相關新聞 | HKCERT

Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts

Call recording app Neon was one of the top-ranked iPhone apps, but was pulled offline after a security bug allowed any logged-in user to access the call recordings and transcripts of any other user.

TechCrunch 2025年09月26日 262 觀看次數

New string of phishing attacks targets Python developers

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password The Python Software Foundation warned users of a new string of phishing attacks using a phony Python Package Index (PyPI) website and asking victims to verify...

The Register 2025年09月25日 530 觀看次數

Microsoft Entra ID flaw allowed hijacking any company's tenant

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. [...]

Bleepingcomputer 2025年09月22日 589 觀看次數

224 Malicious Android Apps on Google Play With 38 Million Downloads Delivering Malicious Payloads

A sophisticated mobile ad fraud operation dubbed “SlopAds” has infiltrated Google Play Store with 224 malicious applications that collectively amassed over 38 million downloads across 228 countries and territories. The campaign represents one of the most extensive mobile fraud schemes discovered to date, utilizing advanced steganography...

Cyber Security News 2025年09月18日 566 觀看次數

FileFix attacks use fake Facebook security alerts to trick victims into running infostealers

Tech evolved from PoC to global campaign in under two months An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader on Windows machines.…

The Register 2025年09月17日 706 觀看次數

Self-propagating worm fuels latest npm supply chain compromise

Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.…

The Register 2025年09月17日 568 觀看次數

Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand

Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and...

The Register 2025年09月12日 498 觀看次數

Akira ransomware crims abusing trifecta of SonicWall security holes for extortion attacks

Patch, turn on MFA, and restrict access to trusted networks…or else Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-...

The Register 2025年09月11日 835 觀看次數

Claude’s new AI file creation feature ships with deep security risks built in

Expert calls security advice "unfairly outsourcing the problem to Anthropic's users."

Ars Technica 2025年09月10日 625 觀看次數

Phishing Empire Runs Undetected on Google, Cloudflare

What's believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years.

Dark Reading 2025年09月05日 986 觀看次數