Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack read file error: read notes: is a directory... 2025-9-8 19:20:56 | 阅读: 15 | 收藏 | Security Affairs - securityaffairs.com salesloft drift github breached

Canadian investment platform Wealthsimple disclosed a data breach read file error: read notes: is a directory... 2025-9-8 14:10:58 | 阅读: 28 | 收藏 | Security Affairs - securityaffairs.com security software investment paganini

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies read file error: read notes: is a directory... 2025-9-8 09:9:55 | 阅读: 4 | 收藏 | Security Affairs - securityaffairs.com huawei president maduro x6 mate

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure 捷克网络安全机构警告中国技术对关键基础设施的风险，包括设备数据传输和远程控制能力。涉及领域包括能源、医疗、交通和政府。中国网络间谍组织APT31被指攻击捷克及北约盟国。... 2025-9-8 00:5:55 | 阅读: 10 | 收藏 | Security Affairs - securityaffairs.com czech nukib apt31 healthcare warns

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61 read file error: read notes: is a directory... 2025-9-7 18:0:4 | 阅读: 13 | 收藏 | Security Affairs - securityaffairs.com remembering repeat visits

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION read file error: read notes: is a directory... 2025-9-7 17:34:53 | 阅读: 14 | 收藏 | Security Affairs - securityaffairs.com remembering repeat visits

Qantas cuts executive bonuses by 15% after a July data breach read file error: read notes: is a directory... 2025-9-6 13:56:49 | 阅读: 64 | 收藏 | Security Affairs - securityaffairs.com qantas bonuses flyer frequent cuts

MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel read file error: read notes: is a directory... 2025-9-6 09:35:17 | 阅读: 19 | 收藏 | Security Affairs - securityaffairs.com meetc2 cloud c2 polling googleapis

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation SAP S/4HANA软件存在严重漏洞CVE-2025-42957（CVSS评分9.9），允许低权限用户通过注入ABAP代码完全控制系统，创建超级用户账户并窃取数据。该漏洞影响所有版本的S/4HANA，并已遭在野利用。供应商已修复此问题。... 2025-9-5 20:8:35 | 阅读: 12 | 收藏 | Security Affairs - securityaffairs.com 4hana attacker 42957 abap

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog 美国网络安全和基础设施安全局（CISA）将Sitecore、Android和Linux的多个漏洞加入其已知被利用的漏洞目录。其中包括Linux内核的TOCTOU竞态条件漏洞、Android运行时未指定漏洞以及Sitecore产品的反序列化数据漏洞。Google修复了120个Android漏洞，并指出其中两个已被用于定向攻击。CISA要求联邦机构在9月25日前修复这些漏洞以应对潜在威胁。... 2025-9-5 11:36:33 | 阅读: 10 | 收藏 | Security Affairs - securityaffairs.com exploited sitecore catalog security

SVG files used in hidden malware campaign impersonating Colombian authorities VirusTotal发现一个隐藏恶意软件活动利用SVG文件伪装哥伦比亚司法系统。攻击者通过隐藏JavaScript构建虚假登录页面并传播恶意软件。该恶意SVG双重功能：诱骗用户输入信息并秘密下载恶意ZIP文件。传统杀毒软件无法检测此类威胁，需更深入分析才能发现其隐藏行为。... 2025-9-5 09:55:3 | 阅读: 31 | 收藏 | Security Affairs - securityaffairs.com malicious insight phishing colombian undetected

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules 法国数据监管机构CNIL因违反cookie规则分别对Google罚款3.25亿欧元、Shein罚款1.5亿欧元。Google因在Gmail中展示广告未获用户同意被罚，Shein则因多项cookie违规行为受罚。... 2025-9-5 07:28:54 | 阅读: 7 | 收藏 | Security Affairs - securityaffairs.com cnil shein french regard

$10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure read file error: read notes: is a directory... 2025-9-4 19:3:39 | 阅读: 6 | 收藏 | Security Affairs - securityaffairs.com fsb officers network 0171 dragonfly

Severe Hikvision HikCentral product flaws: What You Need to Know Hikvision HikCentral软件存在三个安全漏洞,其中最高风险的CVE-2025-39247允许未认证用户获取管理员权限,威胁组织安全基础设施。建议受影响用户立即更新至最新版本以修复漏洞。... 2025-9-4 10:37:6 | 阅读: 7 | 收藏 | Security Affairs - securityaffairs.com hikcentral hikvision security attacker privileges

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog 美国网络安全机构CISA将TP-Link Archer C7(EU)和TL-WR841N路由器的两个漏洞加入已知被利用漏洞目录。其中一个漏洞允许未认证攻击者绕过认证获取凭据（CVSS 6.5），另一个为命令注入漏洞（CVSS 8.6）。设备已停产，厂商建议用户更换或打补丁。CISA要求联邦机构于9月24日前修复相关漏洞以应对潜在攻击风险。... 2025-9-4 07:44:7 | 阅读: 9 | 收藏 | Security Affairs - securityaffairs.com wr841n tl c7 catalog

Crooks turn HexStrike AI into a weapon for fresh vulnerabilities 犯罪分子利用HexStrike AI工具攻击新漏洞，Check Point指出该工具被用于快速利用零日漏洞，缩短攻击时间并增加风险。... 2025-9-3 19:43:40 | 阅读: 7 | 收藏 | Security Affairs - securityaffairs.com hexstrike security discussing agents

Google addressed two Android flaws actively exploited in targeted attacks read file error: read notes: is a directory... 2025-9-3 17:37:8 | 阅读: 5 | 收藏 | Security Affairs - securityaffairs.com exploited addressed security severe

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog 美国网络安全机构CISA将WhatsApp授权绕过漏洞（CVE-2025-55177）及TP-Link设备身份验证缺陷（CVE-2020-24363）加入已知被利用漏洞目录，并要求联邦机构于9月23日前修复相关问题。... 2025-9-3 12:9:29 | 阅读: 10 | 收藏 | Security Affairs - securityaffairs.com exploited catalog security attackers

Android droppers evolved into versatile tools to spread malware Android 分发器演变为多功能工具，用于传播银行木马、短信窃取器和间谍软件，并伪装成政府或银行应用在亚洲地区传播。Google 的 Pilot Program 虽加强了安全检查，但分发器通过延迟加载真实载荷绕过检测。研究人员发现 RewardDropMiner 等分发器可避开 Play Protect 和 Pilot Program，并建议持续优化防御策略以应对不断进化的威胁。... 2025-9-3 09:41:56 | 阅读: 8 | 收藏 | Security Affairs - securityaffairs.com droppers pilot spyware evade pierluigi

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft read file error: read notes: is a directory... 2025-9-3 08:8:47 | 阅读: 7 | 收藏 | Security Affairs - securityaffairs.com jlr rover jaguar cyberattack retail