漏洞 Vulnerability Windows TokenMagic 权限提升漏洞 msf 利用代码公开 https://packetstormsecurity.com/files/162605/Microsoft-Windows-TokenMagic-Privilege-Escalation.html rxvt/rxvt-unicode 本地命令执行漏洞 https://packetstormsecurity.com/files/162621/rxvt-2.7.0-rxvt-unicode-9.22-Code-Execution.html 安全事件 Security Incident 一路向北：Konni APT组织以“朝鲜局势”相关主题为诱饵对俄进行持续定向攻击活动 https://mp.weixin.qq.com/s/DDLLGwumDATr4fRsYtYjQw APT组织白皮书—来自黎巴嫩的Volatile Cedar https://mp.weixin.qq.com/s/vJ9AF-dOnmvkq-lY5G7-Vw “Operation Magichm” 浅谈蔓灵花组织的CHM文件投放与后续操作 https://mp.weixin.qq.com/s/adVxC5CgfHoI8_2dKmUGKw Codecov黑客获得了Monday.com源代码的访问权限 https://www.bleepingcomputer.com/news/security/codecov-hackers-gained-access-to-mondaycom-source-code/ 仅仅9个月，Darkside勒索软件团伙获利9000万美元 https://www.zdnet.com/article/after-just-9-months-darkside-ransomware-gang-brings-in-90-million-in-bitcoin/ Magecart Skimming战术演变 https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/