Aggregator

You must login to view this content

DarkCloud Stealer has recently emerged as a potent threat targeting financial organizations through convincing phishing campaigns. Adversaries employ weaponized RAR attachments masquerading as legitimate documents to deliver a multi-stage JavaScript-based payload. Upon opening the archive, victims execute a VBE script that leverages Windows Script Host to initiate a PowerShell downloader hidden in innocuous-seeming image files. […]

The post DarkCloud Stealer Attacking Financial Companies With Weaponized RAR Attachments appeared first on Cyber Security News.

A recently discovered flaw in LangChainGo, the Go implementation of the LangChain framework for large language models, permits attackers to read arbitrary files on a server by injecting malicious prompt templates. Tracked as CVE-2025-9556, this vulnerability arises from the use of the Gonja template engine, which supports Jinja2 syntax and can be manipulated to perform […]

The post LangChainGo Vulnerability Allows Malicious Prompt Injection to Access Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Federal Bureau of Investigation (FBI) has released a detailed flash advisory disclosing indicators of compromise (IOCs) and tactics used by two cybercrime groups—UNC6040 and UNC6395—to breach Salesforce customer environments and siphon sensitive data. Coordinated with the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS/CISA), the bulletin aims to equip security teams and […]

The post FBI Releases IOCs on Cyber Threats Exploiting Salesforce for Data Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

黑客正滥用iCloud日历邀请功能，以苹果邮件服务器名义发送伪装成购买通知的回电钓鱼邮件。由于这类邮件直接发自苹果官方服务器，因此更有可能绕过垃圾邮件过滤器，直接进入目标用户的收件箱。

钓鱼邮件伪装成PayPal支付通知

本月初，一苹果用户在社交媒体上分享了一封可疑邮件：该邮件声称收件人的PayPal账户被扣除599美元，并提供了一个电话号码，称若需讨论付款事宜或进行修改可拨打联系。

邮件内容写道：“您好，客户。您的PayPal账户已被扣费599.00美元。我们特此确认已收到您最近的付款。” 后续补充道：“如您希望讨论或修改此笔付款，请拨打+1 (786) 902-8579联系我们的支持团队。如需取消，请拨打+1 (786) 902-8579。” 

iCloud日历邀请用于网络钓鱼邮件

这类邮件的目的是欺骗收件人，使其误以为自己的PayPal账户遭盗用并被恶意扣费，进而恐吓收件人拨打骗子的“支持”电话。一旦拨通，骗子会进一步谎称收件人账户已被盗，或声称需要远程连接电脑协助办理退款，诱骗用户下载并运行恶意软件。 

而在以往的类似骗局中，这种远程访问权限常被用于窃取银行账户资金、植入恶意软件或盗取电脑中的数据。

滥用iCloud日历邀请的技术细节

该邮件的诱饵内容虽属典型的回电钓鱼骗局，但异常之处在于其发件地址为“[email protected]”，且通过了SPF、DMARC和DKIM三项邮件安全验证——这意味着邮件确实发自苹果的官方服务器。

邮件验证结果显示：  

Authentication-Results: spf=pass (sender IP is 17.23.6.69)  

smtp.mailfrom=email.apple.com; dkim=pass (signature was verified)  

header.d=email.apple.com;dmarc=pass action=none header.from=email.apple.com;  

从这封钓鱼邮件来看，它本质上是一封iCloud日历邀请：攻击者将钓鱼文本写入“备注”字段，然后向自己控制的一个Microsoft 365邮箱地址发送邀请。

当用户创建iCloud日历活动并邀请外部人员时，苹果服务器会以“[email protected]”为发件地址，以iCloud日历所有者的名义从email.apple.com发送邮件邀请。 

文章举例获取的这封邮件中，邀请对象是一个Microsoft 365账户“[email protected]”。与此前利用PayPal“新地址”功能的钓鱼活动类似，这个被邀请的Microsoft 365邮箱实际是一个邮件列表——它会自动将收到的所有邮件转发给列表中的所有成员，而这些成员正是钓鱼骗局的目标。 

通常情况下，若邮件最初发自苹果服务器，经Microsoft 365转发后会无法通过SPF验证。为避免这一问题，Microsoft 365会使用“发件人重写方案（SRS）”将“回复路径”重写为微软关联地址，从而使其通过SPF验证。例如：  

原始回复路径：[email protected]  

重写后回复路径：[email protected]  

风险提示与平台回应

尽管这封钓鱼邮件的诱饵内容并无特别之处，但攻击者通过滥用iCloud日历邀请这一合法功能，并借助苹果邮件服务器及官方邮箱地址，为邮件增添了可信度，且因其发自可信来源，有可能绕过垃圾邮件过滤器。

若用户收到意外的日历邀请，且其中包含可疑信息，请务必保持警惕。截至目前苹果公司尚未就此事进行回复。

Emerging in early September 2025, the Yurei ransomware has swiftly drawn attention for its novel combination of Go-based execution and ChaCha20 encryption. First documented on September 5 when a Sri Lankan food manufacturer fell victim, the threat actor behind Yurei adopted a double-extortion model: encrypting files while exfiltrating sensitive data for additional leverage. Within days, […]

The post New Yurei Ransomware With PowerShell Commands Encrypts Files With ChaCha20 Algorithm appeared first on Cyber Security News.

Ransomware continues to be one of the most destructive and pervasive cyber threats facing organizations of all sizes. In 2025, the sophistication of ransomware attacks has reached unprecedented levels, with threat actors employing advanced techniques like double extortion, supply chain attacks, and leveraging artificial intelligence to bypass traditional defenses. The cost of a ransomware attack […]

The post Top 10 Best Ransomware Protection Solutions in 2025 appeared first on Cyber Security News.

A threat actor targeted low-skilled hackers, known as ‘script kiddies’ with a fake malware builder that secretly infected them with a backdoor to st

The post Hacker Deceives 18,000 Script Kiddies with Fake Malware Builder appeared first on Security Boulevard.

Learn how to implement single sign-on (SSO) solutions for your enterprise. This guide covers SSO protocols, security best practices, and choosing the right SSO provider.

The post Implementing Single Sign-on Solutions appeared first on Security Boulevard.