相關新聞 | HKCERT

AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

Adversaries looking to ride the DeepSeek interest wave are taking advantage of developers in a rush to deploy the new technology, by using AI-generated malware against them.

Dark Reading 2025年02月04日 374 觀看次數

Microsoft Sets End Date for Defender VPN

Though Windows, iOS, and macOS users won't need to make any changes, Android users are advised to remove their Defender VPN profiles.

Dark Reading 2025年02月04日 379 觀看次數

Hackers exploit critical unpatched flaw in Zyxel CPE devices

Hackers are exploiting a critical command injection vulnerability in Zyxel CPE Series devices that is currently tracked as CVE-2024-40891 and remains unpatched since last July.

Bleeping Computer 2025年02月03日 276 觀看次數

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.

The Hacker News 2025年02月03日 288 觀看次數

New Syncjacking attack hijacks devices using Chrome extensions

A new attack called 'Browser Syncjacking' demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim's device.

Bleeping Computer 2025年02月03日 293 觀看次數

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials.

The Hacker News 2025年01月28日 370 觀看次數

Hackers steal $85 million worth of cryptocurrency from Phemex

The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency.

Bleeping Computer 2025年01月28日 293 觀看次數

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected. [...]

Bleepingcomputer 2025年01月26日 288 觀看次數

PayPal to pay $2 million settlement over 2022 data breach

New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. [...]

Bleepingcomputer 2025年01月25日 417 觀看次數

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug

No in-the-wild exploits … yet Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices.…

The Register 2025年01月24日 353 觀看次數