阿卜杜拉国王科技大学|Tao Ni 招生信息
最早可2026年秋季入学
Aggregator
Critical Argo CD API Vulnerability Exposes Repository Credentials
1 week ago
A critical vulnerability has been discovered in Argo CD that allows API tokens with limited permissions to access sensitive repository credentials. The flaw in the project details API endpoint exposes usernames and passwords, undermining the platform’s security model by granting access to secrets without explicit permissions. The vulnerability stems from an improper authorization check in […]
The post Critical Argo CD API Vulnerability Exposes Repository Credentials appeared first on Cyber Security News.
Guru Baran
Kill
1 week ago
You must login to view this content
cohenido
Kill
1 week ago
You must login to view this content
cohenido
Генетические кентавры: Ученые скрестили античную мифологию с CRISPR-технологиями
1 week ago
CRISPR превратил обычных лошадей в генетических мутантов.
“GPUGate” Malware Abuses Google Ads and GitHub to Deliver Advanced Malware Payload
1 week ago
A sophisticated malware campaign, dubbed “GPUGate,” abuses Google Ads and GitHub’s repository structure to trick users into downloading malicious software. The Arctic Wolf Cybersecurity Operations Center, the attack chain uses a novel technique to evade security analysis by leveraging a computer’s Graphics Processing Unit (GPU). The campaign appears to be the work of a Russian-speaking […]
The post “GPUGate” Malware Abuses Google Ads and GitHub to Deliver Advanced Malware Payload appeared first on Cyber Security News.
Guru Baran
使用Volatility检测Linux Rootkit技术原理分析
1 week ago
使用Volatility检测Linux Rootkit技术原理分析
3个月直通大厂高新岗位!全程实战案例解析,掌握高危漏洞攻防技巧
1 week ago
零基础学员必看!代码审计全链路实战
记录一款Unity il2cpp lua手游的逆向全过程
1 week ago
看雪论坛作者ID:G33k3r
记录一款Unity il2cpp lua手游的逆向全过程
1 week ago
当前环境出现异常,需完成验证后方可继续访问。
3个月直通大厂高新岗位!全程实战案例解析,掌握高危漏洞攻防技巧
1 week ago
环境异常提示用户需完成验证后才能继续访问,并提供验证按钮。
MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel
1 week ago
MeetC2 是一个基于 Google Calendar API 的 C2 框架 PoC,用于模拟云滥用攻击,帮助团队测试检测、日志记录和响应能力。通过创建隐藏的通信通道,将命令嵌入日历事件中执行,并更新事件以返回输出。框架支持跨平台运行,并提供详细的设置和使用指南。
MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel
1 week ago
MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response. Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept (PoC) to study and demonstrate those techniques in a controlled way, emulating those tactics so red and blue teams […]
Pierluigi Paganini
小白如何根据1day挖出RCE 0day?
1 week ago
You Can Use Screen Time To Protect Your iPhone From Thieves: Here's How
1 week ago
The Markup是一家专注于通过数据驱动的新闻报道推动技术问责和隐私保护的非营利组织。
CVE-2025-0081 | Google Android 12/12L/13/14/15 dng_lossless_jpeg.cpp HuffDecode denial of service (WID-SEC-2025-0477)
1 week ago
A vulnerability categorized as problematic has been discovered in Google Android 12/12L/13/14/15. Affected is the function dng_lossless_decoder::HuffDecode of the file dng_lossless_jpeg.cpp. Such manipulation leads to denial of service.
This vulnerability is listed as CVE-2025-0081. The attack may be performed from remote. There is no available exploit.
It is best practice to apply a patch to resolve this issue.
vuldb.com
CVE-2025-0078 | Google Android 12/12L/13/14/15 SELinux main.cpp main access control (WID-SEC-2025-0477)
1 week ago
A vulnerability marked as critical has been reported in Google Android 12/12L/13/14/15. This affects the function main of the file main.cpp of the component SELinux. The manipulation leads to improper access controls.
This vulnerability is documented as CVE-2025-0078. The attack needs to be performed locally. There is not any exploit available.
It is suggested to install a patch to address this issue.
vuldb.com
CVE-2025-0079 | Google Android 12/12L/13/14/15 avdtp/avctp unnecessary privileges (WID-SEC-2025-0477)
1 week ago
A vulnerability categorized as problematic has been discovered in Google Android 12/12L/13/14/15. This affects an unknown part of the component avdtp/avctp. Executing manipulation can lead to execution with unnecessary privileges.
This vulnerability is tracked as CVE-2025-0079. The attack is restricted to local execution. No exploit exists.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2025-0080 | Google Android 15 ui layer (WID-SEC-2025-0477)
1 week ago
A vulnerability identified as problematic has been detected in Google Android 15. This vulnerability affects unknown code. The manipulation leads to improper restriction of rendered ui layers.
This vulnerability is listed as CVE-2025-0080. The attack must be carried out locally. There is no available exploit.
Applying a patch is the recommended action to fix this issue.
vuldb.com
CVE-2024-53025 | Qualcomm Snapdragon Auto FastConnect 7800 up to WSA8845 UCI Command integer overflow (WID-SEC-2025-0477)
1 week ago
A vulnerability, which was classified as problematic, has been found in Qualcomm Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon MC and Snapdragon Mobile. The impacted element is an unknown function of the component UCI Command Handler. Performing manipulation results in integer overflow.
This vulnerability was named CVE-2024-53025. The attack needs to be approached locally. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com