相關新聞 | HKCERT

WooCommerce admins targeted by fake security patches that hijack sites

A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site. [...]

Bleepingcomputer 2025年04月26日 235 觀看次數

NFC-Powered Android Malware Enables Instant Cash-Outs

Researchers at security vendor Cleafy detailed a malware known as "SuperCard X" that uses the NFC reader on a victim's own phone to steal credit card funds instantly.

Dark Reading 2025年04月25日 228 觀看次數

Hackers abuse Zoom remote control feature for crypto-theft attacks

A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. [...]

Bleepingcomputer 2025年04月23日 365 觀看次數

ASUS Urges Users to Patch AiCloud Router Vuln Immediately

The vulnerability is only found in the vendor's router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.

Dark Reading 2025年04月22日 280 觀看次數

State-sponsored hackers embrace ClickFix social engineering tactic

ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. [...]

Bleepingcomputer 2025年04月20日 181 觀看次數

Widespread Microsoft Entra lockouts tied to new security feature rollout

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. [...]

Bleepingcomputer 2025年04月20日 195 觀看次數

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]

Bleepingcomputer 2025年04月19日 233 觀看次數

FBI: Scammers pose as FBI IC3 employees to 'help' recover lost funds

The FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other scammers. [...]

Bleepingcomputer 2025年04月19日 170 觀看次數

New Android malware steals your credit cards for NFC relay attacks

A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. [...]

Bleepingcomputer 2025年04月19日 194 觀看次數

SonicWall SMA VPN devices targeted in attacks since January

A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. [...]

Bleepingcomputer 2025年04月18日 181 觀看次數