The Hacker News

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Researchers uncovered a CrashFix campaign where a fake Chrome ad blocker crashes browsers to trick users into installing the ...

INC ransomware opsec fail allowed data recovery for 12 US orgs

An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S.
WinBuzzer

Hackers Breach Fortune 500 Companies Exploiting Security Testing Apps

Cybersecurity researchers from Pentera have discovered 1,926 vulnerable security training applications exposed online, with ...
XDA Developers on MSN

This Docker container notifies me when unknown devices connect to my Wi-Fi

Stay alert ...

“MFA已过时?”Tycoon 2FA钓鱼套件掀起会话劫持风暴,全球超6万账户沦陷

2025年10月,一家位于波士顿的医疗科技公司遭遇一场“教科书式”的网络攻击。攻击者并未暴力破解密码,也没有利用零日漏洞,而是通过一封看似普通的会议邀请邮件,附带一个名为“Q3_Investor_Briefing.html”的附件。财务总监Sarah点击后,浏览器跳转至一个与Microsoft 365登录页几乎无法区分的页面。她输入账号密码,随后手机收到一条来自微软的验证码短信——她照常输入。 几 ...

一场“精准钓鱼”风暴:Ledger用户遭仿冒并购邮件攻击,供应链数据 ...

2026年1月初,全球加密货币安全生态迎来一次令人警醒的事件:硬件钱包巨头Ledger的部分用户在第三方电商合作伙伴Global-e发生数据泄露后,遭遇了高度定制化的网络钓鱼攻击。这些攻击并非传统意义上的广撒网式垃圾邮件,而是利用真实订单信息、姓名、 ...