University of Pennsylvania confirms new data breach after Oracle hack 宾夕法尼亚大学遭遇数据泄露，攻击者利用Oracle E-Business Suite服务器中的零日漏洞窃取1488人的个人信息。近期多所常春藤盟校也遭类似攻击。Clop勒索团伙涉嫌利用该漏洞进行大规模数据窃取活动。美国国务院悬赏1000万美元追踪相关线索。... 2025-12-2 13:0:26 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com penn ebs clop alumni

Windows 11 KB5070311 update fixes File Explorer freezes, search issues 好的，我现在需要帮用户总结一篇文章的内容，控制在100个字以内。用户给的文章是关于微软发布的KB5070311预览累积更新的，针对Windows 11系统。 首先，我要通读文章，抓住主要信息。文章提到这个更新是可选的预览版，包含49项改进，包括修复文件资源管理器冻结、搜索问题以及任务栏无响应的问题。此外，还提到了一些新功能，比如改进搜索结果菜单、支持更多摄像头效果等。最后提到微软在12月不会发布预览更新，计划在1月恢复。 接下来，我需要将这些信息浓缩到100字以内。要确保涵盖更新的主要内容和关键改进点，同时保持语言简洁明了。 可能会先列出关键点：KB5070311更新、修复的问题、新增功能、发布计划调整。然后将这些点连贯地组织起来。 最后检查字数是否符合要求，并确保没有遗漏重要信息。 </think> 微软发布了Windows 11的KB5070311预览累积更新，修复了文件资源管理器冻结、搜索问题及任务栏无响应等49项改进。该可选更新不含安全补丁，并新增搜索结果菜单滚动条和更多摄像头支持等功能。微软计划暂停12月的预览更新发布。... 2025-12-2 11:30:22 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security windows kb5070311 microsoft monthly

Glassworm malware returns in third wave of malicious VS Code packages Glassworm恶意软件通过伪装成合法VS Code扩展，在OpenVSX和微软Visual Studio Marketplace平台上分发。其第三波攻击新增24个恶意包，利用不可见Unicode字符隐藏代码，并窃取开发者账户及钱包数据。攻击者通过提升下载量和操控搜索结果来增强可信度。该恶意软件已进化为使用Rust植入程序，并持续绕过平台防御机制。... 2025-12-1 21:15:23 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com vscode openvsx annex glassworm vsce

SmartTube YouTube app for Android TV breached to push malicious update 好的，我现在需要帮用户总结一篇文章的内容，控制在100个字以内，并且直接写描述，不需要开头。首先，我得仔细阅读文章内容，抓住关键点。 文章讲的是SmartTube这个开源的YouTube客户端被攻击了。攻击者获取了开发者的签名密钥，导致恶意更新被推送给了用户。Play Protect检测到问题并警告用户。开发者Yuriy Yuliskov承认密钥被泄露，导致恶意软件注入应用。他撤销了旧签名，并计划发布新版本，但新版本还没到GitHub。用户发现注入了一个隐藏的库libalphasdk.so，可能用于收集设备信息和远程控制。虽然目前没发现恶意行为，但风险很高。开发者还没详细说明事件经过，导致信任问题。建议用户使用旧版本，并更改密码。 现在要总结这些内容，控制在100字以内。我需要涵盖攻击事件、影响、开发者应对措施以及建议。 可能的结构：SmartTube因开发者密钥泄露被攻击，恶意软件注入应用，导致安全风险。Play Protect检测到问题。开发者撤销签名并计划发布新版本，但未公开详细信息。建议用户使用旧版本并更改密码。 检查字数是否在限制内，并确保信息准确。 </think> SmartTube开源YouTube客户端因开发者签名密钥泄露遭攻击，恶意软件注入应用引发安全风险。Play Protect检测到异常后警告用户。开发者撤销旧签名并计划发布新版本以应对问题，但未公开详细信息。建议用户使用已知安全的旧版本，并采取额外安全措施以防范潜在风险。... 2025-12-1 19:0:27 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com smarttube developer yuliskov library pushed

Microsoft says new Outlook can't open some Excel attachments Microsoft正在解决新Outlook客户端中Excel附件无法打开的问题，该问题由文件名编码错误引发，并已影响Exchange Online客户。修复已部署但尚未完全生效，建议用户使用网页版或下载文件。此为近期多次修复服务中断的一部分。... 2025-12-1 17:45:20 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft client windows crash addressed

Retail giant Coupang suffers data breach impacting 33.7 million people Coupang遭遇数据泄露事件, 3370万用户个人信息外泄, 包括姓名、电话号码等, 但支付信息未受影响。事件于6月24日发生, 11月18日被发现, 公司已向当局报告并通知用户警惕诈骗。据称前员工利用访问令牌窃取数据, 但尚未证实。... 2025-12-1 16:30:28 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com coupang korean korea retail warned

When Hackers Wear Suits: Protecting Your Team from Insider Cyber Threats Written by Erin Bortz, Manager of Global Sales and Corporate Recruiting at HuntressIn the... 2025-12-1 15:45:19 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security remote hiring interviews insider

ShadyPanda browser extensions amass 4.3M installs in malicious campaign A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installa... 2025-12-1 15:15:19 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com koi security malicious shadypanda microsoft

Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic Google is facing backlash on X after a viral post for its NotebookLM appeared to use a food... 2025-12-1 12:30:21 | 阅读: 4 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com recipe hake answers notebooklm stuffing

Police takes down Cryptomixer cryptocurrency mixing service 瑞士和德国执法机构联合打击加密货币混合服务Cryptomixer，该平台自2016年以来涉嫌协助洗钱超13亿欧元比特币。行动期间查获三台服务器、12TB数据及价值2400万欧元比特币，并指出该平台用于隐藏非法资金来源。... 2025-12-1 09:15:20 | 阅读: 1 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com mixing cryptomixer launder criminal mixers

Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison A 44-year-old man was sentenced to seven years and four months in prison for operating an “... 2025-11-28 18:30:20 | 阅读: 3 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com counts airports australian afp cheat

Microsoft: Windows updates make password login option invisible Microsoft warned users that Windows 11 updates released since August may cause the password... 2025-11-28 18:15:20 | 阅读: 3 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com windows microsoft security kb5064081 cheat

Public GitLab repositories exposed more than 17,000 secrets After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer dis... 2025-11-28 17:45:20 | 阅读: 3 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com gitlab marshall security cloud repository

French Football Federation discloses data breach after cyberattack The French Football Federation (FFF) disclosed a data breach on Friday after attackers used... 2025-11-28 16:15:19 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com fff football french security passwords

GreyNoise launches free scanner to check if you're part of a botnet GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if... 2025-11-28 13:30:25 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com malicious network greynoise 2026 leaders

Malicious LLMs empower inexperienced hackers with advanced tools Unrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their... 2025-11-28 13:30:24 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com wormgpt phishing kawaiigpt llms attackers

OpenAI discloses API customer data breach via Mixpanel vendor hack OpenAI is notifying some ChatGPT API customers that limited identifying information was exp... 2025-11-27 11:30:22 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com openai mixpanel passwords notifying chatgpt

New ShadowV2 botnet malware used AWS outage as a test opportunity A new Mirai-based botnet malware named ‘ShadowV2’ has been observed targeting IoT devices f... 2025-11-26 22:30:25 | 阅读: 9 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com shadowv2 security firmware fortiguard mcp

NordVPN Black Friday Deal: Unlock 77% off VPN plans in 2025 Want one of the best VPN discounts of 2025? This NordVPN Black Friday deal gives you the faste... 2025-11-26 20:15:21 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com nordvpn friday security nord discount

Popular Forge library gets fix for signature verification bypass flaw A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, cou... 2025-11-26 19:45:19 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com forge library bypass security developers