相關新聞 | HKCERT

Viral Moltbot AI assistant raises concerns over data security

Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation history, and credentials...

Bleepingcomputer 2026年01月29日 165 觀看次數

There's a rash of scam spam coming from a real Microsoft address

Abusing Microsoft's reputation may make scam harder to spot.

Ars Technica 2026年01月28日 142 觀看次數

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of...

The Hacker News 2026年01月27日 316 觀看次數

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks...

Bleepingcomputer 2026年01月27日 205 觀看次數

Crims hit the easy button for Scattered-Spider style helpdesk scams

Teach a crook to phish… Criminals can more easily pull off social engineering scams and other forms of identity fraud thanks to custom voice-phishing kits being sold on dark web forums and messaging platforms.…

The Register 2026年01月23日 142 觀看次數

New Android malware uses AI to click on hidden browser ads

A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. [...]

Bleepingcomputer 2026年01月22日 209 觀看次數

Threat Actors Weaponizing Visual Studio Code to Deploy a Multistage Malware

Threat actors are turning Visual Studio Code into an attack platform, using its rich extension ecosystem to slip multistage malware into developer workstations. The latest campaign, dubbed Evelyn Stealer, hides behind a malicious extension that delivers a stealthy information stealing tool in several carefully staged steps...

Cyber Security News 2026年01月20日 170 觀看次數

Credential-stealing Chrome extensions target enterprise HR platforms

Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents...

Bleepingcomputer 2026年01月18日 182 觀看次數

Google Chrome now lets you turn off on-device AI model powering scam detection

Google Chrome now lets you delete the local AI models that power the "Enhanced Protection" feature, which was upgraded with AI capabilities last year...

Bleepingcomputer 2026年01月18日 182 觀看次數

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security company...

The Hacker News 2026年01月16日 286 觀看次數