相關新聞
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks.
The Hacker News
2024年02月28日 210 觀看次數
8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization.
Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least...
The Hacker News
2024年02月26日 196 觀看次數
LockBit ransomware returns, restores servers after police disruption
The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. [...]
Bleepingcomputer
2024年02月26日 226 觀看次數
![](https://www.bleepstatic.com/content/hl-images/2024/02/22/LockBit_headpic.jpg)
North Korean Hackers Targeting Developers with Malicious npm Packages
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show.
The packages are named execution-time-async, data-time-utils, login...
The Hacker News
2024年02月26日 183 觀看次數
Ransomware associated with LockBit still spreading 2 days after server takedown
Two days after an international team of authorities struck a major blow at LockBit, one of the Internet’s most prolific ransomware syndicates, researchers have detected a new round of attacks that are installing malware associated with the group. [...]
Ars Technica
2024年02月23日 223 觀看次數
![](https://cdn.arstechnica.net/wp-content/uploads/2020/10/malware-760x380.jpg)
ScreenConnect critical bug now under attack as exploit code emerges
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
Bleeping Computer
2024年02月22日 196 觀看次數
![](https://www.bleepstatic.com/content/hl-images/2024/02/21/0_connect-logo.jpg)
VMware urges admins to remove deprecated, vulnerable auth plug-in
VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.
Bleeping Computer
2024年02月22日 177 觀看次數
![](https://www.bleepstatic.com/content/hl-images/2023/10/25/VMware.jpg)
'KeyTrap' DNS Bug Threatens Widespread Internet Outages
Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.
Dark Reading
2024年02月21日 196 觀看次數
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt12f57b835a9414d0/65d4d66a61c51f040ab24ae1/access_server_Makym_Klimov_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)
ConnectWise urges ScreenConnect admins to patch critical RCE flaw
ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks. [...]
Bleepingcomputer
2024年02月21日 168 觀看次數
![](https://www.bleepstatic.com/content/hl-images/2023/09/12/hacker-staring.jpg)
Joomla XSS Bugs Open Millions of Websites to RCE
Improper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726.
Dark Reading
2024年02月21日 185 觀看次數
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt8c1843034f5ea9b9/65d4fbb0386bbc040b832d1e/joomla-Jorge_Pérez-Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)