PSA.ngo

New BeatBanker Android malware poses as Starlink app to hijack devices A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store.

新型Android木马BeatBanker假冒“Starlink”应用被曝可劫持设备

BleepingComputer称，新型Android木马BeatBanker伪装为Starlink应用诱导安装并劫持设备。更多传播与技术细节尚未公开，事件仍在跟进。

📰 https://psa.ngo/news/beatbanker-android-malware-poses-as-starlink-app-hijack-devices/

HPE warns of critical AOS-CX flaw allowing admin password resets Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues.

HPE警示AOS-CX严重漏洞：或致管理员密码被重置

HPE警告AOS-CX存在严重漏洞，可能被利用重置管理员密码并导致设备被接管。公司建议用户关注官方通告并尽快采取缓解与加固措施。

📰 https://psa.ngo/news/hpe-aos-cx-critical-flaw-allows-admin-password-reset/

Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello.

Microsoft推Entra passkeys 为Windows登录加入抗钓鱼能力

BleepingComputer称，Microsoft通过Entra passkeys为Windows带来“phishing-resistant”登录，旨在降低凭据被诱骗风险。具体适配范围与启用方式尚待官方进一步说明。

📰 https://psa.ngo/news/microsoft-entra-passkeys-phishing-resistant-windows-sign-in/

New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic.

KadNap僵尸网络劫持ASUS路由器 扩张网络犯罪代理网络

BleepingComputer称，新型KadNap僵尸网络正在劫持ASUS路由器，以支撑网络犯罪代理基础设施。更多技术细节与处置建议尚待披露。

📰 https://psa.ngo/news/kadnap-botnet-hijacks-asus-routers-cybercrime-proxy-network/

CISA: Recently patched Ivanti EPM flaw now actively exploited CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.

CISA警示：Ivanti EPM新近修补漏洞遭在野利用

CISA警告Ivanti Endpoint Manager（EPM）一处刚修补的漏洞正被在野利用，敦促尽快打补丁并加强监测。目前公开细节有限，安全团队应同步收敛暴露面并审计可疑活动。

📰 https://psa.ngo/news/cisa-ivanti-epm-flaw-actively-exploited/

Microsoft to enable Windows hotpatch security updates by default Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security update.

Microsoft将于5月起默认启用Windows Hotpatch安全更新

BleepingComputer称，Microsoft将从5月起在Windows中默认启用Hotpatch安全更新，力图在多数情况下免重启完成修补以提高可用性。适用范围与管理细节仍待官方进一步说明。

📰 https://psa.ngo/news/microsoft-windows-default-hotpatch-security-updates-may/

Google: Cloud attacks exploit flaws more than weak credentials Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

Google称云端入侵更偏向利用漏洞而非弱口令

Google据报称，近期云端攻击更常通过利用漏洞与配置缺陷入侵，而非主要依赖弱口令或凭证泄露，提醒应优先修补与加固配置，同时维持凭证与MFA等基本防护。

📰 https://psa.ngo/news/google-cloud-attacks-exploit-flaws-rather-than-weak-credentials/

ShinyHunters claims ongoing Salesforce Aura data theft attacks Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances.

ShinyHunters称持续针对Salesforce Aura实施数据窃取

ShinyHunters声称正持续针对Salesforce Aura实施数据窃取，具体技术细节与影响范围尚未公开并有待独立验证。事件仍在发展中。

📰 https://psa.ngo/news/shinyhunters-salesforce-aura-data-theft-claims/

Chinese state hackers target telcos with new malware toolkit A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices.

外媒称疑似中国国家背景黑客以新恶意工具瞄准电信业

BleepingComputer称，疑似中国国家背景黑客以新恶意软件工具包针对电信运营商发起攻击。由于细节尚未公开，事件仍待更多权威信息佐证。

📰 https://psa.ngo/news/chinese-state-hackers-target-telcos-new-malware-toolkit/

Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing's AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware.

Bing AI被指引流至伪冒OpenClaw仓库 诱导下载信息窃取恶意软件

BleepingComputer称，Bing AI曾将用户引向伪冒的“OpenClaw”GitHub仓库，实为信息窃取恶意软件投递点。事件凸显AI推荐链条被滥用的风险，相关平台响应与处置进展仍待跟进。

📰 https://psa.ngo/news/bing-ai-promotes-fake-openclaw-github-repo-malware/

FBI investigates breach of surveillance and wiretap systems The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants.

FBI介入调查：监控与窃听平台疑遭入侵

BleepingComputer称FBI正在调查监控与窃听系统遭入侵一事。细节尚未公开，包括影响范围、具体平台与攻击者信息等。

📰 https://psa.ngo/news/fbi-probes-surveillance-wiretapping-breach/

Google says 90 zero-days were exploited in attacks last year Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances.

Google称去年有90个零日漏洞遭在野利用

Google称去年共有90个零日漏洞在野被利用，显示零日攻击风险仍然严峻。安全专家呼吁加快补丁部署与持续监测以降低风险。

📰 https://psa.ngo/news/google-says-90-zero-days-exploited-last-year/

Hacker mass-mails HungerRush extortion emails to restaurant patrons Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond.

黑客以HungerRush为幌子向餐厅顾客群发敲诈邮件

BleepingComputer称，一名黑客向餐厅顾客群发与HungerRush相关的敲诈邮件，试图通过恐吓牟利。事件的技术细节与影响范围尚未公开。

📰 https://psa.ngo/news/hungerrush-extortion-emails-restaurant-patrons/

Europol-coordinated action disrupts Tycoon2FA phishing platform An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month.

Europol协同行动打击“Tycoon2FA”网络钓鱼平台

Europol协调开展执法行动，打击名为Tycoon2FA的网络钓鱼平台，平台运作被干扰。更多执法细节与影响尚未披露。

📰 https://psa.ngo/news/europol-disrupts-tycoon2fa-phishing-platform/

Mississippi medical center reopens clinics hit by ransomware attack The University of Mississippi Medical Center (UMMC) says it has resumed normal operations, nine days after a ransomware attack blocked access to electronic medical records and took down many of its IT systems.

遭勒索软件打击后重启服务：Mississippi医疗中心逐步恢复多家诊所

BleepingComputer称，Mississippi一所医疗中心在遭勒索软件攻击后已重开多家诊所。有关攻击细节与数据风险情况尚未公开，后续进展待更新。

📰 https://psa.ngo/news/mississippi-medical-center-reopens-clinics-ransomware/

CISA flags VMware Aria Operations RCE flaw as exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.

CISA将VMware Aria Operations RCE列入“已被利用”清单，提示紧急防护

CISA将影响VMware Aria Operations的RCE漏洞列入Known Exploited Vulnerabilities目录，表明该缺陷已被用于实际攻击。尽管细节尚未公开，相关组织应加快修复并提升监测与防护。

📰 https://psa.ngo/news/cisa-flags-vmware-aria-operations-rce-exploited-attacks/

Microsoft: Hackers abuse OAuth error flows to spread malware Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages.

Microsoft警示：黑客滥用OAuth错误流程散播恶意软件

Microsoft称黑客正滥用OAuth错误处理流程引导受害者，进而投递并传播恶意软件；更多技术细节与影响面仍待披露。

📰 https://psa.ngo/news/microsoft-oauth-error-flows-abused-to-spread-malware/

Google Chrome shifts to two-week release cycle for increased stability Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently.

Chrome改为双周发布节奏，Google称有助提升稳定性

BleepingComputer称Google将把Chrome更新改为双周发布，目标是提升稳定性。具体实施时间和影响范围暂未公布。

📰 https://psa.ngo/news/google-chrome-two-week-release-cycle-stability/

LexisNexis confirms data breach as hackers leak stolen files American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information.

LexisNexis确认数据泄露 黑客公布疑似被盗文件

LexisNexis确认发生数据泄露，黑客已在网上发布疑似被盗文件。事件细节与影响范围尚未公开，更多信息有待官方更新。

📰 https://psa.ngo/news/lexisnexis-confirms-data-breach-hackers-leak-stolen-files/

How to know if your phone is hacked — and what to do next | Proton Your phone can be hacked just like your computer, but how can you tell? Find out how to know if your phone is compromised.

Proton发布手机被入侵识别与应对指南

Proton在博客发布由Kate Menzies撰写的指南，强调手机与电脑同样易受攻击，因承载通信、网购与金融操作而成为黑客“理想目标”，被入侵可能引发身份欺诈等风险。

📰 https://psa.ngo/news/proton-phone-hacked-guide/

Android gets patches for Qualcomm zero-day exploited in attacks Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component.

Android推送安全更新：修复已遭利用的Qualcomm零日漏洞

Google为Android发布安全补丁，修复一枚已在攻击中被利用的Qualcomm零日漏洞。具体技术细节与影响范围尚未披露，建议用户与企业尽快完成系统与安全补丁更新。

📰 https://psa.ngo/news/android-patches-qualcomm-zero-day-exploited-in-attacks/

CyberStrikeAI tool adopted by hackers for AI-powered attacks Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls.

黑客借助CyberStrikeAI发动AI驱动攻击 安全圈警戒升温

BleepingComputer称，黑客开始采用名为CyberStrikeAI的工具开展AI驱动攻击，安全圈对潜在滥用与防御挑战表示担忧。事件仍在发展，具体细节有待进一步披露。

📰 https://psa.ngo/news/hackers-adopt-cyberstrikeai-for-ai-powered-attacks/

Critical Juniper Networks PTX flaw allows full router takeover A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges.

Juniper Networks曝PTX关键漏洞 或致路由器遭完全接管

BleepingComputer称，Juniper Networks PTX设备曝出关键漏洞，可能使攻击者完全控制路由器，威胁电信与骨干网络安全。细节与修复信息尚未披露，建议相关方关注官方通告并评估风险。

📰 https://psa.ngo/news/juniper-networks-ptx-critical-flaw-router-takeover/

Olympique Marseille confirms 'attempted' cyberattack after data leak French professional football club Olympique de Marseille has confirmed a cyberattack after a threat actor claimed on Monday that it breached the club's systems earlier this month.

Olympique Marseille称遭遇未遂网络入侵，疑与数据泄露相关

Olympique Marseille确认在相关数据泄露出现后遭遇一次“未遂”网络攻击，事件正在调查中，具体影响与细节尚未公布。

📰 https://psa.ngo/news/olympique-marseille-attempted-cyberattack-data-leak-confirmed/

UK fines Reddit $19 million for using children’s data unlawfully The UK Information Commissioner's Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for collecting and using the personal information of children under 13 without adequate safeguards.

英国因违法使用儿童数据对Reddit开出约1900万美元罚单

英国监管机构据报以“非法使用儿童数据”为由对Reddit罚款约1900万美元，凸显平台在未成年用户数据合规上的风险与压力。更多具体违规细节尚未披露。

📰 https://psa.ngo/news/uk-fines-reddit-19-million-child-data/

Critical SolarWinds Serv-U flaws offer root access to servers SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers.

SolarWinds Serv-U曝严重漏洞 或致服务器被提权至root

BleepingComputer称，SolarWinds Serv-U被曝存在可被远程利用并提升至root/系统级权限的严重漏洞。具体CVE与修复信息尚未披露，建议管理员立即关注官方通告并加固与更新。

📰 https://psa.ngo/news/solarwinds-serv-u-critical-flaws-root-access-servers/

ShinyHunters extortion gang claims Odido breach affecting millions The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems.

ShinyHunters声称攻破Odido 或波及数百万用户数据

ShinyHunters声称入侵电信公司Odido，称或影响数百万用户，但目前尚未获得独立证实，更多技术细节与官方回应仍待公布。

📰 https://psa.ngo/news/shinyhunters-claims-odido-breach-affecting-millions/

North Korean Lazarus group linked to Medusa ransomware attacks North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware.

报告称North Korean Lazarus被指与Medusa勒索攻击有关联

BleepingComputer称，North Korean Lazarus被指与Medusa勒索软件攻击存在关联。公开信息尚未披露更具体的技术细节与影响范围，归因仍待核实。

📰 https://psa.ngo/news/north-korean-lazarus-medusa-ransomware-link/

Android mental health apps with 14.7M installs filled with security flaws Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information.

多款Android心理健康应用被指存严重安全隐患 下载量约1470万

多款Android心理健康应用被曝存在严重安全隐患，累计安装约1470万次。具体漏洞细节与修复进展尚未公开，事件可能对敏感隐私数据构成风险。

📰 https://psa.ngo/news/android-mental-health-apps-14-7m-installs-security-flaws/

Spain arrests suspected hacktivists for DDoSing govt sites Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and various public institutions.

西班牙拘捕疑似Anonymous Fenix黑客激进分子 涉对政府网站发起DDoS

BleepingComputer称，西班牙警方抓捕多名疑似与Anonymous Fenix相关的黑客激进分子，指控与针对政府网站的DDoS攻击有关。更多细节尚未公布，调查仍在推进。

📰 https://psa.ngo/news/spain-arrests-suspected-hacktivists-for-ddosing-govt-sites/