unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
Ivanti warns of critical Neurons for ITSM auth bypass flaw
Ivanti发布安全更新修复Neurons for ITSM中的严重认证绕过漏洞(CVE-2025-22462),影响特定版本的on-premises系统。建议限制IP和域名访问或配置DMZ以降低风险。同时修复Cloud Services Appliance中的默认凭据漏洞(CVE-2025-22460),需重新安装或采取缓解措施。近期还修补了其他安全问题。...
2025-5-13 16:0:20 | 阅读: 14 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
security
ivanti
exploited
cloud
neurons
New Intel CPU flaws leak sensitive data from privileged memory
英特尔现代CPU存在新漏洞(CVE-2024-45332),允许攻击者从特权内存区域泄露敏感数据如密码和密钥。该漏洞利用分支预测器竞态条件绕过Spectre v2缓解措施,在Ubuntu上成功读取系统文件。影响第九代及以后的英特尔处理器。英特尔已发布微代码更新缓解问题。...
2025-5-13 15:30:27 | 阅读: 13 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
lake
zurich
45332
predictor
hardware
M&S says customer data stolen in cyberattack, forces password resets
Marks and Spencer (M&S) suffered a cyberattack on April 22, 2025, involving DragonForce ransomware and Scattered Spider tactics, encrypting VMware servers and stealing customer data including names, addresses, phone numbers, birthdates, order history, and masked payment details. The attack disrupted operations in 1,400 stores and halted online orders. M&S CEO Stuart Machin confirmed the breach, reassuring customers that no usable payment details were stolen but urging password resets for account holders. Sparks offers are paused, and updates will follow....
2025-5-13 13:45:17 | 阅读: 10 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
ransomware
retailer
spencer
machin
marks
ASUS DriverHub flaw let malicious sites run commands with admin rights
ASUS DriverHub存在严重漏洞,允许恶意网站通过伪造来源头远程执行代码。该软件未严格验证请求来源,并允许下载和运行.exe文件。攻击者可诱导用户访问恶意网站触发漏洞。ASUS已修复该问题并建议用户更新软件以防范风险。...
2025-5-12 21:30:19 | 阅读: 9 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
asus
driverhub
software
mrbruh
malicious
Windows 11 upgrade block lifted after Safe Exam Browser fix
微软移除了阻止部分Safe Exam Browser用户安装Windows 11 2024更新的兼容性限制,并建议用户升级到最新版本以解决潜在问题。Windows 11 24H2已开始向所有兼容设备推出,但仍有一些PC因硬件或软件不兼容而被限制升级。...
2025-5-12 20:45:20 | 阅读: 10 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
windows
24h2
microsoft
pcs
software
Hackers now testing ClickFix attacks against Linux targets
这篇文章介绍了最新的网络安全威胁——ClickFix 攻击正在针对 Windows 和 Linux 系统展开行动。该技术利用虚假的验证系统或应用程序错误来欺骗访问者运行安装恶意软件的控制台命令。最近的活动显示这种社会工程学策略已扩展至 Linux 用户,并且有迹象表明 APT36 威胁集团正在测试其有效性以进一步扩大其影响范围。...
2025-5-12 18:15:18 | 阅读: 12 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
windows
clickfix
hunt
malicious
redirected
Output Messenger flaw exploited as zero-day in espionage attacks
土耳其支持的网络间谍组织Marbled Dust利用零日漏洞CVE-2025-27920攻击Output Messenger用户,目标为伊拉克库尔德军事相关人士。该漏洞允许攻击者访问敏感文件或部署恶意软件。微软分析显示,黑客通过入侵服务器窃取数据、控制内部系统并扰乱运营。此攻击表明Marbled Dust技术能力提升,并可能扩大目标范围。...
2025-5-12 17:45:18 | 阅读: 8 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
marbled
dust
microsoft
messenger
attackers
Moldova arrests suspect linked to DoppelPaymer ransomware attacks
摩尔多瓦当局逮捕一名涉嫌参与DoppelPaymer勒索软件攻击的男子,该攻击导致荷兰组织损失约450万欧元。警方查获大量电子设备和资金,并申请将其引渡至荷兰。...
2025-5-12 15:30:22 | 阅读: 9 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
ransomware
suspect
nwo
moldovan
Google to pay $1.375 billion to settle Texas data privacy violations
Google与德州达成13.75亿美元和解协议,因其被指控未经同意收集数百万德州居民的生物识别数据用于广告追踪。这是全国针对Google的最大数据隐私违规和解金额。...
2025-5-12 15:15:51 | 阅读: 23 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
settlement
paxton
texas
collecting
biometric
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals
浏览器扩展在企业中广泛使用但存在严重安全风险。53%的扩展拥有高权限访问敏感数据;54%来自匿名发布者;51%未更新超一年。LayerX建议审计和分类扩展以降低风险。...
2025-5-12 14:45:17 | 阅读: 8 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
security
analysis
genai
outdated
layerx
Bluetooth 6.1 enhances privacy with randomized RPA timing
蓝牙6.1版本发布,提升了设备隐私和功耗效率。通过随机更新可解析私有地址(RPA),防止第三方追踪;芯片自主处理RPA更新以节省电量。新功能预计将在2026年左右逐步应用于硬件和固件中。...
2025-5-11 16:0:21 | 阅读: 8 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
rpa
randomized
randomizing
chip
iClicker hack targeted students with malware via fake CAPTCHA
iClicker网站遭遇ClickFix攻击,黑客利用假CAPTCHA诱导用户安装恶意软件。该平台被广泛用于高校教学管理。攻击导致部分用户设备感染恶意软件,可能窃取敏感信息和凭证。建议受影响用户更换密码并使用密码管理器加强防护。...
2025-5-11 15:30:20 | 阅读: 7 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
iclicker
captcha
powershell
clickfix
security
ChatGPT is finally adding Download as PDF for Deep Research
ChatGPT的Deep Research功能支持多步骤复杂任务研究,并生成综合报告。用户可通过新推出的"下载为PDF"选项保留格式,避免复制时的排版问题。此外,OpenAI还推出GitHub连接器以增强研究功能。...
2025-5-11 15:30:19 | 阅读: 6 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
chatgpt
formatting
rolling
download
openai
Fake AI video generators drop new Noodlophile infostealer malware
网络犯罪分子利用AI视频生成工具传播恶意软件Noodlophile,伪装成合法工具诱导用户上传文件并窃取浏览器数据和加密货币钱包信息。该恶意软件通过Telegram传输数据,并在某些情况下捆绑远程访问木马以增强攻击能力。...
2025-5-10 15:45:18 | 阅读: 7 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
morphisec
noodlophile
stealer
mp4
remote
Microsoft Teams will soon block screen capture during meetings
Microsoft正在开发Teams新功能以防止截屏敏感信息,并计划于2025年7月在全球范围内推出该功能。此外,公司还宣布了其他更新,包括屏幕权限管理、互动式BizChat/Copilot Studio代理以及音频概述生成功能,并提到Teams已拥有超过3.2亿月活跃用户。...
2025-5-10 15:45:17 | 阅读: 8 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
meetings
microsoft
copilot
transcribed
overviews
Ascension says recent data breach affects over 430,000 patients
美国大型医疗系统阿森松发生数据泄露事件,超43万名患者个人信息及医疗记录遭窃。泄露信息包括姓名、地址、社会安全号码等敏感数据。此次事件源于前业务伙伴使用的第三方软件漏洞被利用。阿森松已提供两年免费身份监控服务,并确认此次事件可能与Clop勒索软件攻击相关。...
2025-5-9 19:0:35 | 阅读: 7 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
ascension
healthcare
security
ransomware
patients
Police dismantles botnet selling hacked routers as residential proxies
执法机构摧毁了一个持续20年的僵尸网络,该网络通过感染全球数千台旧无线路由器建立Anyproxy和5socks两个非法代理服务。四名嫌疑人被起诉,涉及运营和获利。该网络利用恶意软件控制设备并将其作为代理服务器出售,用于广告欺诈、DDoS攻击等非法活动。...
2025-5-9 18:0:32 | 阅读: 7 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
routers
proxies
anyproxy
residential
5socks
Google Chrome to use on-device AI to detect tech support scams
Google在Chrome浏览器中新增安全功能,利用内置Gemini Nano大语言模型实时检测技术支持诈骗。该功能通过分析网页识别虚假警告或全屏锁定等信号,并在检测到威胁时向用户发出警告。该系统运行于设备本地以保护隐私,并计划在未来扩展至更多诈骗类型及移动端。...
2025-5-9 18:0:31 | 阅读: 7 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
chrome
llm
security
enhanced
gemini
Chinese hackers behind attacks targeting SAP NetWeaver servers
SAP NetWeaver曝高危漏洞CVE-2025-31324,允许未认证攻击者上传恶意文件并远程控制服务器。该漏洞已被中国黑客组织利用进行零日攻击,涉及多个云服务提供商IP地址及中文工具。尽管SAP已发布紧急补丁,仍有大量服务器暴露在线且遭入侵。CISA已将此漏洞加入已知被利用列表,并要求联邦机构限期修复。...
2025-5-9 16:30:34 | 阅读: 16 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
netweaver
31324
cloud
security
forescout
Germany takes down eXch cryptocurrency exchange, seizes servers
德国联邦警察查封涉嫌洗钱的加密货币交易所eXch,查获价值3800万美元的数字资产及8TB数据。该平台未遵守反洗钱规定,涉嫌处理超19亿美元非法资金,并与Bybit交易所被黑客盗取的资金有关。...
2025-5-9 15:15:26 | 阅读: 6 |
收藏
|
Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com
bka
exch
laundering
seized
shut
Previous
12
13
14
15
16
17
18
19
Next