Cookies and how to bake them: what they are for, associated risks, and what session hijacking has to do with it read file error: read notes: is a directory... 2025-9-2 10:15:12 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com security attacker malicious developers fixation

How attackers adapt to built-in macOS protection 文章介绍了macOS的安全机制（如Keychain、TCC、SIP、File Quarantine、Gatekeeper和XProtect），分析了常见攻击方式及其绕过方法，并提供了检测和防御建议。... 2025-8-29 10:30:15 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com security keychain library spctl keychains

Exploits and vulnerabilities in Q2 2025 read file error: read notes: is a directory... 2025-8-27 10:15:13 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com q2 security c2 exploited

Modern vehicle cybersecurity trends 现代汽车正向数字化发展,提供智能系统与便利功能,但也扩大了网络安全风险。车内网络复杂,不同车型安全架构差异大,未来可能面临更多威胁,尤其是针对车队和商用车辆的攻击风险增加。... 2025-8-22 09:15:14 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com vehicles vehicle security remote

GodRAT – New RAT targeting financial institutions 2024年9月发现针对金融行业的恶意攻击，通过Skype分发伪装成财务文件的恶意屏幕保护程序文件，部署名为GodRAT的远程访问木马（RAT），基于Gh0st RAT代码，并利用隐写术隐藏恶意代码。攻击者还使用AsyncRAT作为辅助植入程序以维持长期访问。该活动持续至2025年8月，主要针对香港和阿联酋等地。... 2025-8-19 11:15:13 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com godrat shellcode scr c2 injector

Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824 read file error: read notes: is a directory... 2025-8-18 09:0:16 | 阅读: 46 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com pipemagic attackers payload memory loader

New trends in phishing and scams: how AI and social media are changing the game read file error: read notes: is a directory... 2025-8-13 08:45:12 | 阅读: 21 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com phishing victim bots attackers translate

Scammers mass-mailing the Efimer Trojan to steal crypto read file error: read notes: is a directory... 2025-8-8 09:15:11 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com trojan efimer c2 phrases ntdlg

Driver of destruction: How a legitimate driver is being used to take down AV processes 文章描述了一起利用恶意软件“AV killer”攻击事件，该软件通过滥用ThrottleStop.sys驱动终止杀毒进程并降低系统防御。攻击者通过有效凭证入侵SMTP服务器后横向移动，并部署MedusaLocker勒索软件加密系统。... 2025-8-6 10:15:13 | 阅读: 24 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com killer memory attacker security

Cobalt Strike Beacon delivered via GitHub and social media 2024年下半年，俄罗斯IT行业及其他国家实体遭遇网络攻击。攻击者利用DLL劫持、API混淆等技术，并通过社交平台隐藏恶意软件。攻击主要通过伪装成合法通信的钓鱼邮件传播，目标为俄罗斯IT公司为主，波及多国。... 2025-7-30 09:30:19 | 阅读: 26 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com malicious hxxps microsoft attackers

ToolShell: a story of five vulnerabilities in Microsoft SharePoint 在2025年7月19日至20日，安全公司和国家CERT报告称，在Premise SharePoint服务器上活跃利用了两个漏洞（CVE-2025-49704和CVE-2025-49706），允许无认证控制服务器。微软发布了针对其他漏洞的补丁（CVE-2025-53770和CVE-2025-53771），但引发混淆。攻击影响全球多国多行业。Kaspersky检测到恶意活动并提供防护建议。... 2025-7-25 07:0:20 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com microsoft 49704 layouts 49706

Rumble in the jungle: APT41’s new target in Africa read file error: read notes: is a directory... 2025-7-21 08:0:0 | 阅读: 38 | 收藏 | Securelist - securelist.com attackers windows malicious cobalt library

GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia read file error: read notes: is a directory... 2025-7-17 08:0:53 | 阅读: 23 | 收藏 | Securelist - securelist.com exchange proxy attacker

Forensic journey: Breaking down the UserAssist artifact structure read file error: read notes: is a directory... 2025-7-14 10:0:6 | 阅读: 27 | 收藏 | Securelist - securelist.com userassist fireevent ueme ctlsession nmax

Code highlighting with Cursor AI for $500,000 read file error: read notes: is a directory... 2025-7-10 11:15:19 | 阅读: 28 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com malicious solidity attackers powershell developer

Approach to mainframe penetration testing on z/OS. Deep dive into RACF 文章探讨了IBM z/OS大型机上的RACF安全包，分析了其决策逻辑、数据库结构及实体间交互关系，并介绍了一款名为racfudit的工具，用于离线分析RACF配置以识别潜在安全漏洞和权限提升路径。... 2025-7-8 10:0:16 | 阅读: 29 | 收藏 | Securelist - securelist.com racf database phrase des

Batavia spyware steals data from Russian organizations 这篇文章描述了针对俄罗斯工业组织的Batavia间谍软件攻击活动。攻击始于2024年7月，通过伪装成合同的钓鱼邮件传播。恶意软件分为三个阶段：VBS脚本下载恶意文件、WebView.exe收集系统信息并下载下一阶段恶意软件、javav.exe扩展文件收集范围并使用UAC绕过技术执行更多恶意操作。攻击导致大量内部文档和系统信息被盗。... 2025-7-7 10:0:26 | 阅读: 21 | 收藏 | Securelist - securelist.com malicious oblast download stage javav

AI and collaboration tools: how cyberattackers are targeting SMBs in 2025 中小企业面临日益严重的网络攻击威胁，包括伪装成流行工具的恶意软件和AI驱动的钓鱼攻击。需加强安全措施如员工培训、使用官方来源软件等以降低风险。... 2025-6-25 10:0:12 | 阅读: 19 | 收藏 | Securelist - securelist.com smbs malicious security microsoft phishing

SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play 研究人员发现新的间谍软件通过感染的应用程序进入苹果和安卓官方应用商店，目标是窃取用户照片，包括加密钱包种子短语。该活动自2024年2月起活跃，并与之前的SparkCat间谍软件相关联，主要针对东南亚和中国用户。... 2025-6-23 08:0:37 | 阅读: 17 | 收藏 | Securelist - securelist.com malicious hxxps c2 trojan aliyuncs

Toxic trend: Another malware threat targets DeepSeek 研究人员发现威胁分子利用DeepSeek-R1聊天机器人热度展开攻击。他们通过malvertising在Google Ads投放广告，诱导用户访问伪造的DeepSeek官网。该网站会下载恶意安装程序AI_Launcher_1.21.exe，在用户不知情的情况下安装BrowserVenom代理劫持软件。该恶意软件会将所有浏览器配置为使用指定代理服务器，使攻击者能够监控和劫持用户的网络流量。攻击影响全球多个国家和地区。... 2025-6-11 10:0:50 | 阅读: 24 | 收藏 | Securelist - securelist.com malicious deepseek proxy captcha x509store