载请注明出处： 网络安全研究人员发现了一款新的安卓间谍软件痕迹，该软件很可能与伊朗情报与安全部（MOIS）有关联，并伪装成VPN应用和SpaceX提供的卫星互联网服务Starlink（星链）向目标分发。 移动安全供应商Lookout表示，在上个月以色列-伊朗冲突爆发后一周，他们发现了四个被其追踪为DCHSpy的间谍工具的样本。具体有多少人可能安装了这些应用尚不清楚。 安全研究人员Alemdar Islamoglu和Justin Albrecht表示：“DCHSpy收集WhatsApp数据、账户、联系人、短信、文件、位置和通话记录，并能录音和拍照。” DCHSpy最早于2024年7月被发现，被评估为与MOIS有关的伊朗国家背景黑客组织MuddyWater所为。该黑客团伙还被称为Boggy Serpens、Cobalt Ulster、Earth Vetala、ITG17、Mango Sandstorm（原Mercury）、Seedworm、Static Kitten、TA450和Yellow Nix。 早期的DCHSpy版本已被发现通过Telegram渠道，利用反对伊朗政权主题的内容，针对英语和波斯语用户。鉴于使用VPN作为诱饵来宣传该恶意软件，异议人士、活动人士和记者很可能是该活动的目标。 据推测，新发现的DCHSpy变种正在针对该地区最近冲突中的对手进行部署，手段是将其伪装成看似有用的服务，如Earth VPN（“com.earth.earth_vpn”）、Comodo VPN（“com.comodoapp.comodovpn”）和Hide VPN（“com.hv.hide_vpn”）。 有趣的是，一个Earth VPN应用样本被发现以“starlink_vpn(1.3.0)-3012 (1).apk”名称的APK文件形式分发，这表明该恶意软件很可能利用与星链相关的诱饵传播给目标。 值得注意的是，星链的卫星互联网服务于上月在伊朗政府实施网络封锁期间被激活。但几周后，该国议会投票决定将其未经授权的使用定为非法。 作为一个模块化木马，DCHSpy配备了多种数据收集功能，包括设备登录账户、联系人、短信消息、通话记录、文件、位置、环境录音、照片和WhatsApp信息。 DCHSpy还与其他名为SandStrike的安卓恶意软件共享基础设施。卡巴斯基于2022年11月标记出SandStrike，该恶意软件伪装成看似无害的VPN应用针对波斯语个体。 DCHSpy的发现是安卓间谍软件被用于针对中东地区个人和实体的最新案例。其他有记录的恶意软件家族包括AridSpy、BouldSpy、GuardZoo、RatMilad和SpyNote。 Lookout表示：“DCHSpy使用与SandStrike相似的战术和基础设施。它通过Telegram等即时通讯应用直接共享恶意链接，分发给目标群体和个人。” “这些最新的DCHSpy样本表明，随着中东局势的演变，尤其是伊朗在达成与以色列的停火后加强对本国公民的管控，该间谍工具在持续开发和利用。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

该文章描述了错误代码521的原因及其对网站访问的影响，并提供了相关的解决方法和建议。

Cybercriminals affiliated with the group PoisonSeed have devised a method to circumvent FIDO2 protection—not by breaching the technology itself, but by cleverly exploiting one of its legitimate features: cross-device authentication. Through this technique, attackers...

The post FIDO2 Bypass Uncovered: Hackers Exploit Cross-Device Authentication with QR Code Phishing appeared first on Penetration Testing Tools.

The Chinese firm SDIC Intelligence Xiamen Information Co., Ltd. (formerly Meiya Pico), renowned for its work in digital forensics and information security technologies, has developed a mobile tool named Massistant for data extraction from...

The post Massistant: China’s New Mobile Forensics Tool Harvests Data from Seized Devices appeared first on Penetration Testing Tools.

议题揭秘时刻~

A vulnerability, which was classified as critical, has been found in CADImage Plugin on IrfanView. This issue affects some unknown processing of the component DWG File Parser. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2025-7244. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in CADImage Plugin on IrfanView. Affected is an unknown function of the component DWG File Parser. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-7246. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CADImage Plugin on IrfanView. It has been declared as critical. This vulnerability affects unknown code of the component DWG File Parser. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-7252. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CADImage Plugin on IrfanView. It has been rated as critical. This issue affects some unknown processing of the component DXF File Parser. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2025-7254. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in CADImage Plugin on IrfanView. Affected by this vulnerability is an unknown functionality of the component DWG File Parser. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-7253. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in CADImage Plugin on IrfanView. Affected by this issue is some unknown functionality of the component DXF File Parser. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2025-7256. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in CADImage Plugin on IrfanView. This affects an unknown part of the component DWG File Parser. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-7255. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.