资讯

The Hacker News3 小时
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
Fake AI installers for ChatGPT and InVideo deliver ransomware and info-stealers via SEO scams and social ads, targeting ...
The Hacker News6 小时
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
Malware with corrupted DOS and PE headers evades detection for weeks, decrypts TLS-based C2 and enables full attacker control ...
The Hacker News14 小时
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
CVE-2025-47577 flaw in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files—no patch yet, 100K+ ...
The Hacker News13 小时
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called ...
The Hacker News9 小时
DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints
DragonForce exploited three SimpleHelp CVEs to hijack an MSP’s RMM tool, steal data, and deploy ransomware on customer ...
The Hacker News1 天
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading ...
Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited ...
The Hacker News1 天
Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore
Iranian hacker pleads guilty to Robbinhood ransomware attacks causing $19M+ in losses, crippling U.S. cities via BYOVD and ...
The Hacker News1 天
Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack
In March 2024, the DoJ indicted seven hackers associated with APT31, accusing them of engaging in sweeping cyber espionage ...
The Hacker News1 天
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
Amazon-hosted IPs scanned 75 tech targets on May 8 in a one-day exploit surge, showing orchestrated cloud-based recon.
The Hacker News2 天
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
Mobile-focused phishing using SEO poisoning and fake portals hit payroll systems in May 2025, rerouting salaries and evading ...
The Hacker News1 天
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more ...
The Hacker News2 天
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Void Blizzard targeted over 20 NGOs using credential phishing via fake Entra logins, exfiltrating sensitive cloud data.