Aggregator

前言上文中我们讲述了直接系统调用技术，它可以不使用ntdll中的Syscall（系统调用）指令，自己在代码中实现、用以绕过针对ntdll中函数的hook，特点是Syscall指令在程序自身的内存空间中，而不是ntdll的内存空间中，由此，AV/EDR也有了相应的检测机制，如果发现Syscall指令不在ntdll内存空间中，则将其视为可疑的IoC，攻击者为了消除这个IoC，间接系统调用技术在此背景下

The newly released OpenAI Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. "The omnibox (combined address/search bar) interprets input either as a URL to navigate to, or as a natural-language command to the agent," NeuralTrust said in a report published Friday

加密算法逆向分析

本文主要讨论了CodeQL在Java项目通过自定义isBarrier规则来净化某些数据类型，从而减少误报。 还介绍了提取Spring框架中Controller方法的URL路径。

用友U8 Cloud NCCloudGatewayServlet接口任意文件上传漏洞分析

ntdll kernel32 模块基址获取新思路

A vulnerability labeled as problematic has been found in Nick Diego Blox Lite Plugin up to 1.2.8 on WordPress. Impacted is an unknown function. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-62940. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as critical has been detected in Apiki GoCache Plugin up to 1.3.6 on WordPress. This issue affects some unknown processing. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-62966. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as problematic has been discovered in Konstantin Pankratov Date Counter Plugin up to 2.0.3 on WordPress. This vulnerability affects unknown code. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-62948. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in wpseek Admin Management Xtended Plugin up to 2.5.1 on WordPress. It has been rated as critical. This affects an unknown part. Performing manipulation results in missing authorization. This vulnerability is reported as CVE-2025-62965. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in tempranova WP Mapbox GL JS Maps Plugin up to 3.0.1 on WordPress. It has been declared as problematic. Affected by this issue is some unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-62942. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in RealMag777 MDTF Plugin up to 1.3.4 on WordPress. It has been classified as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-62964. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in videowhisper Paid Videochat Turnkey Site Plugin up to 7.3.22 on WordPress and classified as critical. Affected is an unknown function. The manipulation results in code injection. This vulnerability is cataloged as CVE-2025-62959. The attack may be launched remotely. There is no exploit available.

目前还没有证据表明 AI 能显著提高生产力，然而今天企业大幅裁员时通常会把 AI 作为借口。Oxford Internet Institute 的 AI 和工作助理教授 Fabian Stephany 怀疑裁员与新技术带来的效率提升相关，企业只是将 AI 作为裁员的借口。Stephany 表示，企业以此将自己定位在 AI 技术的前沿，展现创新性和竞争力，同时掩盖裁员的真实原因。很多企业在新冠疫情期间招聘了太多员工，近期的裁员可能只是一种“市场清理”。Jean-Christophe Bouglé 在一篇热门的 LinkedIn 帖子中表示，AI 普及速度比宣称的慢得多，大型企业中 AI 进展缓慢，甚至会由于成本或安全问题而推迟部署 AI 项目。在很多国家经济放缓的背景下，企业以 AI 为借口推行大规模裁员。

A vulnerability has been found in aviplugins Custom Post Type Attachment Plugin up to 3.4.6 on WordPress and classified as problematic. This impacts an unknown function. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-62907. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Ben Huson WP Geo Plugin up to 3.5.1 on WordPress. This affects an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-62904. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in Joe Open Currency Converter Plugin up to 1.5.0 on WordPress. The impacted element is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-62939. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic was found in Johnny Post List Featured Image Plugin up to 0.5.9 on WordPress. The affected element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-62937. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in RomanCode MapSVG Plugin up to 8.7.15 on WordPress. Impacted is an unknown function. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-62930. It is possible to initiate the attack remotely. There is no exploit available.

在社会工程学（社工）钓鱼攻击中，通过视觉欺骗“伪造”文件名称后缀是一种常见的手法，其主要目的是误导受害者，让他们误以为文件是安全无害的，从而点击打开或执行该文件。这种技术利用了人们对文件类型和扩展名的信任，以及对特定格式文件的熟悉度来掩盖恶意内容的真实性质。