资讯

The Hacker News22 小时
U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems
Leonidas Varagiannis (aka War), 21, and Prasan Nepal (aka Trippy), 20, the two alleged leaders of a child extortion group 764 ...
The Hacker News17 小时
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
Iranian threat actor Lemon Sandstorm accessed Middle East CNI from 2023–2025 using VPN flaws, web shells, and 8 custom tools.
The Hacker News17 小时
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
Malicious Go and PyPI packages use Gmail and wget to exfiltrate data, wipe Linux disks, and hijack crypto credentials.
The Hacker News1 天
MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
Stealth malware MintsLoader delivers GhostWeaver RAT + Evades sandboxes using DGA + Powers data theft via encrypted C2 ...
The Hacker News1 天
TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China
"TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency ...
The Hacker News1 天
Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense
Prompt injection flaws in Anthropic’s MCP and Google’s A2A protocols enable covert data exfiltration and AI manipulation.
The Hacker News2 天
Why top SOC teams are shifting to Network Detection and Response
NDR solutions uncover hidden threats missed by legacy tools by analyzing encrypted traffic, lateral movement, and blind spots ...
The Hacker News2 天
DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics
Phishing attacks deliver DarkWatchman and Sheriff malware; targets span Russia, Ukraine, Baltics, with stealth and ...
The Hacker News1 天
Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support
"Brand new Microsoft accounts will now be 'passwordless by default,'" Microsoft's Joy Chik and Vasu Jakkal said. "New users ...
The Hacker News2 天
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
Backdoor plugin hijacks WordPress sites with admin access, stealth reinfection, and JS ad fraud—active since Jan 2025.
The Hacker News3 天
Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About
The report found a median account takeover exposure rate of 1.4% among platforms ranging from 5 million to 300 million users.
The Hacker News4 天
Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products
Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023 but an ...