相關新聞 | HKCERT

New AI Malware PoC Reliably Evades Microsoft Defender

Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.

Dark Reading 2025年07月10日 211 觀看次數

Someone used AI to impersonate a secretary of state - how to make sure you're not next

An identity protection expert shares tips on protecting yourself from AI scams.

ZDnet 2025年07月10日 150 觀看次數

M&S confirms social engineering led to massive ransomware attack

M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. [...]

Bleepingcomputer 2025年07月09日 279 觀看次數

Massive spike in use of .es domains for phishing abuse

¡Cuidado! Time to double-check before entering your Microsoft creds Cybersecurity experts are reporting a 19x increase in malicious campaigns being launched from .es domains, making it the third most common, behind only .com and .ru.…

The Register 2025年07月05日 190 觀看次數

Provider of covert surveillance app spills passwords for 62,000 users

Creators say app is intended for parental monitoring. So why the emphasis on stealth?

Ars Technica 2025年07月04日 139 觀看次數

Cisco warns that Unified CM has hardcoded root SSH credentials

Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges.

Bleeping Computer 2025年07月02日 207 觀看次數

Dozens of fake wallet add-ons flood Firefox store to drain crypto

More than 40 fake extensions in Firefox’s official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data.

Bleeping Computer 2025年07月02日 219 觀看次數

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors.

The Hacker News 2025年07月02日 222 觀看次數

New FileFix attack runs JScript while bypassing Windows MoTW alerts

A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. [...]

Bleepingcomputer 2025年07月02日 229 觀看次數

Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks

A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft's ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. [...]

Bleepingcomputer 2025年06月26日 284 觀看次數