Aggregator

Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA

A sophisticated macOS infostealer known as MioLab — also tracked as Nova — has emerged as one of the most advanced Malware-as-a-Service (MaaS) platforms targeting Apple users. Advertised on Russian-speaking underground forums, MioLab marks a shift in the threat landscape, proving macOS is no longer a low-risk target. As Apple’s market share grows among software […]

The post MacOS Stealer MioLab Adds ClickFix Delivery, Wallet Theft and Team API Tools appeared first on Cyber Security News.

2025 强网杯和强网拟态部分题解 by ourren

更多最新文章，请访问SecWiki

Alleged Breach of Allopneus Exposes 453K Customers and 739K Records From France's Leading Online Tire Retailer Spanning 2014 to 2026

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.

CECbot是一款此前未被记录的、针对安卓电视盒的DDoS僵尸网络，是同运营者旗下Katana僵尸网络的继任者，二者共享基础设施但无任何代码重叠。 它以原生安卓应用而非传统Mirai类ELF二进制文件构建，采用Signal、WireGuard同款的Curve25519+Ed25519+ChaCha20-Poly1305加密体系保护C2通信，实现了9层持久化机制，内置11种DDoS攻击方式，支持HTTP/2与动态TLS。 这是目前已知首个在野武器化HDMI消费电子控制协议（CEC）的恶意软件，可让攻击者完全控制HDMI总线，包括让连接的电视休眠； 可通过自动化子网扫描与ARP关联映射受害设备所在的内网，将被攻陷的电视盒变为本地网络的侦察平台。 CECbot与Nokia长期跟踪的Katana僵尸网络（Mirai变种，至少3万肉鸡，峰值攻击流量达150Gbps）为同一运营者，核心关联证据包括： 全场景DDoS攻击：内置11种攻击模块，覆盖UDP、TCP、HTTP/HTTPS全场景，核心升级包括完整的HTTP/HTTPS七层攻击，支持HTTP/2、动态加载系统TLS库，可生成8种主流浏览器的真实指纹、内置660+合法Referer地址，同时覆盖游戏流量洪泛、TCP连接攻击、SYN洪泛、多协议攻击等场景。 住宅代理能力：可作为住宅代理节点使用，支持标准SOCKS5代理与NAT环境可用的反向代理，支持按IP地理路由流量，架构与商业住宅代理SDK完全一致。 检测到安卓电视设备后，会执行启动器劫持（替换默认桌面，用户仅能看到黑屏）、SELinux绕过、OTA更新破坏（禁用6家芯片厂商的OTA服务，永久屏蔽固件升级）、安装包验证绕过等操作，实现对设备的完全控制。 CEC是HDMI接口内置的消费电子控制协议，可让连接设备互相发送开关机、切输入、调音量等控制指令，几乎所有近15年生产的电视都支持该协议。CECbot是首个有公开记录的在野利用该协议的恶意软件。 可以同时发送安卓电源键与CEC待机指令，让连接的电视休眠。 扫描HDMI总线上的所有连接设备，确认电视是否在线 可发送原生CEC指令，实现唤醒电视、劫持HDMI输入、在电视屏幕显示文字、模拟遥控器按键、控制音响等所有能力。 获取屏幕DPI、刷新率、HDR能力等信息。 该能力配合启动器劫持，可让用户误以为电视处于关机状态，大幅延迟恶意程序被发现的时间。 该能力可将被攻陷的电视盒变为内网渗透的支点，不仅针对家庭网络，在医院、企业等办公环境中风险极高。 细节: https://github.com/deepfield/public-research/blob/main/cecbot/report.md

High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024

Госдума готовит поправки об отключении международных вызовов для абонентов старше 60 лет.

四川警察学院联合成都欧深特信息科技有限公司在成都校区（成都市双流区黄水镇云岭路36号）举办开源情报分析师实战能力培训班，第2期培训班定于2026年4月26日至5月1日举行。

2026年3月9日锡特拉岛马哈扎地区发生爆炸，造成数十名平民受伤和房屋损毁。根据商业卫星图像，结合网上视频拍摄的导弹飞行轨迹，可找到美国爱国者导弹发射阵地，该阵地距离在里法拍摄导弹飞行视频的地点不到半英里。

A semiconductor testing company warned regulators that its subsidiary in Singapore suffered a ransomware attack earlier this month.

Alleged Breach of Chile's Servicio Civil Platform Exposes 110K Public Servant Records With Full Names and User IDs

OnlyFans 所有者 Leonid Radvinsky 去世，年仅 43 岁。Radvinsky 出生于乌克兰，在芝加哥长大，毕业于西北大学，获得经济学学位，最近主要住在佛罗里达。他于 2018 年从两位英国创始人手中收购了 OnlyFans。新冠疫情期间 OnlyFans 人气飙升，三年后他荣登福布斯年度亿万富翁排行榜。OnlyFans 在一份声明中证实，Radvinsky“在与癌症长期斗争后安详离世”，请求外界尊重其家人的隐私。根据 OnlyFans 最近向英国公司登记局提交的文件，2024 年该公司交易额逾 70 亿英镑，收入 14 亿美元，有逾 3.77 亿订阅用户以及 460 万内容创作者。

New research from LevelBlue reveals how a suspected North Korean operative landed a remote IT role to fund national weapons programmes.

根据发表在《Environmental Pollution》期刊上的一项研究，巴西巴拉那联邦大学生物学家检测了生活在巴哈马群岛 Eleuthera 岛附近的 85 条鲨鱼的血液样本，发现近三分之一的样本含有与人类活动相关的毒品和药物痕迹。科学家从鲨鱼体内检测出咖啡因、对乙酰氨基酚和双氯芬酸等抗炎药，至少一个样本检测到了可卡因。这一发现进一步证实海洋生态系统正受到人类活动相关污染物的影响。可卡因和双氯芬酸此前从未在巴哈马群岛鲨鱼体内发现。可卡因可能来自毒品走私活动中丢失或丢弃的毒品，药物则可能是通过废水排放进入海洋。

Enterprises are moving toward post-quantum security at uneven speeds, and the gap between organizations that have built crypto-agility into their infrastructure and those that have adopted the label without the underlying capability is widening. Dr. Tan Teik Guan, CEO of Singapore-based cybersecurity company pQCee, draws a sharp line between the two. Crypto-agility, in his view, requires more than support for multiple algorithms or protocol-level negotiation. It demands the ability to respond with appropriate cryptographic defenses … More →

The post Quantum threats are already active and the defense response remains fragmented appeared first on Help Net Security.

A phishing campaign targeting healthcare, government, hospitality, and education sectors in various countries uses several evasion techniques to avoid detection.

Alleged Breach of Airsoft-Entrepot Exposes 333K Customer Records, Orders, Invoices, and B2B Data From French Retailer Spanning 2013 to 2026