相關新聞 | HKCERT

Microsoft Teams to Enforce Messaging Safety Defaults Starting January 2026

Microsoft is strengthening the security posture of enterprise collaboration by automatically enabling critical messaging safety features in Microsoft Teams. According to a new administrative update, the company will switch several protective settings to “On” by default starting January 12, 2026, affecting tenants who rely...

Cyber Security News 2025年12月24日 397 觀看次數

Poisoned WhatsApp API package steals messages and accounts

And it's especially dangerous because the code works A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals messages, harvests credentials and contacts, and hijacks users' WhatsApp accounts.…

The Register 2025年12月23日 422 觀看次數

100+ Cisco Secure Email Devices Exposed to Zero‑Day Exploited in the Wild

Security researchers have identified at least 120 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager devices vulnerable to a critical zero-day flaw that attackers are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-20393, currently has no...

Cyber Security News 2025年12月21日 353 觀看次數

Amazon: Ongoing cryptomining campaign uses hacked AWS accounts

Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM)....

Bleepingcomputer 2025年12月18日 506 觀看次數

Sonicwall warns of new SMA1000 zero-day exploited in attacks

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges....

Bleepingcomputer 2025年12月18日 502 觀看次數

ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices

Since December 2025, a concerning trend has emerged across Japanese organizations as attackers exploit a critical vulnerability in React/Next.js applications. The vulnerability, tracked as CVE-2025-55182 and known as React2Shell, represents a remote code execution flaw attracting widespread exploitation...

Cyber Security News 2025年12月16日 492 觀看次數

New DroidLock malware locks Android devices and demands a ransom

A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. [...]

Bleepingcomputer 2025年12月11日 836 觀看次數

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild...

The Hacker News 2025年12月09日 707 觀看次數

Ransomware gangs turn to Shanya EXE packer to hide EDR killers

Multiple ransomware gangs are using a packer-as-a-service platform named Shanya to help them deploy payloads that disable endpoint detection and response solutions on victim systems...

Bleepingcomputer 2025年12月09日 854 觀看次數

Scammers are poisoning AI search results to steer you straight into their traps - here's how

AI tools like Google AI Overview and Perplexity Comet are being tricked into suggesting scam support numbers.

ZDnet 2025年12月09日 662 觀看次數