Sendit sued by the FTC for illegal collection of children data 美国联邦贸易委员会起诉Sendit及其CEO，指控其非法收集未成年人数据并进行欺诈性订阅操作。该应用面向青少年用户，在未经家长同意的情况下收集儿童个人信息，并生成虚假匿名消息误导用户购买付费会员。这些行为违反了《儿童在线隐私保护法》及《联邦贸易委员会法案》等规定。... 2025-9-30 20:0:26 | 阅读: 2 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com sendit ftc holdings membership anonymous

New MatrixPDF toolkit turns PDFs into phishing and malware lures A new phishing tool, MatrixPDF, allows attackers to turn regular PDFs into interactive traps that bypass email security and redirect users to credential theft or malware. Discovered by Varonis researchers, it was first seen on a cybercrime forum and uses Telegram for buyer interaction. The tool enables attackers to add malicious features like blurred content, fake prompts, and clickable overlays that lead to external payloads. It can also embed JavaScript to trigger malicious actions when users open or interact with the document. Tests showed that these PDFs can bypass Gmail's phishing filters since they don't contain malicious binaries but rely on external links. Varonis warns of the popularity of PDFs in phishing attacks and suggests AI-driven email security to detect and block such threats.... 2025-9-30 19:0:20 | 阅读: 3 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com matrixpdf phishing varonis malicious pdfs

WestJet confirms recent breach exposed customers' passports 加拿大航空公司WestJet遭遇网络攻击，导致客户敏感信息如护照和身份证件被泄露。此次事件影响范围包括姓名、出生日期、地址及旅行文件等数据。尽管未涉及信用卡号等关键金融信息，但公司仍需进一步确定受影响范围，并为客户提供两年免费身份盗窃保护服务。... 2025-9-30 18:45:20 | 阅读: 1 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com westjet mastercard rbc airline

Windows 11 2025 Update (25H2) is now available, Here's what's new 微软发布Windows 11 25H2（2025更新），作为小版本更新与24H2共享平台功能和修复。通过eKB包（小于200KB）升级，逐步推送。新增漏洞检测和AI辅助安全编码功能，企业版支持Wi-Fi 7及移除部分预装应用。消费者版无显著新功能，移除PowerShell 2.0和WMIC，并延长支持周期至36个月（企业版）或24个月（专业版）。... 2025-9-30 18:0:24 | 阅读: 2 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com windows 25h2 microsoft ekb 24h2

Critical WD My Cloud bug allows remote command injection Western Digital修复了My Cloud NAS系列中的严重漏洞CVE-2025-30247，该漏洞允许远程执行系统命令。受影响型号包括PR2100、PR4100等，部分设备已过支持期。建议用户尽快更新至固件5.31.108以避免数据泄露或系统受损风险。... 2025-9-30 17:0:26 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com cloud firmware western exploited dl4100

Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws Cisco ASA/FTD设备存在严重漏洞CVE-2025-20333和CVE-2025-20362，影响约5万台公网设备。黑客已积极利用这些漏洞进行攻击。CISA发布紧急指令要求升级设备以应对风险。... 2025-9-30 17:0:24 | 阅读: 4 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com asa ftd security 20362 20333

Chinese hackers exploiting VMware zero-day since October 2024 Broadcom修复了VMware Aria Operations和VMware Tools中的高危权限提升漏洞（CVE-2025-41244），该漏洞自2024年10月起被零日攻击利用。欧洲网络安全公司NVISO披露该漏洞与 UNC5174 中方威胁组织相关，并允许无特权用户通过恶意二进制文件提升权限至root级别。Broadcom同时修复了另两个由NSA报告的VMware NSX高危漏洞。... 2025-9-30 15:0:28 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com exploited unc5174 security broadcom aria

VMware Certification Is Surging in a Shifting IT Landscape IT行业认证需求上升，成为应对混合基础设施、多云操作及现代安全挑战的关键。认证提升团队财务价值与安全专业知识，确保多云环境一致性。同时增强个人职业弹性，帮助企业应对人才短缺与技能差距。VMware认证通过培训与考试提供可靠保障。... 2025-9-30 14:15:21 | 阅读: 2 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security certified expertise cloud vmug

Microsoft fixes Windows DRM video playback issues for some users 微软表示已部分解决Windows 11 24H2系统在安装8月预览更新后播放受保护视频时出现的黑屏、卡顿等问题。该问题影响Digital TV、Blu-ray/DVD等应用，并可能导致版权保护错误或播放中断。微软通过发布9月预览更新KB5065789修复了部分用户的该问题。... 2025-9-30 14:0:23 | 阅读: 2 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com windows microsoft drm screens redmond

Broadcom fixes high-severity VMware NSX bugs reported by NSA Broadcom修复了VMware NSX中的两个高危漏洞（CVE-2025-41251和CVE-2025-41252），这些漏洞允许未认证攻击者枚举有效用户名并发起暴力攻击或未经授权访问。此前还修复了其他安全问题，并指出VMware产品因企业广泛应用而成为黑客和网络犯罪目标。... 2025-9-30 12:15:24 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security broadcom exploited vcenter

UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure 伦敦警察厅破获史上最大加密货币洗钱案，涉案金额超55亿英镑。嫌疑人Qian Zhimin通过比特币诈骗12.8万名中国受害者，并将赃款转移至英国。警方查获6.1万枚比特币，创下全球单次没收加密货币最高纪录。... 2025-9-29 22:30:29 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com qian seizure met criminal investors

Japan's largest brewer suspends operations due to cyberattack 日本最大啤酒酿造商朝日集团遭遇网络攻击,导致其在日本的订单、运输和客服等业务中断,目前正调查数据泄露情况并努力恢复系统,尚未确定攻击来源及恢复时间。... 2025-9-29 20:45:22 | 阅读: 4 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com asahi japan cyberattack ltd holdings

Ransomware gang sought BBC reporter’s help in hacking media giant 威胁者声称代表Medusa勒索集团，试图用金钱诱惑BBC记者成为内鬼以入侵其系统并索要赎金。... 2025-9-29 17:45:19 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com tidy medusa bbc journalist ransomware

UK govt backs JLR with £1.5 billion loan guarantee after cyberattack 英国政府向捷豹路虎提供15亿英镑贷款担保以恢复其因网络攻击而中断的供应链。该贷款由商业银行提供,政府承担大部分还款风险,为期五年,用于支付供应商并重启生产。此次网络攻击导致捷豹路虎停产,数据被盗,影响英国汽车业及就业。公司正与专家合作逐步恢复运营。... 2025-9-29 16:45:18 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com jlr loan scattered cyberattack

Brave launches 'Ask Brave' feature to fuse AI with traditional search Brave推出新系统Ask Brave，在统一界面整合搜索与AI聊天功能。用户可免费访问，并通过双问号或按钮触发。提供标准和深度研究模式，并注重隐私保护。... 2025-9-29 16:15:18 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com brave answers combines unnecessary

Harrods suffers new data breach exposing 430,000 customer records 英国奢侈品零售商哈罗德因第三方供应商被黑，泄露43万条客户数据，包括姓名和联系方式。此次事件与五月的网络攻击无关。公司已通知受影响客户，并与当局合作应对。... 2025-9-29 14:30:27 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com harrods luxury goods spider branded

OpenAI is routing GPT-4o to safety models when it detects harmful activities GPT-4o有时会将对话转向其他模型以应对敏感话题,这被视为OpenAI的安全措施,但引发了部分用户的不满。... 2025-9-29 12:15:24 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com gpt 4o chatgpt openai

Akira ransomware breaching MFA-protected SonicWall VPN accounts Akira 勒索软件攻击 SonicWall SSL VPN 设备持续升级, 攻击者成功绕过 OTP 多因素认证, 可能通过窃取 OTP 种子实现. 尽管 SonicWall 修复了 CVE-2024-40766 漏洞, 攻击者仍利用先前窃取的凭证入侵企业网络, 快速扫描内部网络并部署恶意软件, 利用恶意驱动绕过安全措施.... 2025-9-28 19:0:23 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com otp seeds wolf akira arctic

EU probes SAP over anti-competitive ERP support practices 欧盟委员会正在调查德国软件公司SAP涉嫌在ERP软件售后服务中滥用市场支配地位的行为。投诉称SAP强制客户购买统一支持服务、阻止与其他供应商混搭、不允许终止未使用许可证支持、延长许可期限并收取高额重新安装费用。这些做法可能限制第三方竞争并给客户带来不公平条件。... 2025-9-28 17:45:20 | 阅读: 4 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com erp software commission competition european

Dutch teens arrested for trying to spy on Europol for Russia 两名17岁荷兰少年涉嫌为俄罗斯从事间谍活动被捕。他们使用WiFi嗅探器在欧警局等机构附近收集信息。荷兰警方根据情报部门提供的线索将两人逮捕。尽管设备用于侦察阶段，但未发现系统被入侵迹象。案件显示俄罗斯对青少年的低级别招募活动升级。... 2025-9-27 20:0:28 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com europol arrested boys security telegraaf