Hacker arrested for breaching 5,000 hosting accounts to mine crypto 乌克兰警方逮捕一名35岁黑客，其入侵国际托管公司5,000个账户并利用服务器资源挖矿，造成450万美元损失。该 hacker 自2018年起活跃，通过开源情报寻找漏洞，并频繁更换居住地以规避追踪。警方在其住所查获计算机设备、手机及银行卡等证据，并对其提起诉讼，面临最高15年监禁。... 2025-6-4 19:45:19 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com police seized charges mine software

Cisco warns of ISE and CCP flaws with public exploit code Cisco发布补丁修复其身份服务引擎（ISE）和客户协作平台（CCP）中的三个漏洞。其中最严重的是 CVE-2025-20286 静态凭证漏洞，在云部署中可能导致凭证共享和未授权访问。其他两个漏洞分别为任意文件上传（CVE-2025-20130）和信息泄露（CVE-2025-20129）。... 2025-6-4 19:30:23 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com ise cloud deployments software

Ukraine claims it hacked Tupolev, Russia’s strategic warplane maker 乌克兰国防部情报总局声称成功入侵俄罗斯图波列夫公司系统，窃取4.4GB机密数据，并破坏其官网。此次行动显示乌克兰持续对俄关键军事机构展开网络攻击。... 2025-6-4 18:15:17 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com tupolev russia gur ministry ukrainian

BidenCash carding market domains seized in international operation 美国执法部门查封了暗网市场BidenCash的多个域名，并将其重定向至特勤局网站。此次行动由美国特勤局和FBI领导，荷兰警方等机构参与，查封了约145个域名及加密货币，涉及金额超1700万美元。该市场自2022年成立以来多次泄露大量信用卡信息，对非法活动造成重大打击。... 2025-6-4 17:15:18 | 阅读: 17 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com bidencash seized shops marketplace usss

FBI warns of NFT airdrop scams targeting Hedera Hashgraph wallets FBI警告称，网络犯罪分子利用Hedera Hashgraph网络上的NFT空投进行诈骗。他们通过发送未经请求的NFT并附带链接至钓鱼网站，窃取用户的敏感信息如密码和恢复短语，导致用户加密货币被盗。... 2025-6-4 16:45:18 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com hashgraph hedera wallets network ledger

Media giant Lee Enterprises says data breach affects 39,000 people 美国报业巨头Lee Enterprises在2025年2月遭遇勒索软件攻击，导致39,779人的个人信息被盗。攻击影响了其系统运行和报纸发行。Qilin勒索团伙声称窃取了大量文件并威胁泄露。... 2025-6-4 14:30:23 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com lee ransomware qilin newspapers claimed

Hacker targets other hackers and gamers with backdoored GitHub code A hacker distributes malicious code on GitHub, including fake game cheats and exploit tools, which contain hidden backdoors. These backdoors allow remote access to infected devices when users compile or run the code. The campaign, discovered by Sophos, involves over 140 repositories and uses automated commits to appear legitimate. The malware includes info stealers and remote access trojans targeting hackers, gamers, and researchers.... 2025-6-4 14:15:22 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com sophos github remote backdoors sakura

Kerberos AS-REP roasting attacks: What you need to know AS-REP烤架攻击利用Active Directory中未启用Kerberos预身份验证的漏洞，通过获取Ticket Granting Ticket（TGT）来破解用户密码。防御措施包括启用预身份验证、监控特定事件日志、实施强密码策略，并使用工具如Specops Password Policy来增强安全性。... 2025-6-4 14:15:21 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com roasting passwords security malicious

Google: Hackers target Salesforce accounts in data extortion attacks Google发现黑客伪装成ShinyHunters团伙，通过钓鱼攻击针对跨国公司员工，利用Salesforce平台漏洞窃取数据，并横向移动至Okta、微软365等云平台。攻击者最终可能以数据泄露为威胁进行勒索。... 2025-6-4 14:15:20 | 阅读: 24 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com salesforce unc6040 victim loader

OpenAI is hopeful GPT-5 will compete a little more OpenAI宣布其下一代基础模型GPT-5即将推出，并希望其在性能上超越现有模型及竞争对手如Gemini 2.5 Pro和Claude 4。尽管仍在开发中且成本尚未确定，但预计将于夏季发布。此外，OpenAI还计划升级现有模型并改进其AI代理功能。... 2025-6-3 21:45:16 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com openai gpt gpts compete referring

Hewlett Packard Enterprise warns of critical StoreOnce auth bypass HPE StoreOnce备份解决方案发现八个安全漏洞，包括一个CVSS评分9.8的认证绕过漏洞和多个远程代码执行问题。所有旧版本受影响，建议升级至4.3.11修复。... 2025-6-3 21:0:22 | 阅读: 21 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com hpe remote storeonce backup

ChatGPT rolls out Memory upgrade for free users ChatGPT的免费账户现支持改进后的记忆功能，可参考过去对话内容。此前该功能仅限付费用户使用。免费版提供短期对话连续性，而付费版可访问更久信息。用户可通过设置关闭记忆或管理存储内容。... 2025-6-3 21:0:21 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com chatgpt memory referencing memories

Coinbase breach tied to bribed TaskUs support agents in India Coinbase数据泄露事件源于外包公司TaskUs的印度客服代表被威胁者贿赂，导致7万名用户敏感信息被盗。事件于2025年1月被发现后，TaskUs立即通知Coinbase并终止涉事员工。Coinbase估计损失达4亿美元，并拒绝支付赎金。... 2025-6-3 17:30:20 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com coinbase taskus client recruited exchange

Malicious RubyGems pose as Fastlane to steal Telegram API data Two malicious RubyGems packages mimicking Fastlane plugins redirect Telegram API requests to attacker-controlled servers, stealing sensitive data like bot tokens and messages. These packages remain active on RubyGems, posing risks to developers using Fastlane for CI/CD automation.... 2025-6-3 16:0:23 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com fastlane proxy gems malicious developers

Microsoft adds quick machine recovery to Windows 11 settings 微软正在测试Windows设置中的快速机器恢复专用页面，提供额外配置选项。该页面位于系统>恢复下，允许用户启用功能、设置检查解决方案频率及重启时间。此更新简化了访问重要功能的过程，帮助设备顺畅运行。目前该功能已向Windows 11 Beta频道 Insider用户推出，并计划扩展至Dev频道。... 2025-6-3 16:0:22 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com windows microsoft machine qmr insiders

Mozilla launches new system to detect Firefox crypto drainer add-ons Mozilla推出新安全功能，检测并阻止恶意Firefox扩展程序，防止其窃取用户加密货币钱包中的资金。... 2025-6-3 14:30:21 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com wallets malicious mozilla security ons

Scattered Spider: Three things the news doesn’t tell you 文章讨论了网络犯罪组织Scattered Spider的攻击手法及其对企业的威胁。该组织主要通过身份盗窃、钓鱼攻击、帮助台诈骗等手段入侵企业系统，尤其针对云服务和多因素认证（MFA）进行绕过。近期对英国零售商Marks & Spencer和Co-op的攻击引发了广泛关注，并揭示了该组织自2022年以来持续使用这些技术进行数据窃取和勒索活动。文章强调了企业需加强身份验证安全措施以应对此类威胁。... 2025-6-3 14:15:19 | 阅读: 23 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com scattered spider desk attacker security

Victoria’s Secret delays earnings release after security incident Victoria's Secret推迟了2025年第一季度财报发布，因5月24日的安全事件导致系统恢复延迟。此次事件影响了公司部分内部系统和门店服务，尽管网站已恢复，但财务数据处理受阻。该事件可能涉及勒索软件攻击。... 2025-6-3 13:30:20 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com victoria fashion restoration earnings quarter

Android malware Crocodilus adds fake contacts to spoof trusted callers 安卓恶意软件Crocodilus最新版本通过添加假联系人欺骗用户，并扩大全球攻击范围。其新增代码打包、XOR加密等技术提升规避能力，并建议用户谨慎下载应用以防范威胁。... 2025-6-3 10:30:20 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com crocodilus fabric victim expanded contacts

Google patches new Chrome zero-day bug exploited in attacks Google修复了Chrome浏览器的零日漏洞CVE-2025-5419，该漏洞由V8引擎中的越界读写问题引起。已发布补丁版本137.0.7151.68/.69（Windows/Mac）和137.0.7151.68（Linux），用户可通过自动更新或手动检查安装。这是今年第三个被利用的Chrome零日漏洞。... 2025-6-3 10:30:19 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com chrome security exploited monday emergency