Crimson Collective hackers target AWS cloud instances for data theft The 'Crimson Collective' threat group has been targeting AWS (Amazon Web Services) cloud env... 2025-10-8 17:45:20 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com collective crimson security rapid7 cloud

Hackers exploit auth bypass in Service Finder WordPress theme Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPre... 2025-10-8 16:0:46 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security wordfence wordpress 5947 attackers

Defend the Target, Not Just the Door: A Modern Plan for Google Workspace 现代工作依赖于多种应用和数据连接器的交互，Salesloft/Drift事件揭示了通过合法OAuth令牌访问敏感数据的风险。攻击者利用第三方集成获取数据，传统安全措施难以防范。解决方案包括加强身份验证、实时检测异常行为以及在内容层面实施多因素认证等多层次防护策略。... 2025-10-8 15:0:36 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security drift cloud attackers salesloft

London police arrests suspects linked to nursery breach, child doxing 伦敦一家连锁幼儿园遭勒索软件攻击，超千名儿童数据被窃并泄露至暗网。黑客试图通过威胁家长进行勒索。英警方逮捕两名17岁嫌疑人，指控其涉嫌敲诈和计算机滥用。... 2025-10-8 15:0:35 | 阅读: 9 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com kido security parents famly london

Salesforce refuses to pay ransom over widespread data theft attacks Salesforce客户遭遇大规模数据盗窃事件，攻击者创建网站试图勒索39家公司并威胁泄露近10亿条数据记录。Salesforce拒绝支付赎金并警告数据可能被公开。此次攻击涉及社会工程学和利用SalesLoft OAuth令牌获取敏感信息。... 2025-10-8 00:30:22 | 阅读: 27 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com salesforce salesloft extort security kering

Docker makes Hardened Images Catalog affordable for small businesses Docker团队宣布开放强化镜像目录无限制访问，提供安全且价格实惠的软件包给初创和SMB企业。用户可通过订阅或30天免费试用获取。... 2025-10-7 22:15:20 | 阅读: 9 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com hardened catalog security unlimited bas

Google won’t fix new ASCII smuggling attack in Gemini Google的Gemini AI被发现存在一种新的ASCII走私攻击漏洞，该攻击利用特殊字符在用户不可见的情况下注入恶意指令，可能导致AI提供虚假信息、改变行为或污染数据。研究人员测试显示Gemini、DeepSeek和Grok易受攻击，而Claude、ChatGPT和微软CoPilot较安全。Google未修复此问题，称其非安全漏洞。... 2025-10-7 21:0:24 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com gemini security firetail llms markopoulos

Google won’t fix ASCII smuggling attacks in Gemini Google的Gemini AI存在ASCII走私攻击漏洞，允许攻击者注入隐藏指令以操控AI行为或污染数据。尽管其他公司如亚马逊已采取措施应对类似问题，但Google拒绝修复此漏洞，认为其不属于安全漏洞范畴。... 2025-10-7 20:45:19 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com gemini security llms firetail markopoulos

DraftKings warns of account breaches in credential stuffing attacks 体育博彩公司DraftKings近期遭受凭据填充攻击，部分客户账户被黑。攻击者获取了有限数据，包括姓名、地址、出生日期等信息。公司要求受影响用户重置密码并启用多重身份验证，并建议用户检查银行账户和信用报告以防万一。此前类似事件曾导致30万美元损失。... 2025-10-7 19:15:18 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com draftkings stuffing security sports attackers

Clop exploited Oracle zero-day for data theft since early August Clop 勒索团伙利用 Oracle EBS 的零日漏洞 CVE-2025-61882 进行数据窃取攻击，该漏洞允许未经身份验证的攻击者远程执行代码。CrowdStrike 报告称自 8 月初起 Clop 利用此漏洞窃取敏感文件，并指出其他威胁集团可能也参与其中。Oracle 已发布补丁修复该漏洞。... 2025-10-7 17:30:21 | 阅读: 25 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com clop security 61882 ebs crowdstrike

North Korean hackers stole over $2 billion in crypto this year 朝鲜黑客于2025年窃取价值约20亿美元的加密资产，创历史新高。这些资金被用于核武器开发。最大案件为Bybit交易所损失14.6亿美元。黑客转向针对个人和员工的社交工程攻击，并采用复杂洗钱策略。... 2025-10-7 17:15:19 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com elliptic north korean blockchain laundering

Electronics giant Avnet confirms breach, says stolen data unreadable Avnet遭遇数据泄露事件，未经授权的人员入侵其EMEA地区使用的内部销售工具相关云存储，窃取了约1.3TB压缩数据（7-12TB原始数据），包含公司运营细节等信息。尽管Avnet称大部分数据无法在没有其专有工具的情况下读取，但黑客展示了部分明文样本。事件未影响全球业务。... 2025-10-7 16:30:21 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com avnet emea security summit simulation

Microsoft kills more Microsoft Account bypasses in Windows 11 Microsoft正在移除允许用户在安装Windows 11时创建本地账户并绕过微软账户要求的方法。此更改旨在确保设备完全配置，并可能在未来正式版本中实施。此前微软已移除BypassNRO脚本，目前仍可通过Registry值绕过网络设置，但未来可能被移除以增强安全。... 2025-10-7 15:45:19 | 阅读: 9 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft windows security bypassnro oobe

Redefining Security Validation with AI-Powered Breach and Attack Simulation 安全团队面临海量威胁情报难以应对的问题。传统BAS方案虽能模拟攻击验证防御，但依赖人工创建新场景耗时费力。AI驱动的BAS可快速将情报转化为模拟攻击，在几分钟内提供防御有效性证据，帮助团队及时应对威胁并优化资源分配。... 2025-10-7 14:45:28 | 阅读: 9 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com bas security simulation picus cisos

Google's new AI bug bounty program pays up to $30,000 for flaws Google推出AI漏洞奖励计划，鼓励研究人员发现并报告其AI系统中的安全漏洞，涵盖Google Search、Gemini Apps等产品，最高奖励3万美元。... 2025-10-7 13:30:25 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security reward vrp bounties simulation

Red Hat data breach escalates as ShinyHunters joins extortion 红帽公司遭遇黑客攻击，ShinyHunters团伙利用被盗数据进行勒索，并泄露客户报告样本。Crimson Collective团伙声称窃取了大量内部数据及800份客户报告。红帽确认其GitLab实例遭入侵，并未回应赎金要求。ShinyHunters与Crimson Collective合作，在其网站上发布威胁，计划于10月10日公开数据。... 2025-10-6 21:15:26 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com extortion crimson claimed collective

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks Storm-1175犯罪集团利用GoAnywhere MFT的高危漏洞CVE-2025-10035进行Medusa勒索攻击。该漏洞由反序列化未信任数据引发，支持远程低复杂度利用。微软确认攻击活动，并建议升级软件版本以防御。... 2025-10-6 18:15:19 | 阅读: 21 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com ransomware microsoft security medusa goanywhere

Microsoft: Running multiple Office apps causes Copilot issues 微软正在调查一个导致Copilot在多个Office应用同时运行时出现问题的bug。该问题由WebView2实例冲突引发，关闭第一个应用可解决。此问题影响Share和Room Finder等功能。微软正努力修复并提供更多细节。... 2025-10-6 17:30:23 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft copilot security pane

Zeroday Cloud hacking contest offers $4.5 million in bounties read file error: read notes: is a directory... 2025-10-6 17:15:20 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com cloud 40k security wiz zeroday

ChatGPT Pulse is coming to the web, but no word on free or Plus roll out OpenAI的ChatGPT Pulse即将登陆网页版，需订阅$200 Pro服务。该工具基于用户聊天记录和应用数据提供个性化更新，并通过视觉卡片展示提醒功能。... 2025-10-6 17:0:22 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com chatgpt pulse security openai summit