Aggregator

Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]

These are the top threats you should know about this week.

This article was created in collaboration with Wondershare.

Мы десятилетиями считали колебания атомов помехой для квантовых технологий — оказалось, это был ресурс.

Apache Camel JMS 反序列化(CVE-2026-40860)漏洞分析漏洞概述Apache Camel 的核心目标是把各种不同的系统、协议和数据格式“粘合”在一起。它实现了著名的企业集成模式（Enterprise Integration Patterns, EIP），比如拆分消息、聚合消息、动态路由等。受影响版本中，JmsBinding.extractBodyFromJms() 方法在

A threat actor using the alias ChimeraZ claims to be leaking a partial database of Capifrance (capifrance.fr), a French network of independent real-estate agents.

ReversingLabs reveals how hackers exploit social media engagement metrics to deliver Vidar infostealer malware to thousands of unsuspecting users.

从initramfs到系统恢复

THM-RazorBlack-writeup

在某次攻防下遇到的edr环境,对其进行挖掘,发现可以滥用的程序

AI For Security：AI在云产品安全建设中能做什么？

Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online, luring them into downloading malware-laced files that secretly mine cryptocurrency using their own GPU. The attackers have built a network of more than 150 fake download sites that closely mimic trusted […]

The post Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency appeared first on Cyber Security News.

在内网攻防对抗中，攻击者常利用 SMB、WinRM 等合法管理协议进行横向移动，并通过 SMB3 和 RDP 等协议的加密特性隐藏恶意行为，给应急响应与威胁溯源带来了巨大挑战。本文以2026软件系统安全赛中的典型内网横向移动流量分析赛题为分析对象，详细梳理了攻击链的完整还原过程。首先，从网络流量中提取 NetNTLMv2 响应并离线破解以获取明文凭据；随后，利用该凭据解密 WinRM 会话，识别并