Telegram客户端Telega将流量路由至俄罗斯中间人攻击基础设施
分析发现,Telegram第三方安卓客户端Telega存在中间人攻击(MitM)风险,其通信流量被路由至俄罗斯境内的中间人基础设施。这一发现引发了对用户隐私与数据安全的严重担忧,提示用户应警惕非官方Telegram客户端潜在的流量劫持威胁。
相关报道
A security researcher discovered that IPv6's massive address space combined with a botguard bypass could expose any Google user's phone number. The vulnerability allowed attackers to potentially leak phone numbers through systematic enumeration of IPv6 addresses.
A security vulnerability allowed attackers to obtain any Google user's phone number by exploiting IPv6's address space and bypassing botguard protections. The flaw exposed phone numbers through rate limit manipulation and infrastructure weaknesses.
DDoSecrets has released 410 GB of heap dump data obtained from a hack of TeleMessage's archive server. The data includes information from the company's customers, which reportedly include law enforcement agencies and financial institutions.
A new phishing-as-a-service called Starkiller uses disguised links to load real login pages from target brands. It acts as a relay between victims and legitimate sites, forwarding usernames, passwords, and MFA codes to bypass security measures.
TeleMessage's customer list includes DC Police, Andreessen Horowitz, JP Morgan, and hundreds of other organizations, according to analysis of 410 GB of Java heap dumps from the company's archive server.