U.S. CISA adds Langflow flaw to its Known Exploited Vulnerabilities catalog 美国网络安全机构CISA将Langflow工具中的高危代码注入漏洞CVE-2025-3248加入已知被利用漏洞目录。该漏洞允许远程攻击者通过HTTP请求执行任意代码，影响旧版本用户应升级至1.3.0或限制访问。CISA要求联邦机构于2025年5月26日前修复此漏洞以防止网络攻击。... 2025-5-6 13:0:36 | 阅读: 15 | 收藏 | Security Affairs - securityaffairs.com langflow catalog exploited python

Google fixed actively exploited Android flaw CVE-2025-27363 Google修复了46个Android安全漏洞，其中包括一个已被野外攻击利用的高危漏洞CVE-2025-27363（CVSS评分8.1），该漏洞可能导致本地代码执行且无需额外权限或用户交互。... 2025-5-6 10:23:57 | 阅读: 19 | 收藏 | Security Affairs - securityaffairs.com exploited 27363 security freetype bulletin

New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR 研究人员发现一种新方法，通过利用SentinelOne升级漏洞绕过其EDR保护，并部署勒索软件。... 2025-5-6 08:57:20 | 阅读: 18 | 收藏 | Security Affairs - securityaffairs.com stroz friedberg bypass byoi attackers

Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate Resecurity发现名为“熊猫商店”的新型钓鱼工具包，模仿此前的“钓鱼三合会”策略并改进功能。该工具包用于针对Google Wallet和Apple Pay用户实施诈骗，收集信用卡信息和个人身份数据，并拦截交易。犯罪分子利用多种传播手段每日发送大量钓鱼信息，影响范围广泛且造成严重经济损失。... 2025-5-6 06:30:10 | 阅读: 19 | 收藏 | Security Affairs - securityaffairs.com smishing resecurity panda shop triad

Kelly Benefits December data breach impacted over 400,000 individuals Kelly Benefits去年12月的数据泄露事件影响人数从26.4万增至41.3万，泄露信息包括姓名、社会安全号码、医疗和财务数据等，公司正在通知受影响者并继续调查。... 2025-5-5 17:22:11 | 阅读: 15 | 收藏 | Security Affairs - securityaffairs.com kelly maine behalf believed

A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov 黑客入侵以色列公司TeleMessage，窃取其向美国政府销售的Signal、WhatsApp等应用的客户数据，包括直接消息、群聊内容及政府官员和 Coinbase 等机构信息。事件引发对使用修改版应用安全性的担忧。... 2025-5-5 12:6:21 | 阅读: 16 | 收藏 | Security Affairs - securityaffairs.com telemessage officials cbp security stole

Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks MintsLoader是一种恶意软件加载器，通过钓鱼邮件、假浏览器更新和发票文件传播，主要针对能源、法律等行业。它利用混淆的JavaScript和PowerShell脚本分阶段下载恶意软件如GhostWeaver RAT，并通过DGA生成域名和HTTP C2通信进行控制。... 2025-5-5 11:24:21 | 阅读: 12 | 收藏 | Security Affairs - securityaffairs.com mintsloader c2 powershell stage loader

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions Sansec发现一起针对21个Magento扩展的供应链攻击事件，影响500至1000家电商网站，包括一家400亿美元的跨国公司。攻击者入侵Tigren、Magesolution和Meetanshi的服务器，在软件中植入后门以控制客户网站。恶意代码早在6年前注入，近期才被发现。后门通过伪造许可证检查实现远程控制。部分厂商否认被黑或未采取行动应对问题。... 2025-5-5 07:34:37 | 阅读: 42 | 收藏 | Security Affairs - securityaffairs.com sansec backdoored php magento licensefile

US authorities have indicted Black Kingdom ransomware admin 美国起诉一名36岁也门男子涉嫌领导Black Kingdom勒索软件攻击全球1500个微软Exchange服务器，并向企业、学校和医院等受害者索要1万美元比特币赎金。FBI与新西兰警方合作调查此案。... 2025-5-5 00:15:28 | 阅读: 16 | 收藏 | Security Affairs - securityaffairs.com ransomware kingdom exchange ahmed authorities

Malicious Go Modules designed to wipe Linux systems 研究人员发现三个恶意Go模块，隐藏代码可下载有效载荷擦除Linux系统主磁盘使其无法启动。这些模块利用代码混淆和Go生态系统的分散性使开发者难以识别，并在执行时下载破坏性脚本覆盖主磁盘为零导致数据永久丢失。... 2025-5-4 15:9:5 | 阅读: 6 | 收藏 | Security Affairs - securityaffairs.com malicious github destructive developers unbootable

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44 The newsletter highlights various cyber threats and incidents. Notable points include malicious Go modules targeting Linux systems for destruction. Ransomware groups like LockBit and Black Basta continue their attacks on critical infrastructure. Nation-state actors such as Lazarus APT exploit zero-days in Microsoft Exchange for espionage. Supply chain attacks on software vendors like Ivanti and JetBrains TeamCity are prevalent. Additionally, data breaches at major companies like Ticketmaster expose millions of users' data. The shutdown of BreachForums disrupts ransomware operations but underscores ongoing threats. Cybersecurity experts emphasize the need for proactive measures against evolving AI-driven attacks.... 2025-5-4 14:18:11 | 阅读: 12 | 收藏 | Security Affairs - securityaffairs.com exploited ransomware security affairs

Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION 文章概述了多起网络安全事件和威胁活动：勒索软件攻击（如Rhysida、LockBit）影响政府、企业及医疗机构；漏洞（如CISA已知漏洞）被广泛利用；国家支持的网络间谍活动（如俄罗斯APT28、中国UNC3886）针对关键部门；恶意软件（如Hive0117）和技术（如零日漏洞）被滥用；数据泄露（如TikTok罚款5.3亿欧元）频发；关键基础设施面临更多威胁。... 2025-5-4 10:5:53 | 阅读: 25 | 收藏 | Security Affairs - securityaffairs.com exploited ransomware security affairs

Rhysida Ransomware gang claims the hack of the Government of Peru Rhysida 勒索软件团伙声称入侵秘鲁政府的单一数字平台 Gob.pe，并泄露多份文件。该团伙自 2023 年 5 月以来已攻击 182 家公司，涉及教育、医疗等多个行业。FBI 和 CISA 于 12 月发布联合警告提醒警惕其攻击活动。... 2025-5-3 17:12:14 | 阅读: 9 | 收藏 | Security Affairs - securityaffairs.com ransomware rhysida peru claims ttps

DragonForce group claims the theft of data after Co-op cyberattack DragonForce黑客团伙声称对Co-op网络攻击负责，窃取了2000万会员数据并提供证据。Co-op最初否认数据泄露，后承认员工和客户信息被访问。黑客还声称攻击了M&S并试图入侵Harrods。... 2025-5-3 15:38:53 | 阅读: 12 | 收藏 | Security Affairs - securityaffairs.com bbc dragonforce cyberattack membership

U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog 美国网络安全与基础设施安全局（CISA）将Yii框架和Commvault Command Center的高危漏洞加入已知被利用的漏洞目录。这些漏洞可能导致路径遍历和远程代码执行。攻击者已利用这些漏洞进行链式攻击以入侵服务器并上传恶意文件。CISA要求联邦机构在2025年5月23日前修复这些漏洞以防范风险。... 2025-5-3 10:11:31 | 阅读: 18 | 收藏 | Security Affairs - securityaffairs.com yii exploited craft commvault

Ireland’s DPC fined TikTok €530M for sending EU user data to China 爱尔兰数据保护委员会因TikTok将欧盟用户数据转移至中国且缺乏透明度违反GDPR，对其处以5.3亿欧元罚款，并要求其在6个月内整改，否则暂停数据传输至中国。... 2025-5-2 20:14:27 | 阅读: 9 | 收藏 | Security Affairs - securityaffairs.com dpc transfers eea ireland fined

Microsoft sets all new accounts passwordless by default Microsoft宣布新账户默认无密码登录，增强安全性和用户体验，并逐步淘汰传统密码依赖。... 2025-5-2 11:52:5 | 阅读: 25 | 收藏 | Security Affairs - securityaffairs.com microsoft passkey passkeys enroll

Luxury department store Harrods suffered a cyberattack 哈罗德百货遭遇网络攻击，成为一周内第三家遭袭的英国大型零售商。其IT团队采取措施限制互联网访问以保障系统安全，但门店和线上平台仍正常运营。目前尚未透露具体技术细节或数据泄露情况。... 2025-5-2 09:26:7 | 阅读: 9 | 收藏 | Security Affairs - securityaffairs.com harrods cyberattack suffered luxury

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog 美国网络安全机构CISA将SonicWall SMA100设备中的OS命令注入漏洞（CVE-2023-44221）和Apache HTTP Server的输出未正确转义漏洞（CVE-2024-38475）加入已知被利用漏洞目录，并要求联邦机构在2025年5月22日前修复这些漏洞。... 2025-5-2 07:49:40 | 阅读: 4 | 收藏 | Security Affairs - securityaffairs.com 38475 sma100 exploited security

Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations 支持俄罗斯的黑客组织NoName057(16)对荷兰及欧洲多国机构发起大规模DDoS攻击，目标包括公共和私营部门。该组织声称攻击系报复荷兰向乌克兰提供军事援助。... 2025-5-1 23:8:33 | 阅读: 27 | 收藏 | Security Affairs - securityaffairs.com noname057 dutch russia hacktivist italian