New Shai-Hulud malware wave compromises 600 npm packages Threat actors earlier today published more than 600 malicious packages to the Node Package M... 2026-5-19 14:32:14 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com hulud shai github antv security

Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation Authored by: Morey J. Haber, Chief Security Advisor, BeyondTrust, and James Maude, Field Chi... 2026-5-19 14:16:54 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security microsoft beyondtrust chief

7-Eleven confirms data breach claimed by the ShinyHunters gang Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberat... 2026-5-19 14:16:53 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com eleven giant extortion claimed

Webinar: The hidden bottlenecks in network incident response IT teams now get deluged by alerts from monitoring platforms, infrastructure systems, identi... 2026-5-19 12:33:25 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com workflows network operational webinar delays

Microsoft confirms patching issues in restricted Windows networks Microsoft says customers in restricted network environments may encounter Windows Update fai... 2026-5-19 11:31:51 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com windows microsoft download security network

INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operatio... 2026-5-18 22:17:32 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com interpol phishing suspects arrested authorities

SHub macOS infostealer variant spoofs Apple security updates A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security updat... 2026-5-18 21:47:33 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com shub malicious reaper applescript infostealer

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees When an employee installs an AI writing assistant, connects a coding copilot to their IDE, o... 2026-5-18 18:46:45 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security approved shadow evaluation governance

Leaked Shai-Hulud malware fuels new npm infostealer campaign The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manag... 2026-5-18 17:33:20 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com hulud shai teampcp oxsecurity github

Grafana says stolen GitHub token let hackers steal codebase Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitH... 2026-5-18 13:47:54 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com extortion paying publishing

Microsoft testing adjustable taskbar, Start menu in Windows 11 Microsoft has finally brought back the resizable taskbar and Start menu to Windows 11 in the... 2026-5-18 11:31:52 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com taskbar windows microsoft dialog insiders

Microsoft confirms Windows 11 security update install issues Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to in... 2026-5-18 08:49:12 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com windows microsoft security 2026

Exploit available for new DirtyDecrypt Linux root escalation flaw A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk modul... 2026-5-18 07:31:43 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security rxgk fedora network

Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026 The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting... 2026-5-18 05:46:54 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com pwn2own contest microsoft windows berlin

New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege e... 2026-5-17 22:31:55 | 阅读: 28 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com windows microsoft eclipse chaotic cloud

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi cli... 2026-5-17 14:46:51 | 阅读: 17 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft phishing tycoon2fa victim esentire

Microsoft rejects critical Azure vulnerability report, no CVE issued A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability a... 2026-5-16 21:1:55 | 阅读: 25 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft backup leary security aks

The Gentlemen ransomware now uses SystemBC for bot-powered attacks 好的，我现在需要帮用户总结一篇文章，控制在100字以内。用户给的文章内容比较复杂，涉及Gentlemen勒索软件、SystemBC代理恶意软件僵尸网络等。 首先，我需要通读整篇文章，抓住主要信息。文章提到Gentlemen勒索软件攻击了罗马尼亚最大的能源公司，并且Check Point发现了超过1570个受感染的主机，这些受害者主要是企业。SystemBC被用来作为代理恶意软件，用于分发恶意负载。 接下来，我需要将这些信息浓缩到100字以内。要确保涵盖关键点：Gentlemen勒索软件、攻击事件、Check Point的发现、受感染的企业数量以及SystemBC的作用。 然后，检查是否有遗漏的重要信息。比如文章提到Gentlemen RaaS的发展情况、加密方案以及他们在地下论坛招募 affiliate 等。但为了简洁，可能不需要全部包含进去。 最后，组织语言，确保句子通顺且信息完整。避免使用复杂的术语，让总结更易理解。 </think> Gentlemen 勒索软件攻击了罗马尼亚大型能源公司等目标，Check Point 发现其利用 SystemBC 代理恶意软件僵尸网络感染超 1,570 个企业主机。该僵尸网络用于分发恶意负载并支持横向移动及加密操作。... 2026-4-20 20:16:41 | 阅读: 26 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com ransomware gentlemen systembc 570 proxy

Seiko USA website defaced as hacker claims customer data theft 好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解主要信息。 文章讲的是Seiko USA的网站被黑了，显示了一个黑客的信息。黑客声称窃取了Shopify的客户数据库，并威胁如果不支付赎金就会泄露数据。他们展示了“HACKED”的页面，警告已经访问了后端并下载了敏感信息。被窃取的数据包括客户姓名、邮箱、电话、订单记录、地址等。黑客给了72小时让公司联系他们，否则就公开数据。BleepingComputer无法确认攻击者身份和威胁的真实性，Seiko USA也没有回应。 接下来，我需要把这些信息浓缩到100字以内。要抓住关键点：网站被黑、数据被盗、威胁泄露、赎金要求、涉及的数据类型、时间限制以及公司未回应。 可能的结构是：先说明事件，然后描述黑客的要求和威胁，接着提到数据内容和时间限制，最后提到公司的反应情况。 检查一下字数是否符合要求，并确保没有遗漏重要信息。 </think> Seiko USA网站被黑，显示黑客窃取Shopify客户数据库并威胁泄露以索要赎金。页面警告已访问后端并下载敏感信息，包括姓名、邮箱、电话、订单记录等。黑客要求72小时内联系，否则将公开数据。Seiko USA未回应事件。... 2026-4-20 18:31:2 | 阅读: 25 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com shopify seiko database usa attackers

Microsoft: Teams increasingly abused in helpdesk impersonation attacks 好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户已经给出了文章的详细内容，我得先仔细阅读并理解其中的关键信息。 文章主要讲的是微软警告黑客滥用Teams协作功能，伪装成IT人员诱骗员工提供远程访问权限。黑客利用合法工具如Quick Assist和Rclone进行横向移动和数据窃取。攻击过程分为多个阶段，包括初始接触、侦察、植入恶意软件、横向移动和数据外泄。微软建议限制远程工具的使用，并监控异常活动。 接下来，我需要提取这些关键点：威胁行为者、滥用Teams、伪装IT人员、诱骗提供访问权限、利用合法工具、多阶段攻击链、数据窃取建议措施等。 然后，我要把这些信息浓缩到100字以内，确保涵盖主要威胁、攻击方法和微软的建议。要注意用词简洁明了，避免重复。 最后，检查一下是否符合用户的要求：直接写描述，不使用特定开头语，并且控制在100字以内。 </think> 微软警告称，黑客正滥用Microsoft Teams协作功能，伪装成IT或客服人员诱骗员工提供远程访问权限。通过合法工具如Quick Assist和Rclone进行横向移动和数据窃取。攻击链分九个阶段，从初始接触到数据外泄。微软建议限制远程工具使用并监控异常活动。... 2026-4-20 15:16:17 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft remote malicious stage software