Aggregator

攻击者通过鱼叉邮件传播VBS脚本，最终投递远控木马AsyncRAT，实现键盘记录、凭证窃取与远程控制。

二者的区别仅在于macOS与Windows系统（PowerShell、命令提示符）下的安装指令，伪造指令会从攻击者控制的服务器端下载恶意程序。

Exploits remain the leading entry point for attackers for the sixth consecutive year, according to Mandiant’s M-Trends 2026 report, which draws on more than 500,000 hours of incident response work conducted in 2025. The data shows attackers speeding up their internal hand-offs, shifting away from email phishing, and targeting backup and virtualization infrastructure with greater precision. Initial infection vector 2025 (Source: Mandiant) Voice phishing surges as email phishing continues to decline Voice phishing climbed to … More →

The post Attackers are handing off access in 22 seconds, Mandiant finds appeared first on Help Net Security.

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user

好的，用户让我总结一篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”之类的开头。首先，我需要通读整篇文章，抓住主要信息。 文章讲的是Citrix发布了安全更新，修复了NetScaler ADC和Gateway中的两个漏洞。一个是CVE-2026-3055，CVSS评分9.3，属于严重漏洞，可能导致内存溢出读取，进而泄露敏感数据。另一个是CVE-2026-4368，评分7.7，涉及竞态条件导致用户会话混乱。 接下来，Rapid7指出CVE-2026-3055可以让未认证的远程攻击者读取内存中的敏感信息。但只有当设备配置为SAML身份提供商时才受影响，默认配置没问题。而CVE-2026-4368则需要设备作为网关或AAA服务器。 漏洞影响了多个版本的NetScaler产品，建议用户尽快更新。虽然目前没有被利用的证据，但过去Citrix设备曾多次被攻击者利用，所以这次也需要重视。 最后，专家警告说这个漏洞类似于之前的Citrix Bleed事件，可能很快被利用，必须立即修补。 总结的时候要简洁明了，涵盖漏洞名称、影响、配置要求和建议措施。控制在100字以内。 Citrix修复了NetScaler ADC和Gateway中的两个安全漏洞：CVE-2026-3055（CVSS 9.3）可能导致内存溢出读取敏感数据；CVE-2026-4368（CVSS 7.7）可能导致用户会话混乱。前者需设备配置为SAML身份提供商，默认配置不受影响；后者需设备作为网关或AAA服务器。建议用户尽快更新以防范潜在攻击。

A vulnerability was found in Google Chrome. It has been classified as problematic. This impacts an unknown function of the component CSS. Performing a manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-4674. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Google Chrome. Impacted is an unknown function of the component WebAudio. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-4673. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Chrome. This vulnerability affects unknown code of the component FedCM. The manipulation leads to use after free. This vulnerability is traded as CVE-2026-4680. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Saleor up to 3.1.1. The impacted element is an unknown function. Executing a manipulation can lead to improper authorization. This vulnerability is handled as CVE-2022-0932. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Apache POI up to 5.2.0. Affected by this issue is some unknown functionality of the component HMEF. Performing a manipulation results in allocation of resources. This vulnerability is reported as CVE-2022-26336. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical was found in Oracle JD Edwards EnterpriseOne Tools up to 9.2.7. The impacted element is an unknown function of the component Web Runtime SEC. Executing a manipulation can lead to denial of service. The identification of this vulnerability is CVE-2022-26336. The attack can only be executed locally. There is no exploit available.

根据发表在《Nature Microbiology》期刊上的一项研究，研究人员利用 116 个国家的临床数据分析研究发现，干旱条件可能会增加土壤中天然抗生素的浓度，促进耐抗生素微生物生长。土壤是自然抗生素化合物的丰富来源，许多土壤微生物则演化出了应对这些物质的生存机制。目前还不清楚气候变化导致的更频繁持久的干旱，会如何影响产生抗生素和耐抗生素的土壤微生物，也不清楚这对人类健康是否有影响。加州理工的研究人员结合计算分析和实验室实验，研究了干旱如何影响土壤中抗生素的动态变化。他们整合了来自此前研究的 5 组宏基因组数据集，包括来自美国加利福尼亚州的耕地和草地土壤、瑞士瓦莱州森林的土壤以及中国南昌湿地的土壤，并评估了微生物产抗生素和耐抗生素的基因数量，是如何基于土壤的干燥程度变化。他们发现，在所有5个数据集中，干旱条件下，产抗生素基因丰度显著增加，包括β-内酰胺类抗生素(如青霉素)和大环内酯类抗生素。

嗯，用户让我总结一下这篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我需要通读整篇文章，抓住主要信息。 文章讲的是伊朗政府支持的网络攻击活动，他们利用Telegram作为命令控制中心来部署恶意软件。目标是伊朗的反对者、记者等。攻击手段包括社会工程学，诱骗受害者下载伪装成合法应用的文件。一旦感染，恶意软件就能远程控制设备，收集数据并通过Telegram传输。 接下来，我需要把这些要点浓缩到100字以内。要确保涵盖攻击者、目标、方法和影响。同时，语言要简洁明了，避免复杂的术语。 最后，检查一下是否符合用户的要求：中文总结，不使用特定开头，控制在100字内。确保没有遗漏关键信息。 伊朗政府支持的网络攻击活动利用Telegram平台部署恶意软件，针对伊朗反对者和记者。攻击者通过伪装可信联系或技术支援诱骗受害者下载伪装成合法应用的文件。一旦感染设备，恶意软件通过Telegram建立持久控制，并收集屏幕、音频等敏感数据。此活动结合社会工程学和精准目标定位，展现了国家支持的网络间谍战术演变。

Владельцы техники даже не подозревали о тайной жизни своих устройств.

A vulnerability was found in DedeCMS up to 5.7.118. It has been declared as critical. The affected element is the function array_filter. Executing a manipulation can lead to code injection. This vulnerability is tracked as CVE-2026-30694. The attack can be launched remotely. No exploit exists.

A vulnerability described as critical has been identified in OpenEMR up to 8.0.0.2. Affected by this issue is some unknown functionality of the component DICOM Export. Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2026-25928. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in OpenEMR up to 8.0.0.2. This affects an unknown part of the component Backup Handler. The manipulation leads to os command injection. This vulnerability is traded as CVE-2026-32238. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OpenEMR up to 8.0.0.2. This issue affects some unknown processing of the component Encounter Vitals API. This manipulation causes authorization bypass. This vulnerability is handled as CVE-2026-25744. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in OpenEMR up to 8.0.0.2 and classified as problematic. The affected element is an unknown function of the file library/js/SearchHighlight.js of the component Custom Report Page. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-32119. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as problematic was found in wolfSSL up to 5.8.x on RISC-V. This vulnerability affects the function __muldi3. The manipulation results in information exposure through discrepancy. This vulnerability is known as CVE-2026-3579. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.