Aggregator

Nearly 50% of companies paid the ransom to recover their data, the second-highest rate in six years, according to Sophos. How actual payments stack up with the initial demand Ransom payments and recovery costs are on the decline Despite the high percentage of companies that paid the ransom, 53% paid less than the original demand. In 71% of cases where the companies paid less, they did so through negotiation, either through their own negotiations or … More →

The post Companies negotiate their way to lower ransom payments appeared first on Help Net Security.

Hollowise is a Windows-based tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques. It allows for stealth execution of debuggers and code and network analizers by replacing the memory of a suspended process (e.g. calc.exe) with...

The post Hollowise: New Windows Tool Enables Stealthy Code Execution via Process Hollowing & PPID Spoofing appeared first on Penetration Testing Tools.

The Pakistani cyber-espionage group APT36, also known as Transparent Tribe, has launched a sophisticated new phishing campaign targeting personnel within India’s defense sector. Experts at CYFIRMA have uncovered that the threat actors are employing...

The post APT36 Unleashes Advanced Phishing Against Indian Defense Personnel: New Anti-Analysis Malware & NIC Impersonation appeared first on Penetration Testing Tools.

At the international Botconf conference held in May 2025 in Angers, France, experts from NICT CSRI unveiled the findings of their three-year investigation into the RapperBot malware. Their conclusions were alarming: this evolved variant...

The post RapperBot Unleashed: Sophisticated Mirai Variant Targets DVRs, Launches HTTPS DDoS Attacks appeared first on Penetration Testing Tools.

Experts at NeuralTrust have reported a newly identified and dangerous method of bypassing neural network safeguards, dubbed Echo Chamber. This technique enables bad actors to subtly coax large language models (LLMs)—such as ChatGPT and...

The post “Echo Chamber” Attack Uncovered: New Jailbreak Bypasses LLM Safeguards with Subtle Context Manipulation appeared first on Penetration Testing Tools.

The British Cyber Monitoring Centre (CMC) has released its first official assessment of the damage caused by recent cyberattacks that disrupted major retail chains across the country. According to estimates, total financial losses range...

The post UK Retail Cyberattacks Cost Up to £440M: Cyber Monitoring Centre Unveils First Damage Assessment appeared first on Penetration Testing Tools.

Some of the most popular generative AI and large language model (LLM) platforms, from companies like Meta, Google, and Microsoft, are collecting sensitive data and sharing it with unknown third parties, leaving users with limited transparency and virtually no control over how their information is stored, used, or shared, according to Incogni. AI platforms trap user data in training Many of these platforms, including Google’s Gemini, Meta AI, DeepSeek, and Pi.ai, do not appear to … More →

The post Users lack control as major AI platforms share personal info with third parties appeared first on Help Net Security.

一场大规模的恶意软件活动专门针对《我的世界》玩家，他们使用恶意模型和欺骗手段感染Windows设备，通过信息窃取器窃取凭证、身份验证令牌和加密货币钱包。

该活动由Check Point Research发现，由Stargazers Ghost Network进行，并利用《我的世界》大规模建模生态系统和GitHub等合法服务来吸引大量潜在目标受众。

Check Point在Pastebin链接上看到了成千上万的浏览量或点击量，这些浏览量被威胁者用来向目标设备发送有效载荷，此次活动的影响范围广泛。

隐秘的Minecraft恶意软件

Stargazers幽灵网络是一种自去年以来活跃在GitHub上的分发即服务（DaaS）操作，首次被Check Point记录在涉及3000个传播虚假信息的账户的活动中。

同样的操作，由虚假的GitHub星标推动，被观察到在2024年底感染了超过17000个系统，使用了一种新型的基于Godot的恶意软件。

由Check Point研究人员Jaromír Hořejší和Antonis Terefos描述的最新活动用Java恶意软件攻击《我的世界》，该恶意软件可以逃避所有反病毒引擎的检测。

研究人员发现了多个由Stargazers运行的GitHub存储库，伪装成《我的世界》（Minecraft）模型和Skyblock Extras、Polar Client、FunnyMap、Oringo和Taunahi等作弊工具。

Antonis Terefos表示目前已经确定了大约500个GitHub存储库，包括那些分叉或复制的，它们是针对《我的世界》玩家的行动的一部分。另外，还看到了大约70个账户产生的700颗星星。

参与此操作的四个存储库

一旦在Minecraft中执行，第一阶段的JAR加载器使用base64编码的URL从Pastebin下载下一阶段，获取基于java的窃取器。

这个窃取者的目标是Minecraft账户令牌和来自Minecraft启动器和流行的第三方启动器（如Feather， Lunar和Essential）的用户数据。

它还试图窃取Discord和Telegram帐户令牌，通过HTTP POST请求将窃取的数据发送到攻击者的服务器。

Java窃取程序还可以作为下一阶段的加载程序，这是一个基于。net的窃取程序，名为“44 CALIBER”，这是一个更“传统”的信息窃取程序，试图窃取存储在网络浏览器、VPN帐户数据、加密货币钱包、Steam、Discord和其他应用程序中的信息。

感染链概述

44 CALIBER还收集系统信息和剪贴板数据，并可以抓取受害者电脑的屏幕截图。

研究人员说：“在去混淆之后，我们可以观察到它从浏览器（Chromium, Edge, Firefox），文件（Desktop, Documents, %USERPROFILE%/Source），加密货币钱包（Armory, AtomicWallet, bitcoore, Bytecoin, DashCore, Electrum, Ethereum, LitecoinCore, Monero, Exodus, Zcash, Jaxx）， vpn (ProtonVPN, OpenVPN, NordVPN), Steam, Discord, FileZilla， Telegram中窃取各种凭证。”

被盗数据是通过Discord的网络钩子泄露出来的，并附有俄罗斯的评论。这个线索，结合UTC+3提交时间戳，表明这个活动的操作者是俄罗斯人。

Check Point在其报告的底部分享了完整的入侵指标（ioc），以帮助检测和阻止威胁。

为了确保安全，微软玩家应该只从信誉良好的平台和经过验证的社区门户网站下载mod。如果提示从GitHub下载，请检查启动、分叉和贡献者的数量，仔细检查提交是否有虚假活动的迹象，并检查存储库上最近的操作。最后，谨慎的做法是在测试mod时使用单独的“burner”Minecraft账户，避免登录到其主账户。

The United States has issued a warning regarding potential cyberattacks from pro-Iranian groups following a series of airstrikes on Iran’s nuclear facilities—strikes that have escalated into an armed conflict between Iran and Israel, which...

The post US Warns of Iranian Cyberattacks After Airstrikes: Truth Social Hit, Infrastructure at Risk appeared first on Penetration Testing Tools.

In May, Telegram launched what appeared to be a decisive strike against the shadowy Chinese-speaking underworld of cryptocurrency fraud by blocking its largest marketplaces—platforms rife with services for money laundering, the trade of stolen...

The post Crypto Black Markets Rebound: Telegram’s Purge Fails as Money Laundering Hubs Resurface appeared first on Penetration Testing Tools.