相關新聞 | HKCERT

Beware: PayPal "New Address" feature abused to send phishing emails

An ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers [...]

Bleepingcomputer 2025年02月23日 484 觀看次數

Apiiro unveils free scanner to detect malicious code merges

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. [...]

Bleepingcomputer 2025年02月21日 410 觀看次數

Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes

Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the...

The Hacker News 2025年02月20日 281 觀看次數

New FrigidStealer infostealer infects Macs via fake browser updates

The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer. [...]

Bleepingcomputer 2025年02月20日 341 觀看次數

Xerox Printer Vulnerabilities Enable Credential Capture

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.

Dark Reading 2025年02月19日 294 觀看次數

Microsoft spots XCSSET macOS malware variant used for crypto theft

A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app. [...]

Bleepingcomputer 2025年02月18日 281 觀看次數

Google Chrome's AI-powered security feature rolls out to everyone

Google Chrome has updated the existing "Enhanced protection" feature with AI to offer "real-time" protection against dangerous websites, downloads and extensions.

Bleeping Computer 2025年02月17日 256 觀看次數

Microsoft: Hackers steal emails in device code phishing attacks

An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing.

Bleeping Computer 2025年02月17日 468 觀看次數

This open text-to-speech model needs just seconds of audio to clone your voice

El Reg shows you how to run Zyphra's speech-replicating AI on your own box Hands on Palo Alto-based AI startup Zyphra unveiled a pair of open text-to-speech (TTS) models this week said to be capable of...

The Register 2025年02月17日 262 觀看次數

Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps

PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Infosec In Brief A security researcher has found that Google could leak the email addresses of YouTube channels, which wasn’t good because the search and ads giant...

The Register 2025年02月17日 195 觀看次數